I'm using node.js with socket.io. Every socket connected to server has its own socket.id. I'm wondering if it is possible security issue if I pass socket.id from server to clients?
i don't believe that's a problem there aren't any known vulnerabilities to this, server-side socket.io is using ID to identify websocket connections just to "know" where to emit events and from where an event was emitted.
Related
Basically, I know that 'socket.io' is a one-on-one communication between the server and the client.
But when I tried to do it myself, it wasn't
Connect to the socket using a chrome browser.
Connect to the same page using the secret tab.
in the same situation as described above
If an event occurs on client 1, it works on client 2.
How can I generate an event only on each client?
I connected different rooms to each client.
//server
socket.join(`${socket.id}`)
socket.to(`${socket.id}`).emit('event')
It will not work anywhere.
This method:
socket.to(room).emit(...)
sends to all sockets in the room EXCEPT the one represented by socket.
If you want to send to everyone in the room, then use this:
io.to(room).emit(...)
Refer below link:
1.Rooms Concept
https://socket.io/docs/v3/rooms/
2.Emit cheatsheet
https://socket.io/docs/v3/emit-cheatsheet/
When the socket.io client performs an (automatic) reconnection - as might happen if a mobile client went to sleep then woke up again - does the server get a reconnect event? Or does it just see a disconnection and fresh connection?
In either case is there a way to
identify that it's the same client e.g. by a unique client id that persists across connections
have the client automatically re-join any rooms it was in before
Or do I need to code that functionality manually e.g. by having the client supply the id or rooms itself on reconnection?
I had a read of the socket.io docs and can't see any list of events that the server might receive.
I just started with socket.io, and I want some function which will broadcast somethink from one client throuh server to all clients.
For example I will have game, when I will need handle a lot of things.
There is two option:
1.
Every call handle on server and client side, for every call create socket.on('call');
But I think there is better solution
2.
On client call emit when I get payload and name of socket which will be called from server to other clients.
Like this:
SERVER
// Broadcast specific emit to all clisnts expect sender
socket.on('broadcast', function(data){
socket.broadcast.emit(data.emitName, {id: socket.id, payload: data.payload});
});
and client:
// Call to server
socket.emit('broadcast', {emitName: 'playerMove', payload: {....}});
// Handle called from server
socket.on('playerMove', function(data){
....
});
Second solution can save a lot of time, but is it safe solution ?
And is there any better solution how call from client broadcast throuht server and call to other clients ?
Only the server can broadcast to all clients. The server retains control.
Your second solution is the best solution.
You may want to somehow ensure that you trust the client that is making the emit that will result in the broadcast. HTTP protocol is well-established in respect of client authentication.
Websockets does not have the same standard approach. Maybe you should investigate Websocket client authentication. There is no reason why you cannot use JWT authentication with websockets, just send the JWT token in the data packet the client is sending. This is probably how I would handle authentication but I am no expert on how to do this with websockets.
I am using WebRTC to make a audio, video and chat application. How on the server side we can check if the peer is still connected.
Actually, I want to check before making audio/video call that the other user end is still connected. I am able to maintain Presence (i.e online/offline) when user logs in or logs out of the application.
Suppose, the network connection drops or got disconnected, I am not able to get any information on the server side. If I can get, then I can communicate to rest of the peers connected.
So, need help how to get the information if the peer is still connected or not. I am using Nodejs and WebRTC in my application.
Socket.IO has a concept of 'rooms' that makes it very handy for building WebRTC signaling servers, and a disconnect event fired when a user disconnects. You can also set up a custom event to be emited when, for example, a user stops a video stream or leaves a page.
You might want to take a look at the codelab at bitbucket.org/webrtc/codelab, which uses Socket.IO for signaling. (Apologies, once again, for shameless self promotion!)
You would need to implement your own logic to do that.
Since you already have the client registering presence you could:
maintain a persistent connection via websockets
implement a polling/keep alive algorithm between your clients and server
The Socket.io API has the ability to send messages to all clients.
With one server and all sockets in memory, I understand how that server one can send a message to all its clients, that's pretty obvious. But what about with multiple servers using Redis to store the sockets?
If I have client a connected to server y and client b connected to server z (and a Redis box for the store) and I do socket.broadcast.emit on one server, the client on the other server will receive this message. How?
How do the clients that are actually connected to the other server get that message?
Is one server telling the other server to send a message to its connected client?
Is the server establishing its own connection to the client to send that message?
Socket.io uses MemoryStore by default, so all the connected clients will be stored in memory making it impossible (well, not quiet but more on that later) to send and receive events from clients connected to a different socket.io server.
One way to make all the socket.io servers receive all the events is that all servers use redis's pub-sub. So, instead using socket.emit one can publish to redis.
redis_client = require('redis').createClient();
redis_client.publish('channelName', data);
And all the socket servers subscribe to that channel through redis and upon receiving a message emit it to clients connected to them.
redis_sub = require('redis').createClient();
redis_sub.subscribe('channelName', 'moreChannels');
redis_sub.on("message", function (channel, message) {
socket.emit(channel, message);
});
Complicated Stuff !! But wait, turns out you dont actually need this sort of code to achieve the goal. Socket.io has RedisStore which essentially does what the code above is supposed to do in a nicer way so that you can write Socket.io code as you would write for a single server and will still get propagated over to other socket.io server through redis.
To summarise socket.io sends messages across multiple servers by using redis as the channel instead of memory.
There are a few ways you can do this. More info in this question. A good explanation of how pub/sub in Redis works is here, in Redis' docs. An explanation of how the paradigm works in general is here, on Wikipedia.
Quoting the Redis docs:
SUBSCRIBE, UNSUBSCRIBE and PUBLISH implement the Publish/Subscribe
messaging paradigm where (citing Wikipedia) senders (publishers) are
not programmed to send their messages to specific receivers
(subscribers). Rather, published messages are characterized into
channels, without knowledge of what (if any) subscribers there may be.
Subscribers express interest in one or more channels, and only receive
messages that are of interest, without knowledge of what (if any)
publishers there are. This decoupling of publishers and subscribers
can allow for greater scalability and a more dynamic network topology.