C
C#2mo ago
Neeyo

Question about SignalR

I am connecting to websocket server using url with query data of group name to which user want to connect to: https(:)//localhost:5001/hubs/groups?groupName=${groupName}. On connection I make sure that group exists in database and userhave access to this group. Is it save to assume valid data, so every time client invokes method, to skip the part of checking in database that group name is valid?
35 Replies
Suiram1
Suiram12mo ago
I think so. This parameter can only change when a new http request to initialize the websocket is send so it can't change while the connection is alive.
Neeyo
Neeyo2mo ago
I thought so too but its better to ask, thank you @Suiram1
Unknown User
Unknown User2mo ago
Message Not Public
Sign In & Join Server To View
Neeyo
Neeyo2mo ago
Well, I do xD
Unknown User
Unknown User2mo ago
Message Not Public
Sign In & Join Server To View
Neeyo
Neeyo2mo ago
I mean in the newest version
Unknown User
Unknown User2mo ago
Message Not Public
Sign In & Join Server To View
Neeyo
Neeyo2mo ago
It works fine but I am learning it but if it works, it works
Unknown User
Unknown User2mo ago
Message Not Public
Sign In & Join Server To View
Neeyo
Neeyo2mo ago
app.UseAuthentication(); app.UseAuthorization(); app.MapControllers(); app.MapHub<GroupHub>("hubs/groups"); app.Run();
Unknown User
Unknown User2mo ago
Message Not Public
Sign In & Join Server To View
Neeyo
Neeyo2mo ago
C#
public override async Task OnConnectedAsync()
{
(string groupName, string serverName, AppUser user, Group group) = await ValidateData(Context);

await Groups.AddToGroupAsync(Context.ConnectionId, groupName + "_" + serverName);

await Clients.Caller.SendAsync("NewMessage", "TestMessage");
}

private async Task<(string groupName, string serverName, AppUser user,
Group group)> ValidateData(HubCallerContext context)
{
var httpContext = context.GetHttpContext();
var groupName = httpContext?.Request.Query["groupName"].ToString();
var serverName = httpContext?.Request.Query["serverName"].ToString();
if (string.IsNullOrEmpty(groupName) || string.IsNullOrEmpty(serverName) || context.User == null)
throw new Exception("Cannot join group, did you miss group or server name?");

var user = await userRepository.GetUserByUsernameAsync(context.User.GetUsername())
?? throw new Exception("User does not exist");

var group = await groupRepository.GetGroupByGroupNameAndServerNameAsync(groupName!, serverName!)
?? throw new Exception("Group does not exist");

var groupMembers = await groupRepository.GetGroupMembersUsernamesAsync(group.Id);
if (!groupMembers.Contains(user.UserName)) throw new Exception("You are not member");

return(groupName, serverName, user, group);
}
C#
public override async Task OnConnectedAsync()
{
(string groupName, string serverName, AppUser user, Group group) = await ValidateData(Context);

await Groups.AddToGroupAsync(Context.ConnectionId, groupName + "_" + serverName);

await Clients.Caller.SendAsync("NewMessage", "TestMessage");
}

private async Task<(string groupName, string serverName, AppUser user,
Group group)> ValidateData(HubCallerContext context)
{
var httpContext = context.GetHttpContext();
var groupName = httpContext?.Request.Query["groupName"].ToString();
var serverName = httpContext?.Request.Query["serverName"].ToString();
if (string.IsNullOrEmpty(groupName) || string.IsNullOrEmpty(serverName) || context.User == null)
throw new Exception("Cannot join group, did you miss group or server name?");

var user = await userRepository.GetUserByUsernameAsync(context.User.GetUsername())
?? throw new Exception("User does not exist");

var group = await groupRepository.GetGroupByGroupNameAndServerNameAsync(groupName!, serverName!)
?? throw new Exception("Group does not exist");

var groupMembers = await groupRepository.GetGroupMembersUsernamesAsync(group.Id);
if (!groupMembers.Contains(user.UserName)) throw new Exception("You are not member");

return(groupName, serverName, user, group);
}
Unknown User
Unknown User2mo ago
Message Not Public
Sign In & Join Server To View
Neeyo
Neeyo2mo ago
No no, not inside there, I mean in other functions That user can invoke when he is connected
Unknown User
Unknown User2mo ago
Message Not Public
Sign In & Join Server To View
Neeyo
Neeyo2mo ago
Sqlite D:
Unknown User
Unknown User2mo ago
Message Not Public
Sign In & Join Server To View
Neeyo
Neeyo2mo ago
Naming may be a little confusing, Group is my own Entity, Group can have Users - Members in it
Unknown User
Unknown User2mo ago
Message Not Public
Sign In & Join Server To View
Neeyo
Neeyo2mo ago
I didnt intend to use SignalR to begin with, I went into it after I felt I feel confident enough to try it
Unknown User
Unknown User2mo ago
Message Not Public
Sign In & Join Server To View
Neeyo
Neeyo2mo ago
Then I learned about groups in there
Unknown User
Unknown User2mo ago
Message Not Public
Sign In & Join Server To View
Neeyo
Neeyo2mo ago
So i felt as well I am mixing it too much
Unknown User
Unknown User2mo ago
Message Not Public
Sign In & Join Server To View
Neeyo
Neeyo2mo ago
All I was afraid for now was if someone could trick signalr somehow to for example log in into user who have access to "group" X, connect to websocket , then swap "group" name in query into name of a "group" he does not belong to. If not I would only check everything on connection otherwise on every method user invokes
Unknown User
Unknown User2mo ago
Message Not Public
Sign In & Join Server To View
Neeyo
Neeyo2mo ago
Okay :sadge: Thank you, you told me a lot
Unknown User
Unknown User2mo ago
Message Not Public
Sign In & Join Server To View
Neeyo
Neeyo2mo ago
You will get angry but he has to in my case xD Its fault of my naming, group right now as it is named in my code in more of a Room, user can have access to many rooms, for example there are Rooms: "Gardening", "Cars", "Coding". User connecting to websocket can joint either of those and has to specify which one he wants to join, thats why there is query ?groupName in url
Unknown User
Unknown User2mo ago
Message Not Public
Sign In & Join Server To View
Neeyo
Neeyo2mo ago
I am familiar
Unknown User
Unknown User2mo ago
Message Not Public
Sign In & Join Server To View
Neeyo
Neeyo2mo ago
Okay, I believe I will do better next time :sadge: Thank you, really, for a lot of your time
Unknown User
Unknown User2mo ago
Message Not Public
Sign In & Join Server To View
Want results from more Discord servers?
Add your server