[Feature]: need Request in static onAuth

[hunkydoryrepair]

Context & Description

with the switch to static onAuth, the biggest issue we face is not being able to access the Request object.
That is needed to get the player IP address.

Use cases

allowing switch to static onAuth for any game that uses the Request object.

Proposed API

pass Request object to the static onAuth as a new parameter.

[endel]

Hi @hunkydoryrepair, thanks for the feedback.

For the uWebSockets transport I had to pass a "mocked" version of the request due to the optimizations uWebSockets does internally pruning the instance. (request is not available on async calls)

So far only the headers are present in that mocked object: 600534c

Can you share how are you currently retrieving the IP address from the uWebSockets' so we can include it as well?

I think this is a good opportunity to start thinking on unifying all transports into a single API. For WebTransport I'm afraid we'll need a similar approach.

The mocked structure would look like this so far:

{
  ip: "xxx.xxx.xxx.xxx",
  headers: {
    key: "value"
  },
}

(Might be a good idea to provide URLs, protocol, paths, etc as well 🤔 )

[endel]

On the regular ws library this is the recommendation we have in the documentation, but I'm afraid it doesn't cover all cases, using behind a proxy and/or different load-balancers:

request.headers['x-forwarded-for'] || request.socket.remoteAddress

[hunkydoryrepair]

Sorry, I guess I was referring to an earlier version that did not pass in the request at all (at least, was not documented). Yes, we use x-forwarded-for and the request.connection.remoteAddress...I've never seen a request.socket on the request, so that's odd.

The issue we have remaining is we need the options passed to joinById. We have a lot of data we need to do our authentication in the options passed in:

this.client.joinById( roomId, {
        mapId,
        token: token || 'iamguest',
        isGuest: !token,
        cryptoWallet: {...},
        username,
        world: worldId,
        ver: GAME_CLIENT_VERSION,
        ...spawnParams,
        avatar: !!token || !avatar ? '' : JSON.stringify(avatar),
        lastSavedAt,
        recaptchaKey,
      }

We check bots, require a matching client version, require our own token registered with Stytch, we validate that the player hasn't changed since with authenticated using the save date, etc. We need it all. Switching to static onAuth not an option without the data.

[hunkydoryrepair]

We do other checks, too, that require the room state, but those can probably be moved to onJoin

[hunkydoryrepair]

can close this. would be nice to have the options in the onAsync, but not required.

[endel]

Thanks @hunkydoryrepair, let's keep this open for discussion, though - as I think for v1.0 we could provide a unified "request/context" object that is the same for every transport during static onAuth 🙏