I'm using websocket for real-time communication for my mobile app project. I implemented basic security logic: To connect to the server, the client must have a key,
-when the client connects to the server it sends immediately a JSON object containing authentication information
{
action:"auth",
device_id: "string",
auth_key: "string",
user: "string"
}
-The server replies with a session id if the key is correct, or drops the connection - From that, every data sent by the client, will be JSON object having that session id, so that the server, can recognize it, all unknown clients are dropped.
Now the big problem is that, WebSocket protocol doesn't understant JSON, so i have to use JSON.stringify() and JSON.parse() to send my data through, also i have to check if the session id is valid this takes time and the application is not smooth anymore(before it was).
For example, if it records mouse pointer moves, such data will be sent to the server as the mouse is moving, so it sends data several times in short period , and because the logic i've implemented, it's not smooth at all
{
session_id: "string",
user: "string"
action:"mousemove",
position: {
x: int,
y: int
}
}
My concerns are:
-Secure the server, so that no one can access it and send commands, without authorization.
-Keep it REALLY real-time
-Have a good data format (as JSON if possible)
