Fabio BalzanoUpdate Tue Jun 30 00:31:40 UTC 2015
I am working at the server side technologies, above there is my last conceptual work, some details could change between today and tomorrow but we are almost there. The technologies involved are:
- WAMP on websockets
crossbar.io at the early stage of the deployment, after will be more probable switch to something in erlang but still WAMP. It also offers tokens for the authorization before the websocket handshake
- no cookies to keep the session at the browser side
I want to implement something new, the WAMP will provides tools to track the user and his session
- REST API to push telemetry via HTTPS from the IOT sensors or robots
This will be in pure python: falcon or wheezy.web, after I will switch to something in erlang probably. The REST API front end offer a solid PUSH only new data interface and very fast. I calculated to support at least 30K requests for second.
- Postgresql
Main DB for the data of sensors, rock solid, proven and becoming very versatile these days, I still have to decide few things but I will play with NOSQL schemaless datastore at first, the data will be stored probably in JSONB. I still have to deeply verify if we can pass JSONB to the javascript in browser.
- Redis as auth. token DB store, it will keep the tokens until the ws is handshaked
This is a security extra layer, before establish the websocket handshake, the browser needs to send a token received at the first contact with the server, REDIS DB will keep temporary the tokens until they get used with the handshake.
- in browser HTML rendering of the templates
This is my challenge, it is more than one year I see new javascript framework to process HTML templates browser side, this means they are not generated server side, the server is just a data streaming backend. It should e useful to keep an impressive amount of requests on.
- Bootstrap responsive theme with HTML5 and CSS/JS
I am evaluating several admin panels based on bootstrap, at the moment the more interesting are:
Ultimo admin link
AdminLTE link
further templates could be added tomorrow.
WAMP, it's time to play..
I wanted to see how the things work, so after installing crossbar.io, I began to look at the code of the example project and read the online documentation, I changed configuration parameters and code to understand better how it works. There is not to much to see about underneath protocol and WAMP because everything is raised to an higher level of abstraction and it just works but some hacking is still good...
Now my concern is about the security I could build on top of this system so I am interested to the authorization and authentication features provided by crossbar.io
The current documentation on github explain about the CRA authentication method, it is interesting, I could write an authenticator in python able to retrieve the secret from a DB to let crossbar.io to perform the authentication BUT some clever guy on github suggest to implement WAMP-SCRAM instead because more secure.
I am exactly there...no documentation yet...reading the source code to understand how to use it...sure will be a long night again :)....see you tomorrow...cheers
Discussions
Become a Hackaday.io Member
Create an account to leave a comment. Already have an account? Log In.