Hi Jens, Sorry again for the delay in replying.
The trick here is that you want to construct your "bootstrap" capability with knowledge of the client, and pass that knowledge on to any capabilities that you pass to that client. So you'd end up with a different server object for each connected client. This approach plays nicely with Cap'n Proto's capability-based security model, whereas attaching authentication information to individual RPC calls would go against capability-based security. This becomes especially important in scenarios where lots of different objects are being passed around between a bunch of nodes. The C++ RPC implementation has something called "BootstrapFactory" which helps you arrange to create a new bootstrap for each client. -Kenton On Thu, Dec 16, 2021 at 11:41 AM Jens Alfke <jens.al...@gmail.com> wrote: > Now that I've implemented authenticated connections, *I need my > server-side methods to be able to find out the identity (public key) of the > connected peer*. So for example, my method > LibraryImpl::checkoutBook(isbn) needs to check the identity of the client > (as given in the SecretHandshake when connecting) to determine if they have > permission to get that book. > > (A different example that doesn't involve SecretHandshake is one where a > server-side method wants to look at the IP address of the client. Or, if > using TLS, the client's TLS cert.) > > What's the best way to do this? I'm using my modified version of > EzRpcServer, and I'm getting familiar with its innards but I can't claim to > really understand this stuff yet. It appears that the "mainInterface" > capability vended by the server is a singleton, shared by all clients, so I > can't stuff per-client info into it. The point of vending is the restore() > method, but that method can't tell what client it's being called on behalf > of... > > --Jens > > -- > You received this message because you are subscribed to the Google Groups > "Cap'n Proto" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to capnproto+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/capnproto/b89502d7-8450-4f97-8c3a-ffdb9a4b4663n%40googlegroups.com > <https://groups.google.com/d/msgid/capnproto/b89502d7-8450-4f97-8c3a-ffdb9a4b4663n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Cap'n Proto" group. To unsubscribe from this group and stop receiving emails from it, send an email to capnproto+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/capnproto/CAJouXQnDMph%2BbzM-3yF1031axNGnFd-J21NRD_cEpeexMjV8gQ%40mail.gmail.com.
