I want to make use of websockets in my Yesod application. If my understanding of the websockets package is correct, this means I will need to define a ServerApp, which is a function PendingConnection -> IO ()
for how to handle connection requests, and then plug it into my application using the settingsIntercept field of my Warp settings. How can I make the handling dependent on Yesod's authentication? For example, if I wanted to reject connections except from clients who are logged in as authorized users, how can I detect the currently logged-in user? Since we aren't working in a Handler monad, it seems like we don't have a way to call functions like maybeAuthId
. Is the only alternative to manually look through the headers of the connection request?
To secure your messages, use WebSockets over SSL/TLS (wss:// instead of ws://). Don't roll your own crypto. Concerning authentication. The big difference between HTTP and WebSockets is that HTTP is a stateless protocol and WebSockets is not.
WebSockets are used to provide a connection between a client and a server so that both parties can send data at any time. The client uses a process known as the WebSocket handshake, which helps establish a connection between the server and the client.
A WebSocket frame can be one of 6 types: text , binary , ping , pong , close and continuation . Furthermore, every frame is either a fin frame or not. The first byte of each frame is used to represent the type of frame (known as the op code) as well as whether or not it's a fin frame.
Wether you use websockets or not you still have to use sessions to recognize/authorize clients on server side.
Websockets could replace your api routes but cant replace your server middleware.
And of course, things like authorization and middleware is something you handle once the client is trying any HTTP Verb on your server (get, post ...), once the websocket is up there is no more middleware running and the client should already have an identificated session if he already logged in, and that session is what you need to use each time the client asks the server for more data through the websocket.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With