[Feature]: need Request in static onAuth about colyseus HOT 6 OPEN

Hi @hunkydoryrepair, thanks for the feedback.

For the uWebSockets transport I had to pass a "mocked" version of the request due to the optimizations uWebSockets does internally pruning the instance. (request is not available on async calls)

So far only the headers are present in that mocked object: 600534c

Can you share how are you currently retrieving the IP address from the uWebSockets' so we can include it as well?

I think this is a good opportunity to start thinking on unifying all transports into a single API. For WebTransport I'm afraid we'll need a similar approach.

The mocked structure would look like this so far:

{
  ip: "xxx.xxx.xxx.xxx",
  headers: {
    key: "value"
  },
}

(Might be a good idea to provide URLs, protocol, paths, etc as well 🤔 )

from colyseus.

On the regular ws library this is the recommendation we have in the documentation, but I'm afraid it doesn't cover all cases, using behind a proxy and/or different load-balancers:

request.headers['x-forwarded-for'] || request.socket.remoteAddress

from colyseus.

Sorry, I guess I was referring to an earlier version that did not pass in the request at all (at least, was not documented). Yes, we use x-forwarded-for and the request.connection.remoteAddress...I've never seen a request.socket on the request, so that's odd.

The issue we have remaining is we need the options passed to joinById. We have a lot of data we need to do our authentication in the options passed in:

this.client.joinById( roomId, {
        mapId,
        token: token || 'iamguest',
        isGuest: !token,
        cryptoWallet: {...},
        username,
        world: worldId,
        ver: GAME_CLIENT_VERSION,
        ...spawnParams,
        avatar: !!token || !avatar ? '' : JSON.stringify(avatar),
        lastSavedAt,
        recaptchaKey,
      }

We check bots, require a matching client version, require our own token registered with Stytch, we validate that the player hasn't changed since with authenticated using the save date, etc. We need it all. Switching to static onAuth not an option without the data.

from colyseus.

We do other checks, too, that require the room state, but those can probably be moved to onJoin

from colyseus.

can close this. would be nice to have the options in the onAsync, but not required.

from colyseus.

Thanks @hunkydoryrepair, let's keep this open for discussion, though - as I think for v1.0 we could provide a unified "request/context" object that is the same for every transport during static onAuth 🙏

from colyseus.