Simplistic nodejs service listens for incoming events and passes them further down to (multiple) WebSocket listeners.
No restriction via roles, only authorization via tokens. This should be used only by your trusted back-end services, not client applications.
The service is split into two servers (listen and broadcast).
Your project should document the types of events that are passed through this service and what format of data they contain.
Send HTTP POST /event to the listen server with body:
{
"event": "<type of event>",
"data": ...
}
Include relevant data that you want the listener to receive. Include Authorization header with credentials (see below).
Server should respond with:
{ "code": "OK" }
Possible error codes:
INVALID_BODY
(400)UNAUTHENTICATED
(403)AUTH_UNRECOGNIZED_SCHEME
(403)
Connect via WebSocket to the broadcast server. Then send initialization message:
{
"authentication": "<credentials>",
"events": [
"<type of event to listen to>",
"<another type of event to listen to>"
]
}
events
contains types you want to listen to. The server will respond:
{
"type": "init",
"code": "OK"
}
Possible error codes:
INVALID_SYNTAX
INVALID_EVENTS_MISSING
AUTH_UNRECOGNIZED_SCHEME
UNAUTHENTICATED
Now when an event is fired, you will receive a message:
{
"type": "event",
"event": "<type of event>",
"data": ...
}
Send authentication credentials: <scheme> <token>
Currently, only 'Basic' authentication is supported. This works by storing authorized tokens in a file.
Write tokens you want to accept in /tokens/tokens
file. Make sure the file has only necessary permissions.
Tokens must be no less than 16 characters long, otherwise they will be ignored.
To enable, provide HTTPS_ENABLE=true environment variable to the service. Create /certs/cert.key
and /certs/cert.crt
files.
- listen - 8080,
- broadcast - 8081.
- production - 11000 and 11001,
- development - 12000 and 12001.
npm install
- Configure
npm start
(ornpm run docker
ornpm run dockerd
for background)
To run unit tests: npm test
. Note: authentication services are currently not tested.
The project may benefit from additional authentication schemes (e.g. expirable Bearer tokens) and authorization via roles.