I am developing an IOS social application that is written in SWIFT.
The backend is PHP, MySQL (for event handling), + a bit of NodeJS, Socket.io (for realtime chat and notifications)
I have made the chat successfully:
When the user sends a message the Socket.io server handles it the following way:
- it inserts the datas to the database
- if successful then emits the message to all the participant users
/ so for this the backend is only the Socket.io server, which handles the database aswell
Works fine.
But then there are events that are not meant to be real time, but still I want to send a notification to the given user with Socket.io
for example: if a post has been liked, then send a noti to the posts owner
I have already written the PHP files for saving the like in the database, but
How should I do the notification part, safe?
I have came up with 3 ideas:
- The app sends a web request to my PHP+MySQL backend, it handles the data there, then after returning back "success", the application (SWIFT) sends a notification to the post owner (via Socket.io XCode pod)
func likePost(postId : Int, completion: @escaping (ActionResult?)->()){
let connectUrl = URL(string: appSettings.url + "/src/main/like.php")
var request = URLRequest(url: connectUrl!)
request.httpMethod = "POST"
let postString = "userId=\(userId)&session=\(session)&pId=\(postId)"
request.httpBody = postString.data(using: String.Encoding.utf8)
let task = URLSession.shared.dataTask(with: request) {
(data: Data?, response: URLResponse?, error: Error?) in
if error != nil {
return completion(ActionResult(type: 0, code: 0, title: "error", message: "something went wrong"))
}
do {
let responseJson = try JSONSerialization.jsonObject(with: data!, options: [])
if let responseArray = responseJson as? [String: Any] {
let responseStatus = responseArray["status"] as? String
let responseTitle = responseArray["title"] as? String
let responseMessage = responseArray["message"] as? String
if responseStatus != "1" {
return completion(ActionResult(type: 0, code: 0, title: "error", message: "something went wrong"))
}
// SUCCESS, SEND NOTI WITH SOCKET.IO
socket.emit("notification_likedPost", ["postId": postId)
return completion(ActionResult(type: 1, title: "success", message: "yay"))
}
} catch {
return completion(ActionResult(type: 0, code: 0, title: "error", message: "something went wrong"))
}
}
task.resume()
}
- same, but after returning back "success" from the PHP, itself (the PHP file) handles the Socket.IO notification emitting as well (I think this is not possible, I haven't found any PHP->Socket.io plugins..)
-
- The app does not send anything to my web PHP+MySQL file, instead it sends the whole "like" process to my NodeJs, Socket.IO server, it handles it there, saves it to the database, then emits the notifications (Just like the real time chat part, but this would be a lot work because I have already written all the other code in PHP files)
The first case is the most ideal for me, but I am scared that it would be hackable..
Because if I do it the first way, the backend NodeJs+Socket.io server won't check if the liking process was successful (because it was checked client-sided)
so it is likely that anyone could send fake "post like" notifications, like a billion times.
Then maybe the second option would be great as well, so that back-end handles both checking, and notification sending, but sadly there's no Socket.io plugin for PHP
from When to handle Socket.io notifications?
No comments:
Post a Comment