I'm getting started with RabbitMQ, using the MQTT protocol. I want users of my web app to be able to receive real time notifications. I am unsure of how to implement this. I am thinking that a "tickle" will come through telling the browser there is data available to download. Another option might be to send the info through a sockJS socket.
- Should the browser Js client by able to connect directly to the queue? Or is this a security issue?
If I used a hash of the users ID for the name of the queue for that user to consume from, then people could make their own MQTT client and start trying to connect to random queues and see if they hit something. You might think, WOW BIG DEAL... an unauthorised user knows that another (completely unknown) user has a (completely unknown) notification.
I think for completeness there node be some sort of nodeJs layer or something in between to do authentication? I've searched around but most of the MQTT tutorials are quite basic in nature and don't go into much detail or theory about security measures or their implementation.
How can I securely uniquely name a queue and pass that queue name to the browser?
This blog shows the use of nodeJs, but I am unsure of the reasons why, also they don't explain or show how to seperate different subscription queues in the form of sockets when the nodeJs basically becomes the producer/message broker. I guess make a map of queue name to socket connection and fire the info down it that way, but then again unsure of the reasons for this layer. http://vanbosse.be/blog/detail/pub-sub-with-rabbitmq-and-websocket
