feat(websocket): implement real-time sync with HMAC authentication an… #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…d fix folder moves
- Add complete WebSocket implementation for real-time note/folder synchronization
- JWT authentication with 30-second timeout
- Rate limiting (300 msg/min) and connection limits (20/user)
- Connection management with automatic cleanup
- Nonce-based replay attack prevention
- Fix critical folder move sync issue
- Add 'folderId' to allowed fields in note updates
- Enable real-time sync of note folder changes across devices
- Add comprehensive error logging for debugging
- Enhance security infrastructure
- Add security headers middleware (CSP, HSTS, XSS protection)
- Implement enhanced rate limiting middleware
- Fix TypeScript compilation issues
- Resolve Map iterator compatibility with ES2022 target
- Fix postgres module import issues
- Add downlevelIteration support for future compatibility
- Update comprehensive documentation
- Add WEBSOCKET_INTEGRATION.md with complete protocol specification
- Update README.md with current project structure and WebSocket features
- Update SECURITY.md with latest security features and recommendations
|
🎉 This PR is included in version 1.1.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Real-time WebSocket Sync + Folder Move Fix
Summary
Implements complete WebSocket real-time sync with HMAC authentication and fixes critical folder move sync bug.
Key Changes
folderIdchanges now broadcast properlyArchitecture
src/websocket/
├── auth/handler.ts # JWT + HMAC auth
├── handlers/notes.ts # Note sync (+ folder move fix)
├── middleware/ # Rate limiting & connections
└── index.ts # WebSocket manager
Critical Bug Fix
Before: Moving notes between folders didn't sync to other devices
After: Folder moves broadcast instantly via WebSocket
Root Cause:
folderIdmissing from allowed update fieldsFix: Added to
allowedFieldsarray in note handlerWebSocket Protocol
Environment Variables
WS_RATE_LIMIT_MAX_MESSAGES300WS_MAX_CONNECTIONS_PER_USER20WS_AUTH_TIMEOUT_MS30000Documentation
WEBSOCKET_INTEGRATION.mdwith complete protocol specTesting
Multi-device sync now works for:
Impact