WS connection based context/session data

[petslane]

Is there some way to have authentication mechanism or have session data based on ws connection?

Basically I would like to register methods that are usable anonymously (eg. login) and methods that require authenticated connection (eg. getPermissions). So on client connect, when calling getPermissions I would get some error, but calling it after successful login, I would get my data.

This use-case could be achieved by passing socket (<ws.WebSocket>) to registered method handler as second argument. Then registered methods can set and check custom properties.

Currently only way to achieved this is to return some token with login and require it on getPermissions. But because ws connections are not shared, then if feels strange to pass some session tokens to methods.

[mkozjak]

@petslane: this feature is not available at this time. It's clearly an interesting use-case and it might be implemented without much difficulty.

ws' connection event has all sufficient parameters to handle login data such as cookies, etc., so it might be handled on server-side to mark the connection as logged in or anonymous.

We could introduce a special protected method _login or such where you'd be able to provide your own authentication middleware. You'd also be able to register rpc methods as "private" that could only be called when authenticated.

Care to do a PR, maybe?

[mkozjak]

@petslane: Care to test this feature? It should be ready. Please check the PR.

[mkozjak]

This feature is now available in version 4.6.1.