Page MenuHomePhabricator
Create Task
Maniphest T5344

Multiplex AJAX calls from Aphlict clients through the JX.Leader
Closed, ResolvedPublic
Actions

Description

Multiplex AJAX calls to /notification/individual/ through the JX.Leader so that there is a single request for each notification (instead of one request per client)

Original Description
Currently, the Aphlict Server only makes clients aware of notifications. The client then makes an AJAX call to /notification/individual/ to retrieve the actual contents of the notification.

It would be better to have the Aphlict Server transmit the contents of the notification directly. This would require authentication between the client and server, which may be complicated.

Revisions and Commits

rP Phabricator
D11360rP4135752490b8 Multiplex AJAX calls

Related Objects
Search...

Event Timeline

joshuaspence created this task.Jun 13 2014, 3:32 AM
joshuaspence raised the priority of this task from to Normal.
joshuaspence updated the task description. (Show Details)
joshuaspence added a project: Aphlict.
joshuaspence added a subscriber: joshuaspence.
epriestley added a subscriber: epriestley.Jun 13 2014, 4:43 AM

I'm not really sure this is ever really desirable: it's much easier to add more web frontends (especially after T4209, basically just spin up as many as you want) than scale out the notification infrastructure, and adding authentication to the node server probably creates a great deal of ongoing complexity (the code needs to be kept in sync forever, and the node sever needs to get way more complicated).

Beyond authentication concerns, interpreting data from the node server as HTML also creates a risk that we don't have right now: if an attacker finds an XSS hole in notifications, they can hypothetically push notifications out and XSS all connected users. This risk is small, but such an attack could be severe. Right now, we never treat anything on the notification channel as HTML, and all the stuff from the webserver goes through the standard rendering stack.

Basically, I'd worry that this optimizes for a local minimum, where users approximately fit on one web frontend. If you had many more users and several web frontends, scaling pressure on the frontends would become much easier to deal with than scaling pressure on the notification server.

(In the very long term, I imagine scaling the notification server by spreading it across multiple machines and subscribing it to other instances of itself -- that is, "child" servers would connect to a "parent" server over the same API that Flash uses, and just subscribe to all PHIDs. This also gets far more complicated if it has to do auth.)

epriestley added a comment.Jun 13 2014, 4:48 AM

One thing that may be worth doing is making the master do the Ajax call, then passing the data onto the other local browser clients. However, we're limited in our ability to do this for some notification types (e.g., Conpherence messages need to make a call that depends on per-window state) and I'm not sure how common it is for users to have enough tabs open for this to matter much.

We could also do something like pause updates of notifications when windows are in the background, and then just update once (to get the complete current state) when the window is focused.

andrew19 edited this Maniphest Task.Jun 13 2014, 11:04 AM
epriestley edited this Maniphest Task.Jun 13 2014, 12:06 PM
joshuaspence renamed this task from Aphlict Server should transmit notifications instead of clients making an AJAX call to Multiplex AJAX calls from Aphlict clients through the `AphlictMaster`.Jul 10 2014, 4:47 PM
joshuaspence updated the task description. (Show Details)
joshuaspence claimed this task.Oct 12 2014, 9:32 PM
epriestley added a parent task: T5364: Conpherence v2 (Original Discussion).Jan 6 2015, 1:32 AM
epriestley added a subtask: T6559: Change notification system implementation not to require Flash.Jan 6 2015, 3:51 AM

T6559 may obsolete this.

epriestley closed subtask T6559: Change notification system implementation not to require Flash as Resolved.Jan 8 2015, 6:03 PM
joshuaspence removed joshuaspence as the assignee of this task.Jan 9 2015, 7:27 AM
joshuaspence claimed this task.Jan 12 2015, 11:37 PM
epriestley renamed this task from Multiplex AJAX calls from Aphlict clients through the `AphlictMaster` to Multiplex AJAX calls from Aphlict clients through the JX.Leader.Jan 12 2015, 11:38 PM
epriestley updated the task description. (Show Details)
joshuaspence added a revision: D11360: Multiplex AJAX calls.Jan 13 2015, 8:03 AM
joshuaspence closed this task as Resolved by committing rP4135752490b8: Multiplex AJAX calls.Jan 15 2015, 8:12 PM
joshuaspence added a commit: rP4135752490b8: Multiplex AJAX calls.
Phabricator · Built by Phacility