Hey there!
I’m currently working with the following setup:
- A WSS server that provides services using key credentials for authorization. I cannot change these credentials nor the server implementation.
- A WSS client library that exposes these key credentials, which I also cannot modify to obfuscate it.
This setup exposes the key credentials from the client side, which means the key could potentially be reused elsewhere. This is not desirable for security reasons.
Proposed Solution:
I plan to build a reverse WSS proxy using Cloudflare to sit between the WSS server and the WSS client. The idea is as follows:
- The client will be given a specific key (Key A) that encrypts the authorized domain. This key is only valid from the website where the WSS client is implemented.
- A script (possibly a Cloudflare Worker) will handle the authorization process by comparing the authorized domain encrypted in Key A with the origin domain.
Solution Diagram:
Client --(Key A, Encrypted Domain)--> CloudFlare Proxy --(Key Credentials)--> WSS Server
- Client sends requests with Key A, which includes the encrypted domain.
- Cloudflare Proxy intercepts the request.
- Cloudflare Worker script verifies the encrypted domain against the origin domain.
- If valid, the Proxy forwards the request to the WSS server using the key credentials.
Does this solution make sense? If so, do you have any pointers or resources on how to implement this?