Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WebSockets #290

Merged

Conversation

lukaskabc
Copy link
Collaborator

Implementation of WebSockets on HTTP(S) endpoint /termit/ws using STOMP protocol.

WebSockets will be used in future PR addressing application performance (dev branch).

Authentication

WebSocket API in browsers does not allow setting custom headers for WS handshake (HTTP request for protocol upgrade),
which leaves us with three options for how to implement authentication using the JWT token:

  1. save the token as a cookie, which will be sent by the browser automatically (hopefully)
  2. send the token as a query parameter
  3. send it with a STOMP CONNECT message

Currently implemented as option 3, which is most reliable.
This means any WebSocket connection is accepted, and the client has limited time (15s) to send a STOMP CONNECT message with a valid JWT token. Otherwise, the connection is closed.

  1. might face issues with cookies access and browser compatibility, but it should be possible to implement for better security of the ws endpoint in the future
  2. JWT would be part of history and logs, which is unacceptable

Changes

  • removed REST endpoint /vocabularies/{localName}/validate replaced with matching ws endpoint
  • disabled test findTermOccurrencesSetsFoundOccurrencesAsApprovedWhenCorrespondingExistingOccurrenceWasApproved, which is failing on Windows, until the issue is resolved

Tests

Prepared two test runners for WebSocket testing.

  • BaseWebSocketIntegrationTestRunner, which starts the whole application context with an active web socket endpoint and establishes an actual web socket connection to the application. Currently used for WebSocket security test.
  • BaseWebSocketControllerTestRunner is used to test WebSocket controllers using mocked API.

Required changes (TODO)

  • It is required to adjust proxy configuration to enable WebSocket connections support (SockJS fallback might be implemented in the app if needed)

Copy link
Contributor

@ledsoft ledsoft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple of minor questions/suggestions

Copy link
Contributor

@ledsoft ledsoft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ledsoft ledsoft merged commit c47785c into kbss-cvut:development Sep 3, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants