Websocket connection with javascript

Jacob Burrell9 months ago

Why isn't @Mr.wolf's changes merged? I would love the ability for Websocket to be able to be accessed from external Hosts.

Anton Tananaev9 months ago

Mostly because there's no pull request, but also I think passing a key as a query parameter is not ideal.

Jacob Burrell9 months ago

It isn't

Is there a better solution available or on the roadmap?

Anton Tananaev9 months ago

No.

Mr.wolf9 months ago

@Anton from our email discussion I thought you didn't want to add this feature but I will make a pull request for my changes, I think access with an access token or id session is not a security issue.

Jacob Burrell9 months ago

Perhaps you can merge it with a warning/disclaimer and ensure it's a manual opt in option?

That way I don't have to run an entirely different fork if I'm ok with the security implications.

One size fits all probably isn't the best here.

Mr.wolf9 months ago

@Anton, this is the PR for my changes

Anton Tananaev9 months ago

Closed the PR because it doesn't seem to be ready. It has a bunch of unrelated changes.

Anton Tananaev9 months ago

I have done some investigation and it seems like the best option is to pass token in the "protocols" array. I'm going to try implementing it.

Mr.wolf9 months ago

the necessary files to modify to implement external access according to my approach are:

  • src/main/java/org/traccar/api/AsyncSocketServlet.java
  • src/main/java/org/traccar/api/resource/SessionResource.java
  • src/main/java/org/traccar/web/WebServer.java
  • src/main/java/org/traccar/web/HttpSessionCollector.java

You can check it in my repo or in the closed PR

Anton Tananaev9 months ago

Added support for tokens using query parameter. Using protocols turned out to be too hacky.

https://github.com/traccar/traccar/commit/49483e0420ca8c7ff1afb31dacc7a427f93c7a3a

Mr.wolf9 months ago

if access token is not secure as url parameter, in my solution I implied some way of authentication with session id.