brendan

brendan

Websocket connection validation with Phoenix Channels

I would like to discuss how phoenix can be improved regarding websocket connection validation with Phoenix Channels.

The issue:

Connecting to a websocket generally involves some kind of authentication/authorization and it needs to be possible to close the websocket connection if this fails.
Additionally, in order to have different client behaviour based on the reason that it was closed, we need to be able to pass at least a reason code, if not a full message on or before closing the connection.
E.g. if the reason is that the auth token is invalid, then the client should not attempt to reconnect until it has acquired a new token.
This should be flexible so that application developers can implement their custom requirements.
However currently it is not possible to both close the connection and provide a reason that is accessible to the client (at least for the browser websocket api).

Existing discussions

There are existing discussions regarding this that have been pretty dismissive of this issue:

Workarounds

The proposed workaround (and the one we currently use) is to require the client to join some special auth channel after connecting, before connecting to any other channels. As you can imagine, this results in multiple issues:

  1. All channels need to perform some kind of validation on join. This isn’t that bad since it can just delegate to a module which checks the socket.assigns.
  2. You can only do auth after the client has decided to join a channel. There is no escape hatch to send a message to the client before they have joined any channels. This makes the server vulnerable to DOS attacks since the client can just open websocket connections without joining any channels and the server will just keep these idle connections running because auth isn’t done on websocket connect.

This leaves us stuck between 2 places.

  1. Either close the websocket connection without a reason, which means the client will always continue attempting to reconnect, even if their token etc is invalid. This leaves us with misbehaving clients resulting in us getting kinda DOS’d by our own clients.
  2. Make it very easy for a bad actor to perform a DOS attack on the server.

Solution

I understand that phoenix channels are transport agnostic and that the correct behaviour cannot be implemented in the channels, but we need to figure out a way to handle this correctly in specific transports.

I think the most flexible solution would be providing some way to send a message from the server to the client without needing the client to join any channel, but if this is not realistically possible given the channel protocol, then we should at least provide a way to send a close frame on the socket connect. Note however that close frames are quite limited. This could be done by instead of rejecting the http upgrade on a connect error, we successfully upgrade the connection and then immediately sending a close frame. Having looked at the phoenix source, this seems like a minor change, except for the fact that cowboy doesn’t seem to support sending custom close frames currently, so we would have to add that support to cowboy first.

I hope that we can have a fruitful discussion here and find a good solution to a problem that I believe a lot of developers have with websocket/phoenix channels currently.

First Post!

brendan

brendan

I have created a draft PR that solves this issue at [Socket] send connect error to client and close by BrendanBall · Pull Request #4886 · phoenixframework/phoenix · GitHub.
Previously if socket connect handler returns an error
then websocket upgrade would be rejected.
Browser websocket api doesn’t support getting the status code on upgrade
failure.
This instead successfully upgrades to websocket then sends the error as
the first message and immediately closes the socket.

Where Next?

Popular in Discussions Top

arcanemachine
https://nitter.net/josevalim/status/1744395345872683471 https://twitter.com/josevalim/status/1744395345872683471
New
WildYorkies
It seems that the more I read, the more I find Elixir users speaking about all the ways that Elixir is not good for x, y, and z use cases...
New
owaisqayum
I have a sample string sentence = "Hello, world ... 123 *** ^%&*())^% %%:>" From this string, I want to only keep the integers, ...
New
Nvim
Elixir appears to be a superior language to Python. I don’t see any advantage of Python over Elixir. Are there any?
New
mmport80
I have put far too much effort into Dialyzer over the last year or so - and basically - I doubt it’s worth the effort. It’s not as easy ...
New
arpan
Hello everyone :wave: Today I am very excited to announce a project that I have been working on for almost 3 months now. The project is...
New
chuck
Let me start by stating an assumption: Phoenix is a great approach to building REST APIs. There are many reasons for this, but I will ass...
New
ricklove
I was just introduced to Elixir and Phoenix. I was told about the 2 million websocket test that was done 2 years ago. From my research, t...
New
mbenatti
Following https://github.com/tbrand/which_is_the_fastest |> https://raw.githubusercontent.com/tbrand/which_is_the_fastest/master/imgs...
New
dogweather
I wrote this comment on r/haskell, and it’s not popular there. :wink: But I think I’m on to something… Haskell reminds me of Java, and e...
New

Other popular topics Top

vertexbuffer
Hello, can anybody help here..? I have a list of players and I what to delete an element, but every for loop the list is reverting to ori...
New
New
sorentwo
Hello! tl;dr Announcing Oban, an Ecto based job processing library with a focus on reliability and historical observability. After spen...
985 43657 311
New
minhajuddin
I have seen a lot of code which picks the first element from a list using Enum.at(0) instead of List.first. Is there a reason why people ...
New
gausby
I asked this very same question on twitter and got some interesting feedback, but I thought it would be a good question to ask here as we...
1207 39523 209
New
aesmail
Hello guys, I have finally made it. I created an admin interface for a framework. It’s been on my todo list for years and with the curre...
New
saif
Hello everyone, Long time lurker first time poster here. I’ve recently begun working on Elixir full-time again! :raised_hands: It’s been...
New
komlanvi
Hi everyone, I was playing with phoenix liveView but I run into an issue. I have a form and want to validate each input text when the te...
New
shijith.k
I am trying to start a new phoenix project with elixir 1.9, but mix phx.new does not work. It says that ** (Mix) The task "phx.new" could...
New
openscript
Hello! Sorry for this astonishing simple question, but I’m really stuck. I try to set up the intellij-elixir plugin, but I don’t know ho...
New

We're in Beta

About us Mission Statement