[Feature request] Access control on "everyone" #162

Closed
vicary opened this Issue Dec 7, 2011 · 6 comments

Projects

None yet

2 participants

@vicary
vicary commented Dec 7, 2011

When you said everyone, the "partial" of everyone instantly come up in my head.

In big projects, writing the access control logic right inside the "everyone" namespace would be quite a waste of process power. In fact, it would be good enough to have a client-specific interface or namespace content.

Says after an initial authentication, the server will then assign a set of accessible interface to that specific client but not "everyone".

Would it be a good approach? Or I just misunderstood the whole idea?

@PhilWaldmann

I think you'll just need different groups.
Put the authentication mechanims on everyone.now and all the other methods on users.now (or what ever groupname you prefer). After successful authentication just add the group users to the current user.

@vicary
vicary commented Dec 7, 2011

I read about clientId on the API doc, it seems the connect event is the only way to acquire the user's clientId.

That extends the question a bit further,

  1. Is it safe to share this clientId to the http server as session id?
  2. If not, can I somewhat associate the http session id (say, from express middleware) with the now connection?
  3. What will happen if I call a function in the context of a group, but the now namespace of a specific user doesn't owns one?

Sorry for my clumsy English.

@PhilWaldmann

everytime the client calls a method on the server via nowjs you'll have access to the clientId via this.user.clientId

All cookies are stored inside this.user.cookie, so you should be able to identify a user.
I don't know if it's good to store the clientId in the session, because on every page reload nowjs reconnects and the clientId changes...

As far as I know, if one client of a group has a method, you could call it on the server side. All clients without that method won't get a message!

@vicary
vicary commented Dec 9, 2011

Thanks for the answers!

A bit of off topic thing.

The usability of nowjs is somewhat limited to real-time sessions like chatrooms and games.

I am seeking a way to broaden it into a general purpose web framework, maybe pairing the client session with xhr polling instead of a net server will be more practical?

If that is not in the @Flotype road map, I may start a middleware project. ;)

@PhilWaldmann

NowJs is a great thing, but only a small part of the game ;)

@vicary
vicary commented Dec 10, 2011

True enough, nice discussing with you. I'm closing this issue. =)

@vicary vicary closed this Dec 10, 2011
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment