What is socket hijacking? - ruby-on-rails

I'm reading a great post on Rails 5 actioncable introduction. There it says: "Action Cable uses the Rack socket hijacking API to take over control of connections from the application server. ". What does the "socket hijacking" mean?

Socket Hijacking was implemented with rack 1.5.0 - a modular Ruby webserver interface.
Rack 1.5.0 basically provides a simple and adaptable interface for developing apps in rails. It does this by wrapping HTTP requests and their responses in a simply way. It also combines the API's for web servers, web frameworks, and middleware into a single method call.
So, in rack 1.5.0 socket hijacking is used to allow rails apps to overtake the client socket and perform other operations on it. These operations include:
Implementing WebSockets
Streaming data
Other interactivity between user's browser and server
WebSockets allows the user to send messages to a server and receive event driven responses without having to poll the server for a reply.
This is shown in this diagram - as you can see, once the WebSocket connection is opened, messages can be sent and received between the user and server.
Anyway, in the Rack Socket Hijacking API that you specified, it essentially provides two modes:
Full hijacking API
This gives the app complete control over what goes over the socket. The app server doesn’t send anything over the socket, and lets the app take care of it.
Partial hijacking API
This gives the app control over the socket after the app server has already sent out headers. This mode is basically used for streaming.
So - In the end, socket hijacking basically allows ruby/rails apps to override/overtake a client socket and carry out different functions on it, or as you wrote - take control of connections from the application server.

Related

Server-sent events blocked when using GAE flexible environment to run docker images

When I try to access server-sent events endpoint locally it works fine and spits out data every two seconds, when I ssh into the appengine vm it also works fine (using curl) but when I try and access the server-side events endpoint from outside appengine I just get timeouts. Is server-side events blocked in GAE? I see that websocket could be troublesome, but server-side events are over http.
No, server-sent events are not blocked in Google App Engine. But since GAE have buffering enabled by default they will never reach you since the request never completes. Disable buffering with this header in your SSE response:
X-Accel-Buffering: no
Read more here: How Requests are Handled

Rails. using a web socket like rest, but with an open connection

I have a web api that posts json to different external endpoints on certain conditions. We have a new client that wants us to open a web socket connection with them during an event, send them the data (json) when we get it via this socket, and close the socket after the event. I'm having a hard time figuring out the rails way to do this.
How do I open a web socket connection and keep it open? (basically where would the client sit/ what would the definition look like).
How do I send messages over the socket from a controller? (eg. after processing a post request send new data to this websocket)
How do I close the connection?
You can try using this gem called Faye. Here's an example for connecting and sending data: (note: I didn't test it)
# Open the connection
ws = Faye::WebSocket::Client.new('ws://www.example.com/')
# Send data to connection
ws.send(YOURJSONDATA)
# Close connection (RFC 6455)
ws.close
Notes for faye:
Using the WebSocket client
Adding headers and other options to connection
WebSocket API
RFC 6455
Hope it helps!

Communication between a http server and https server will be secured?

I am trying to implement an HTTP server inside an iOS app. I could see similar apps in the app store. But in my case, embedded HTTP server has to communicate with external HTTPS Server. So now,
is the communication secured? Or do I need to implement HTTPS server, instead?
Is it possible to implement an HTTPS server in iOS app?
Will Apple reject this approach?
Thanks in Advance
I'm assuming that you use the internal HTTP server to provide interceped content for a WKWebView. I this case you web view connects to the HTTP server over HTTP and this connection is insecure. But generally this shouldn't be an issue because nobody can intercept the connection. You HTTP server connects to the internet over HTTPS, and this should be done because this connection could be compromised.
Don't be confused about the different protocols. If you call a HTTPS-URL NSURLSession will use HTTPS and use a secured connection. There is no pitfall or issue. You needn't to support HTTPS for the web view to server connection. This will give you not more notable security.
I use a similar setup in my application and it works perfectly.
BTW: In iOS 11 you may use WKURLSchemeHandler to intercept web view requests. This should be much easier than a local HTTP server. The disadvantage is, that you have to define a custom protocol (e.g. xhttp instead of http), and rewrite the URLs in the web content. But this should be much easier to achieve than a local HTTP server.

Web Server and App Server

I just want to know that how the web server call to app server code and pass the response to the client, Eg :-
Nginx web serve
Unicorn app server
Rails application
Our request sends to web server and how web server(nginx) pass that request to the app server(unicorn) and how app server runs the rails code or route and sends back the response.
To understand the collaboration of a web server to an app server you must study the architecture of the server first. I guess this link will give you a good idea about architecture and it's bonding.
Have a look here:

How to implement websocket-based push service through Rails?

I'm building a messaging app like WhatsApp. My goal is to expose only REST API through Rails and "push notifications" to connected clients via websockets. So clients communicate with server only with the REST API. Only the server sends data through the websocket. Clients can only receive data from it.
Currently I've built an eventmachine server listening for websocket connections and Unix domain socket connections. When a client performs a request on the REST API, Rails connects to the Unix domain socket to tell the eventmachine what connected client needs to be notified through the websocket.
My concern is about how it will behave in production (my server runs Apache Passenger). So I'm looking for some project to solve my problem. I had a look at Faye but I can't understand how to force it to send notifications to connected clients from an external process (that might be rails while is performing a request). Any ideas?
Have you looked at the sync gem I am doing something similar and that is what i use
https://github.com/chrismccord/sync
They have a really good video on integration and a example https://github.com/chrismccord/sync_example
and this fully supports Faye and Pusher.
I use Faye for dev and Pusher for production

Resources