is there any way to set "allowed_origins" for pusher service
https://pusher.com
Now anyone that know my "app_key" can connect to my socket server in pusher.com "app_key" is in socket request address in the browser console so its not secure !
That wouldn't make it more secure. It's probably why Pusher doesn't have a feature like that. A malicious actor could still easily send arbitrary header from any server and subscribe to a channel.
If you are concerned about who can subscribe to a channel (e.g., you are broadcasting sensitive messages), you must use private channels.
Related
I am trying to create a chat messaging application, which has text functionality. Right now, when a user sends an SMS message from their phone to a Twilio service number, there is a Twilio webhook which redirects to an endpoint in my backend server: sending HTTP POST request.
However, since it is a chat messaging application, I need the Twilio webhook to establish a Websocket connection (upgrading over HTTP) to my backend server, so that it can send websocket events back to my client.
Is there a way to establish a websocket connection using Twilio webhooks, or even Twilio functions? I can't find any resources online to solve this issue.
I tried Twilio Webhooks, and Twilio Functions, it hasn't worked so far.
WebSockets won't help you in this situation, as the webhook timeout limit is 15 seconds. This means you either need to return a TwiML response within 15 seconds or the request will fail.
It sounds like you want to build a stateful WebSocket connection instead of the stateless API callback. To achieve a stateful session, you either need to handle the state management over multiple incoming messages on your own, or you can use a Studio Flow which comes with state management baked in.
I would like to know the best way to store the websocket client id or connection in Redis. I am not building a chat app so I do not need to broadcast but send messages to specific websockets.
Need help.
I have several dealers connecting to one Router socket. The dealers send data asynchronously and the Router gathers/processes the data.
What I need to do is find a way to know when a dealer has stopped sending data/disconnected from the router socket.
I build a map of all the connection identities.
I have a monitor connected the the router port and I receive notifications for connects/disconnects.
The problem is I can't find a way to identify which dealer the monitor notifications are for. The notifications only give me a FD which is of little use.
Is there a way to map between notifications and connection IDs?
If not mistaken, the zeroMq allows you to determine only the fact of connection/disconnection.
In my opinion, a good solution would be something like this: when the notification is received, ROUTER must send to all connected dealers a heartbeat message with a timeout and the one who did not respond - disconnected.
Right now I'm using socket.io with mandatory websockets as the transport. I'm thinking about moving to raw websockets but I'm not clear on what functionality I will lose moving off of socket.io. Thanks for any guidance.
The socket.io library adds the following features beyond standard webSockets:
Automatic selection of long polling vs. webSocket if the browser does not support webSockets or if the network path has a proxy/firewall that blocks webSockets.
Automatic client reconnection if the connection goes down (even if the server restarts).
Automatic detection of a dead connection (by using regular pings to detect a non-functioning connection)
Message passing scheme with automatic conversion to/from JSON.
The server-side concept of rooms where it's easy to communicate with a group of connected users.
The notion of connecting to a namespace on the server rather than just connecting to the server. This can be used for a variety of different capabilities, but I use it to tell the server what types of information I want to subscribe to. It's like connection to a particular channel.
Server-side data structures that automatically keep track of all connected clients so you can enumerate them at any time.
Middleware architecture built-in to the socket.io library that can be used to implement things like authentication with access to cookies from the original connection.
Automatic storage of the cookies and other headers present on the connection when it was first connected (very useful for identifying what user is connected).
Server-side broadcast capabilities to send a common message to either to all connected clients, all clients in a room or all clients in a namespace.
Tagging of every message with a message name and routing of message names into an eventEmitter so you listen for incoming messages by listening on an eventEmitter for the desired message name.
The ability for either client or server to send a message and then wait for a response to that specific message (a reply feature or request/response model).
Pusher service works as illustrated here:
Does it make sense to use it in reverse direction (and switched data channels)? My use case is as follows:
end users (actually mobile, not browser) send messages to Pusher via HTTP-based REST API
my firewalled machine is connected to Pusher via WebSockets API, subscribes channel and receives messages in realtime
This way I can work with Sandbox plan (only 1 persistent connection is used) but mobile app must contain Puser app key.
From what I understand, anyone can use this key to register subscribe same message stream via websockets. Is there a reverse mode, where receiving messages requires knowing the secret? Maybe other service would suit better?
A more secure solution would be for the mobile clients to use client events. Client events can only be triggered on private channels where the subscription to the channel has to be authenticated.The authentication requests should got to an HTTP endpoint that you control so that you can validate the subscription request.
You firewalled machine can either then have a WebSocket connection and receive the client events over that connection. Or it could receive the client events via client event WebHooks if it exposes an HTTP endpoint.