How to publish private information via public websock channel?

Question

Given a URL like: 'http://my-site.com/my_ws' , I want to send 2 types of message:

public message, like the broadcasting, all people who connected to websocket will receive. e.g. current market price.
private message, only 1 person will receive, e.g. current user's balance.

I know many of the exchanges implemented this, could someone give me a clue ?

---------------------- Origin Question as below:

Today I found a very interesting website, it sends personal information via a websocket API which seems like a public channel.

My question is: how to do this? can websocket server send private information via some secret approach? below is the websocket channel details:

General :

Request URL: wss://wbs.mxc.com/socket.io/?EIO=3&transport=websocket
Request Method: GET
Status Code: 101 Switching Protocols

Response headers:

HTTP/1.1 101 Switching Protocols
Date: Tue, 03 Sep 2019 06:13:55 GMT
Connection: upgrade
Server: nginx
upgrade: websocket
sec-websocket-accept: xr3/mMY887Utp3cnZdf37ycDWAc=
sec-websocket-extensions: permessage-deflate

request headers:

GET wss://wbs.mxc.com/socket.io/?EIO=3&transport=websocket HTTP/1.1
Host: wbs.mxc.com
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
Origin: https://www.mxc.com
Sec-WebSocket-Version: 13
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,zh-TW;q=0.7
Sec-WebSocket-Key: oYmhqikSoGD8AgdqrMj0XQ==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

This is a website about crypto exchange.

client users can receive the public information( crypto prices ...etc) , and logged in user can receive his account balance, via the same URL.

so how to do this?

I also saw this kind of stuff in some other website such like huobi.pro, (EIO=3...) is this a kind of websocket client framework?

thanks a lot

What language and framework is your current WebSocket written in? — Michael Warner, Sep 05 '19 at 17:38
My guess is you're looking for this? https://stackoverflow.com/questions/23619015/creating-a-private-chat-between-a-key-using-a-node-js-and-socket-io — Software Person, Sep 06 '19 at 12:17

Jey DWork · Accepted Answer · 2019-09-07T02:26:58.597

First it is important to understand that a WebSocket connection is not a dumb broadcast.
Quite the opposite is the case: Technically each connecting client gets its own (private) WebSocket connection to the server from the very beginning, which in turn is referenced server side with a unique connection id.

With this in mind the rest is easy to explain: The server can now use usual means to identify clients further. On such a market place this will usually simply happen by login. After that the server knows that the WebSocket connection with your unique ID belongs to your specific user account. From this point on it will start to not only push "public" information to your WebSocket connection but also private information meant only for your account.

There are frameworks for this but to only send 2 types of messages, one for all users and one to a specific user you probably wouldn't need one or at least not a very sophisticated one.
However, what is in fact quite popular and would be a good match here as well would be socket.io. socket.io gives you a handy API to use WebSockets and enables private messages as well as intelligent broadcasts. To illustrate that consider the following pseudo code:

const io = require('socket.io')();

io.on('connection', (socket) => {

    // Already at this point you can reference the unique connected client by socket.id
    // However, currently we are not interested in the unique client 
    // and just want to send 'public' information to everybody:
    socket.emit('Pubic message everybody will get');

    socket.on('login', loginData => {
        // Obviously you would authenticate against a database and a lot more sophisticated ;-)
        if (loginData.name === "Rose" && loginData.pass === "superStrongPassword") {
            socket.emit('Hello Rose, this is your private message');

            // And since you are now logged in maybe also check for something in any kind
            // of DB collection and lets inform you whenever there is an update
            OrdersCollection.find({'owner':'Rose'}).observe({
                changed: updatedOrder => {
                    socket.emit('One of your orders you placed with us was just updated. Here is the current order:', updatedOrder);
                }
            })
        }
    });
});

How to publish private information via public websock channel?

1 Answers1