I use the WAMP.ws specification to create public / private user chats on my website.
My problem occurs when I try to keep a list of all connected users. What could I do:
- All users subscribe to the topic "/ contacts / connections".
- When a user connects, he posts a "hello" message with the argument "user_id", telling other users that he is connected.
-> But how can I trust users? Any user can send a "Hello" message with a random argument "user_id".
For me, the server must perform some checks before sending the message. But does this comply with the WAMP.js specifications? I read that the posted message is always broadcast by the server.
Another solution might be to use an RPC call to connect the user. In fact, I did this to authenticate users. But can the server broadcast the event on the topic "/ contacts / connections" by itself? (after calling the RPC, not after the “Post” message) I read that this event is a direct result of the “post” from the client. Moreover, this will not prevent ordinary users from sending a topic by calling the topic "/ contacts / connections", which will be broadcast by the server.
I feel that my two decisions (checking published messages before broadcasting or broadcasting events by the server after an RPC call) violate the WAMP.js. specifications. I'm wrong?
thanks
source
share