Option to extract client connection user id from http header #730
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FZambia
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed changes
Possibility to set
client_user_id_http_headeroption which contains a header name from which Centrifugo will try to extract authenticated user ID for client connections based on HTTP transports (all except unidirectional GRPC). This allows using proxies before Centrifugo which can authenticate requests and set user ID as a header.In this case applications must ensure that they strip such headers coming from clients on proxy level before authenticating request to avoid malicious usage.
Ex.
{ .. "client_user_id_http_header": "X-User-Id" }In this case we do not support setting connection expiration and info.
TODO: possibly think a bit on a better option name.