I am setting up an application with realtime events using nchan (https://github.com/slact/nchan). The application itself is built on the Laravel framework. However, for now everyone that subscripes to specific sub-channel will get new events as soon infomation is pushed to the corresponing pub-channel.
I want to limit that so only logged in users should be able to subscribe to events. Hence, if I am not logged in, it should not be possible to create a websocket and listen for events from for example http://www.example.com/chat/pubchat?id=some_id.
Is there any way to make this possible?
As far as I know, I cannot use Nginx/Nchan to make database queries to get only logged on users that way. And Laravel itself cannot limit subscribers since that is handled by Nginx/Nchan (but on the other side, can make database queries).
Thanks for any tips!
EDIT: Seems that I might can use the Drizzle module (https://github.com/openresty/drizzle-nginx-module) and use the session ID as identifier. So if that ID is not present in the session table the connection will be blocked.
Related
I am building a web service for mobile application by Laravel 5.8. I need to get the location of online users, search on some properties and send a notification to them.
The problem is I can't find out if a user is online. My solution was to keep pushing/receiving a message to applications every 10 seconds once they get connected for the first time. Clearly this approach has a huge overload on the server and is not practical.
I would be appreciated for any help.
Thanks in advance.
Sounds like you may make use of Real-time connections such as Pusher
You would need presence channels to see who is online in JS, it works more client to client rather than the Laravel server knowing who is online.
You subscribe users to a channel and then you can see who else is on that channel.
https://laravel.com/docs/5.8/broadcasting#presence-channels
Why not make a column to your user table namely 'is_online' ? So every time the user logged in set this field to true ? and when they are logged out or inactive for a specific of time you will set it to false ?
I made a laravel app which uses an index method that delivers a collection of the client's available appointments (think hairdresser) to the page (as an api), which I then display using vue/vuetify.
The client is saying they would like the appointments on the page to be dynamic/live eg if someone books an appointment, then all other logged in users will see that appointment disappear from the list on their screen.
I have no idea how I would do this, although I have had one idea - I somehow incorporate node/non-blocking on the server, like a chat room, but only for this part of the app.
Or is there a way to do this with laravel/nginx?
Thanks in advance - I don't know what to search for!
I believe you are looking for Broadcasting (Documentation Link). You would need to:
Configure your broadcasting driver (you could give pusher a try for quick setup and tinkering)
Configure your Laravel backend to dispatch a new event whenever a new appointment is made, (e.g. event(new AppointmentCreated($appointment)) where AppointmentCreated implements the ShouldBroadcast interface. You can combine this with Model Events
Update your frontend to receive your broadcast (Check Laravel Echo). Once you receive a broadcast, update the UI to mark this appointment as unavailable i.e, make it disappear
I’m having some trouble understanding how to inplement presence channels in a real-time laravel application.
From what i’ve read in the documentation and a lot of other online resources about this, i only need to broadcast on a Presence channel and have clients listen on that particular channel. By the way, I'm using laravel 5.6 and on the front end I use Larvel Echo.
So, my problem is that channel name I need to broadcast to. If it’s something generic like “chat”, ALL the users in my application will broadcast to this channel and users who have no ideea who that user is (not a friend) receive this notification and they have to process this new information. Ofcourse I can choose not to update the UI or just do nothing if the user is not in their friends list but this just seems like a lot of useless procesaing of notifications on the client side. Doesn’t seem like a good ideea in my opinion.
Second option would be to broadcast presence to a unique channel name like “chat-[unique]” where “[unique]” would be something like the logged user’s id/hash but this just means that every client that loggs in the application has to listen for ALL friends notifications, so he has to connect to chat-5426, chat-9482, chat-4847 and so on, for all his friends. Again, this does not seem efficient. But that’s not all. The friends list is paginated so a user, after is logged in, only sees his first 20 friends (unless he scrolls down) and I have no limit on how many friend a user can have - I can implement a limit but still, it would be in the thousands so I don’t think I can get all the users from the DB in one query. I had the ideea of using this last method, to listen to each user's channel on the front end just as they are, paginated. Then, when scrolling and navigation arround, if a new user is visible in the viewport, add it to my friends object (no UI change) and start listening on his presence channel. I can see this method failing pretty easy though.
However I think about this, it always seems like online presence is verry resource consuming and almost not worth it for a small startup, I don't know. I have no ideea what a good way would be to implement it as I`ve never done it before. I would greatly appreciate any help with this because all online resources I've found on the subject implement the first method I asked about, all users connectiong to a generic channel but this always works in tutorials because they only have like 2-3 users in the DB and none mantion a user having friends. I can't see this working in the real world, but I may be wrong.
Thanks in advance
I want to create something in Slack that sends a message (starting by calling someone with '#') to a channel when specific users login. I've checked ifttt and zapier. I also checked the slack api to create something myself, but I couldn't really find anything usefull.
Anyone has any ideas?
Slack does not track user login or logoff in a traditional sense. Instead, users are always always "logged in" and available to receive messages once they have joined a team / channel.
There also is the concept of "presence", which is related, but not the same thing. User presence can change multiple times during a few minutes, e.g. if the user is on a mobile. I am guessing you would not want to send the user your message that often.
Still you can poll the presence information of a user with the API users.getPresence , which could be used to implement a script that polls this information on a regular basis and send your message. You also want to filter out presence changes below a certain duration threshold.
Keep in mind though that the rate limit for API methods is 1 per second. So depending on how many users you have in your workspace there will be a significant delay between the user becoming "present" and your script being able to send the message.
There is a workaround for that to have a google sheet as a database for the users and you can trigger by day once and timestamp it.
So the best trigger is a private message or public and you can use filter when mentioning or signin or signout it depends on the trigger word then you pass the filter since zapier won't count your zaps if you used fiter as a second step.
I'm trying to figure out how Websockets works. I read some articles, tutorials, etc and I have a pretty basic understanding of how it works, but there is one element that I can't understand how to implement.
My idea is the following : One user will load a "customer" page containing all informations of that customer + a discussion thread. If an other user load that same page, they will be able to discuss in real time and if one user update the data of the customer, the second one will see the update.
The thing that is bugging me, is how can I allow users to access a customer data, but by checking that they can access it (for example, users can access the customer of their group, not all customers)
How can I be sure that the current user will access a customer he has the right (in the websocket)?
Thank you for your help!
Think of the websocket connection itself as a separate thing. A socket used by a client can subscribe to many different events.
What you're describing is topics. When the websocket connection is established, you send a message using whatever socket framework you're using to subscribe to a topic. For example, it could be a topic called customer-123. (A analogy for a topic, is a chat room)
Your application logic (server side) will verify that the currently logged in user has permission to access customer 123, and if so, permits them to join this topic. If you don't do this, it would be trivial for users to listen to any messages relating to any data.
Whenever a user updates any data that is relevant to customer 123, a message is posted to that topic. And thus, any user who is in that topic will receive the message.
An socket might subscribe to many many topics for each customer they open in your app. And topics can be combined and managed in groups depending on how you want to send messages.
In a typical large app, it's common to have a websocket subscribe to topics like user-123, team-456 by default so the server can send messages to them individually or to the entire team to which they are a member of.
For example, if a user updates customer-123, I might send a full data object to the customer-123 topic, and if customer 123 belongs to team-456, I would also send a small notification object like 'User 789 has updated customer 123' to the entire team (which is what powers Facebooks feed like system).
As your app grows, you'll use services like notification hubs to manage the fact that there could be thousands of topics each with thousands of subscribers.
The best thing to do is share a session ID and set up authentication token policies between your web application and your socket session. You could set up your own policy middleware to check the session ID.
You aren't really clear about how you're trying to accomplish this. If you're using express/socket.io, you can use this module: https://www.npmjs.com/package/express-socket.io-session
Hope this helps!
Like any other production application, you need authentication (who is allowed to use the app) and authorization (what functionality can a authenticated user perform). Authorization (ie, access control - ACL) is probably more precisely what you are looking for. Your app has to consult an authorization subsystem to see if the current user has access permission to edit/view another user's information.
This is not a trivial concern for many applications; security and privacy are important aspects of any web-based (distributed) application.