SocketCluster - A Highly parallelized WebSocket server cluster to make the most of multi-core machines/instances.
Complete documentation available at: http://socketcluster.io/
14 November 2014 (v1.0.1)
Updated http://socketcluster.io/ documentation (partially).
v1.0.1 is not a drop-in upgrade. It involves some major changes to the client-side API (documented on website). Before this version, SC made no explicit distinction between pub/sub channels and regular client <=> server events. By listening to an event, the socket was implicitly subscribing to a channel by the same name. This feature was nice but it also masked a lot of the complexity behind SC and made handling events vs channels ambiguous and took away flexibility from the developer.
The goal of this release is to make SC a viable open-source alternative to commercial realtime services like PubNub, Pusher, Firebase, etc... But without you having to give up control over your backend.
Here is some sample code which demonstrates how to use the new API:
// Subscribe to a channelvar fooChannel = socketsubscribe'foo';// orsocketsubscribe'foo'; // We don't necessarily need the channel object
// Subscribe events// Note that subscribe will only fail if explicitly blocked by middleware.// If the connection drops out, the subscription will stay pending until// the connection comes back.fooChannelon'subscribeFail'// ...;fooChannelon'subscribe'// ...;socketon'subscribeFail'// ...;socketon'subscribe'// ...;
// Watch incoming channel datafooChannelwatch// This function will run whenever data is published// to the foo channel.;// orsocketwatch'foo'// This function will run whenever data is published// to the foo channel.;
// Publish data to a channelfooChannelpublish12345; // publish from channel// orsocketchannel'foo'publish12345; // same as above// orsocketpublish'foo' 12345; // publish from socket// orsocketpublish'foo' a: 123 b: 4; // objects are valid too
fooChannelunsubscribe; // unsubscribe from channel// orsocketunsubscribe'foo'; // unsubscribe using socket
// Emit events between client and server.// This is the same as before.socketemit'greeting' from: 'alice' message: 'Hello';
// Listen to events emitted on socket.// Same as before.socketon'greeting'// ...;
SocketCluster is a fast, highly scalable HTTP + realtime server engine which lets you build multi-process realtime servers that make use of all CPU cores on a machine/instance. It removes the limitations of having to run your Node.js server as a single thread and makes your backend resilient by automatically recovering from worker crashes and aggregating errors into a central log.
Follow the project on Twitter: https://twitter.com/SocketCluster Subscribe for updates: http://socketcluster.launchrock.com/
SocketCluster has been tested for memory leaks. The last full memory profiling was done on SocketCluster v0.9.17 (Node.js v0.10.28) and included checks on load balancer, worker and store processes.
No memory leaks were detected when using the latest Node.js version. Note that leaks were found when using Node.js versions below v0.10.22 - This is probably the Node.js 'Walmart' memory leak - Not a SocketCluster issue.
- Jonathan Gros-Dubois
- Nelson Zheng
- wactbprot (nData)
- epappas (nData)
- Gabriel Muller
There are two ways to install SocketCluster.
Setup the socketcluster command:
npm install -g socketcluster
sudo npm install -g socketcluster
socketcluster create myapp
Once it's installed, go to your new myapp/ directory and launch with:
Access at URL http://localhost:8000/
npm install socketcluster
You will also need to install the client separately which you can get using the following command:
npm install socketcluster-client
The socketcluster-client script is called socketcluster.js (located in the main socketcluster-client directory)
- You should include it in your HTML page using a <script> tag in order to interact with SocketCluster. For more details on how to use socketcluster-client, go to https://github.com/topcloud/socketcluster-client
It is recommended that you use Node.js version >=0.10.22 due to memory leaks present in older versions.
In order to run SocketCluster over HTTPS, all you need to do is set the protocol to 'https' and provide your private key and certificate as a start option when you instantiate SocketCluster - Example:
var socketCluster =balancers: 1workers: 3stores: 3port: 8000appName: 'myapp'workerController: 'worker.js'protocol: 'https'protocolOptions:key: fsreadFileSync__dirname + '/keys/enc_key.pem' 'utf8'cert: fsreadFileSync__dirname + '/keys/cert.pem' 'utf8'passphrase: 'passphase4privkey';
The protocolOptions option is exactly the same as the one you pass to a standard Node HTTPS server: http://nodejs.org/api/https.html#https_https_createserver_options_requestlistener
Note that encryption/decryption in SocketCluster happens at the LoadBalancer level (SocketCluster launches one or more lightweight load balancers to distribute traffic evenly between your SocketCluster workers). LoadBalancers are responsible for encrypting/decrypting all network traffic. What this means is that your code (which is in the worker layer) will only ever deal with raw HTTP traffic.
Note that SC lets your store your authentication tokens anywhere you like; a database of your choice, Redis...
SocketCluster also lets you store session data using the socket.session object. This object gives you access to a cluster of in-memory stores called nData. nData is mostly used internally to allow workers to communicate with one another but it's also useful to store session-specific data. Note that if you want a user's auth token to span multiple sessions (so that user doesn't have to log in again after their session expires), then you might want to use a database to store the auth token instead of using the session object.
If you decide to use the socket.session object, you can invoke any of the methods documented here to store and retrieve session data: https://github.com/topcloud/ndata
For example, to authorize a user, you could check their login credentials and upon success, you could add an auth token to that session:
socketsessionset'isUserAuthorized' true callback;
Then, on subsequent events, you could check for that token before handling the event:
socketsessionget'isUserAuthorized'if value// Token is set, therefore this event is authorized;
The session object can also be accessed from the req object that you get from SocketCluster's HTTP server 'req' event (I.e. req.session).
SocketCluster provides two middleware lines for filtering out sockets and events.
MIDDLEWARE_HANDSHAKE middleware for filtering out sockets based on session data:
scServeraddMiddlewarescServerMIDDLEWARE_HANDSHAKEreqsessionget'isUserAuthorized'if valuenext;elsenext'Session ' + reqsessionid + ' was not authorized';;;
MIDDLEWARE_EVENT middleware for filtering out individual events:
scServeraddMiddlewarescServerMIDDLEWARE_EVENTif event == 'bla'next'bla event is not allowed for socket ' + socketid + ' on session ' + socketsessionid;elsenext;;
- More integration test cases needed
- Unit tests
- Efficiency/speed - faster is better!
To contribute; clone this repo, then cd inside it and then run npm install to install all dependencies.
(The MIT License)
Copyright (c) 2013-2015 TopCloud
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.