[help] How to authenticate the web socket?

brenthmiras7 years ago

I need to consume the web socket the web interface uses to update device status, postions etc...
I will be using it in the app I am creating.
I tried testing it in an online web socket tester: click here and noticed that it can only connect if you are logged in to the traccar web interface.
Is there any way I can consume this web socket server without logging in (at least manually) in the web interface?

Anton Tananaev7 years ago

You can create a session using "/api/session" endpoint.

brenthmiras7 years ago

Where is that session stored? Is that a cookie I need to pass when connecting to web socket server? How does the server authenticate a session obtained from /api/session?

brenthmiras7 years ago
POST /api/session only returns
{
    "id": 1,
    "attributes": {},
    "name": "admin",
    "email": "admin",
    "readonly": false,
    "admin": true,
    "map": "osm",
    "distanceUnit": "km",
    "speedUnit": "kmh",
    "latitude": 12.8797,
    "longitude": 121.774,
    "zoom": 7,
    "twelveHourFormat": false,
    "password": null
}

Where is the session id?

Anton Tananaev7 years ago

The session is stored in the cookie header.

brenthmiras7 years ago

In traccar-web code,
https://github.com/tananaev/traccar-web/blob/master/web/app/view/LoginController.js#L49
Successful login (POST /api/session), only stores the response body.

However, testing (POST /api/session) in my postman rest client, returns a cookie:
cookie

My question is, how and where is this cookie stored? Is it (cookie sent by server) automatically saved when a successful (POST /api/session) is executed? Or is it manually stored by the traccar-web interface? If so, can you please give me a link to that code?

Anton Tananaev7 years ago

Cookies are stored by the browser automatically.

brenthmiras7 years ago

I can successfully request a session in my postman reset client. But in my angular app, the xhr returns 401 even with the correct credentials. How is the access control allow origins header of traccar server configured? How can my web app access the api?

Anton Tananaev7 years ago

Have you set "web.origin" in the config to allow CORS?

maxw3ll7 years ago

Did you get it to work brenthmiras? I face the same difficulties. I seem to get back a cookie when I look into chrome dev tools, but don't know how to access it in Angular 1.5

maxw3ll7 years ago

OK, it is working now. All I was missing was to set the "withCredentials" flag for $http than the cookie will be used automatically as it seems.