How to Make an Actor Action Private and Restrict Client Invocation
I created an actor with an action called
https://github.com/novvaccaine/soonagi/blob/a2cc875872c1066f73b0b218ffbc90de10ecb091/packages/stream/src/registry.ts#L35
generateContent. I want to make this action private so that only the registry server can invoke it, and no clients can call this action directly. However, I still want clients to be able to subscribe to this actor without having permission to invoke the generateContent action.
Currently, I am using a simple apiKey approach to restrict access, but I am looking for a better or more secure way to achieve this.
For reference, here is the relevant code snippet:https://github.com/novvaccaine/soonagi/blob/a2cc875872c1066f73b0b218ffbc90de10ecb091/packages/stream/src/registry.ts#L35
GitHub
soonagi/packages/stream/src/registry.ts at a2cc875872c1066f73b0b218...
The AI Chat App. Contribute to novvaccaine/soonagi development by creating an account on GitHub.
4 Replies
hey! Interesting question!
each connection can have state - you can set there permissions for each connection, and when executing the action, you can check the connection state!
Rivet
Connections - Rivet
Connections represent client connections to your actor. They provide a way to handle client authentication, manage connection-specific data, and control the connection lifecycle.
But, what you have is also a good approach!
I see that you have onAuth callback set, so you can use that to attach additional information for each connection about permissions - what methods can be executed
ah ok, thanks 👍