Namespace design patterns for socket.io API

I'm in the process of developing a websocket API using socket.io, on top of an existing REST API.

There are a couple of main models at the moment - User and Order.

For someone with customer level permissions, they can subscribe to the socket.io namespace /Customers and the room :customer-id and they will only see create/update/delete events for Orders they own.

For someone with admin level permissions, I was thinking they could subscribe to the /Orders namespace and the room :order-id to only see events for a particular order.

However, this has some problems:

• Admins cannot see create events, since they have an ID which is not determined until creation
• If I open up the /Orders namespace to all events, this could potentially grow in size massively as the app scales (seeing all events from all orders, regardless if they are rendered on screen)

Is there any type of common abstraction/grouping for websocket based APIs to limit the events that an admin will be subscribed to?

1 Answers

Answers 1

Take a look at https://github.com/facundoolano/socketio-auth to check the user authenticated and possibly groups and permissions.

If You Enjoyed This, Take 5 Seconds To Share It

• Facebook
• Twitter
• Google+
• StumbleUpon
• Digg
• Delicious
• LinkedIn
• Reddit
• Technorati