I am trying to make a small deployment app which uses docker which communicates the build process or your app with a websocket to the client.
I am connecting to the websocket with socket.io like so:
<script>
var socket = io.connect('http://localhost:8000');
socket.on('log', function (data) {
$('#log').append(data + '<br/>');
});
</script>
Of course this is not safe since it it just being broadcasted to all users. I need to:
- Authenticate a user
- Broadcast the right data only to user that initiated the build process.
- Only show the websocket output for this user on a specific page(since a user might have multiple build processes running at once).
I am guessing for the authentication this would suffice:
https://auth0.com/blog/auth-with-socket-io/
How would I properly secure this without other users eavesdropping in on the broadcast? I have read some about channels but in that case I still need to only display websocket output per page.
Can this be done with something like an ID or something with socket.io? Any help, tutorials or guides will help me out here. I am a bit stuck on where to go from here because I want to properly secure this.
Even a small tasklist will help me out here since I am new to websockets.
via Stephan-v
No comments:
Post a Comment