Place Neuralyzer Server in charge of generating and issuing connected user ids
benduran opened this issue · comments
Currently, it is possible for a client to provide a userid property when they connect to Neuralyzer. This is horrible 💣 and prone to exploitation.
Acceptance Criteria
- Remove userid query param on connections
- Generate a uuid on the server as the connected user's userid
- Allow server to return an auth token when the user connects. Auth token will be used to revalidate a user when they disconnect and reconnect within the timeout threshold