关于 mqtt 消息传递实现的建议 [英] advice on mqtt messaging implementation
问题描述
由于多次失败,我正在使用 MQTT 开发消息传递应用程序.
I'm developing a messaging app using MQTT, after moving off GCM due to multiple failures.
我有一个在线服务器代理,一个客户端连接和订阅它,并接收订阅主题的消息.
I have a server broker online, and a client connecting and subscribing to it, and receiving messages of subscribed topics.
现在我正在考虑订阅什么和发送什么消息.我有一个用于 GCM 实现的服务器(用户 ID,谷歌密钥);我想我不再需要那个了吗?我想过使用用户 ID 订阅代理,如果用户 B 想向用户 A 发送消息,那么 B 将消息发布到 A 用户的 ID 主题……但是通过这种实现,任何人都可以嗅探"订阅随机 ID 的对话.
Now I'm thinking about to what to subscribe to and what message to send. I have a server for the GCM implementation (user id, google key); I think I don't need that anymore? I thought about subscribing to the broker with the user ID and if user B wants to send a message to user A, then B publish a message to the A user's ID topic... but with that kind of implementation, anyone could "sniff" conversations subscribing to random IDs.
所以,我有一个可以工作的 MQTT 服务器和客户端,但我不知道如何正确地将它们用于消息传递应用程序......
So, I have a working MQTT server and client, and I don't know how to correctly use them for a messaging app...
我可以考虑一下,但我怀疑这将是一个众所周知的问题,并且有一个已知的解决方案......
I could think about it, but I suspect this would be a well known problem with an already known solution...
非常感谢!
推荐答案
我认为解决方案的关键是选择合适的寻址方案和配置 ACL.我会先尝试总结一下需求:
I think that the key for solution is the choice of proper addressing scheme and configuration of ACL. I will try to summarize requirements first:
- 用户 A(接收者)应该能够看到任何人发送给它的所有消息
- 用户 B(发件人)应该能够向任何人发送消息
假设您使用以下主题结构:/messages/{targetUserId}.为了集中注意力,我们还假设您可以根据凭据或证书在代理端识别用户.如果不是这种情况,请告诉我.
Let's assume that you use following topic structure: /messages/{targetUserId}. Let's also assume for a sake of being focused that you can identify user on the broker side based on either credentials or certificate. Please let me know if this is not the case.
您可以在 mosquitto 中创建 ACL 规则,以允许具有 targetUserId 的用户读取 /messages/{targetUserId} 主题.有关规则定义格式的详细信息,请参阅 mosquitto.conf 文档.第一个要求将得到满足.
You could create ACL rules in mosquitto to allow user with targetUserId to read from the /messages/{targetUserId} topic. See mosquitto.conf documentation for the details of the rule's definition format. The first requirement will be fulfilled.
您需要另一个 ACL 规则来允许每个人使用 /messages/# 地址写入主题.这将满足第二个要求.
You would need another ACL rule to allow everybody to write to the topic with /messages/# address. This would fulfill second requirement.
因此,用户可以向任何人发送消息,但不允许订阅其他人的消息.
As a result users would be able to send messages to anybody but won't be allowed to subscribe to someone else's messages.
但是,除非您有一组预定义的规则,否则为所有用户静态创建所有可能的规则可能不切实际.相反,实现您自己的身份验证插件并通过 auth_plugin 设置在 mosquitto.conf 中配置它.或者使用灵活的 mosquitto-auth-plug.这篇博文提供了关于如何配置和使用它.
However, static creation of all possible rules for all users might not be practical unless you have set of predefined ones. Instead, implement your own authentication plugin and configure it in mosquitto.conf via auth_plugin setting. Or use flexible mosquitto-auth-plug. This blog post provides basic details on how to configure and use it.
这篇关于关于 mqtt 消息传递实现的建议的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
