Authentication on a very low level TCP Server written for Node.JS?

Question

How do I implement something similar to the HTTP Basic authentication, in a TCP server written for Node.JS? The code for a basic TCP server is the following:

// Load the net module to create a tcp server.
var net = require('net');

// Setup a tcp server
var server = net.createServer(function (socket) {

  // Every time someone connects, tell them hello and then close the connection.
  socket.addListener("connect", function () {
    console.log("Connection from " + socket.remoteAddress);
    socket.end("Hello World\n");
  });

});

// Fire up the server bound to port 7000 on localhost
server.listen(7000, "localhost");

// Put a friendly message on the terminal
console.log("TCP server listening on port 7000 at localhost.");

Answer 1

While there are several ways to provide authentication over a TCP connection, all require some form of "protocol" being an agreed-upon communications grammar/syntax.

For example, in the Simple Mail Transport Protocol, the following conversation occurs (where S: and C: designate lines provided by the SMTP server and email client, respectively):

S: 220 server.example.com
C: HELO client.example.com
S: 250 server.example.com
C: MAIL FROM:<sender@example.com>
S: 250 2.1.0 sender@example.com... Sender ok
C: RCPT TO:<recipient@example.com>
S: 250 recipient <recipient@example.com> OK
C: DATA
S: 354 enter mail, end with line containing only "."
C: full email message appears here, where any line
C: containing a single period is sent as two periods
C: to differentiate it from the "end of message" marker
C: .
S: 250 message sent
C: QUIT
S: 221 goodbye

In replies from the server, the initial numeric value indicates the success or failure of the requested operation, or that the reply contains an informational message. Using a three digit numeric value allows for efficient parsing as all replies beginning with 2xx indicate success, 3xx are informational, 4xx indicate protocol errors, and 5xx are reserved for server errors. See IETF RFC 5321 - http://tools.ietf.org/html/rfc5321 for the full protocol.

So in your specific case, you might consider something as simple as:

[connect to TCP server]
S: ?                    # indicates the server is ready for authorization

C: username password   # send authentication credentials

The server would then reply with:

S: !                    # indicates successful authentication and 
                        # that server is ready for more commands 

Or

S: ?                    # indicates authentication failure

If too many failed attempts to authenticate are seen, the server might sever the connection to reduce the potential for abuse, such as DDOS attacks.

Once authenticated, the client could send:

C: >                    # begin streaming

Or any other command you which to support.