Lua websocket extension - auth header

galicky · April 19, 2020, 8:31am

Hi, i need websocket stomp realization. How i can make it?
Or i want to send authorization header to sockets, as send auth token for example.

britzl · April 19, 2020, 6:27am

There’s a websocket extension in the asset portal. Do you already have a backend?

galicky · April 19, 2020, 9:04am

Yes, i already get websocket library from assets and make simple backend on java spring.
But i can’t make normal authorization for users. I want make it with security token, but websocket extension can’t set custom headers to server.
Now I have to send auth token in the request body.

example of what i need:

url:  ws://localhost:8090/player
header: Authorization: token adshfljdshfljhadslfsadfkajsdhf
body:
    {
    	"posX": 1,
    	"posY": 2
    }

britzl · April 19, 2020, 9:47am

Ok, good now you can create web socket connections.

Isn’t STOMP a protocol/ message exchange format that you build on top of for instance a websocket? And there is no such thing as request headers when you send stuff on a websocket as far as I know. The header you mention is part of the STOMP protocol right?

galicky · April 19, 2020, 10:44am

I think you’re right, this is a part of STOMP protocol.
So, how can i then make authorization, with websocket library from defold assets?

britzl · April 19, 2020, 10:58am

You can’t. A WebSocket is not like an http request where you add a bunch of headers when you send the request. A WebSocket is negotiated and then kept open to exchange data. Compare HTTP and TCP. Two completely different things.

Here’s the STOMP format spec btw: https://stomp.github.io/stomp-specification-1.2.html

“STOMP is a frame based protocol which assumes a reliable 2-way streaming network protocol (such as TCP) underneath. The client and server will communicate using STOMP frames sent over the stream. A frame’s structure looks like:”

COMMAND
header1:value1
header2:value2

Body^@

So I guess what you need to do is to create the websocket connection to your server and then start sending and receiving STOMP frames via the websocket.

The spec continues with a description of the CONNECT command:

“STOMP 1.2 clients MAY set the following headers:”

login : The user identifier used to authenticate against a secured STOMP server.
passcode : The password used to authenticate against a secured STOMP server.

So I guess for authentication you can use the CONNECT command and the “login” and “passcode” headers.

OR you can probably chose to create your own authentication using some other command (SEND?).

galicky · April 19, 2020, 11:26am

Thanks for the detailed answer!
I will try to do it through STOMP, then I will talk about the results.

epsilon777 · June 6, 2024, 6:13pm

hi, did you succeed in implementing stomp messaging protocol over websocket extension with lua/defold ? any sample ?