Composed WebSocket endpoint registration — the idiomatic consumer entry point for mounting a fuz_app WS endpoint.
Wraps the standard upgrade stack every consumer writes by hand:
1. verify_request_source(allowed_origins) — reject disallowed origins
before the upgrade handshake runs.
2. require_auth — reject unauthenticated upgrades.
3. Authorization phase — resolve the acting actor against the
authenticated account plus an optional ?acting=<uuid> query string,
and build the RequestContext that per-message dispatch reads.
Multi-actor accounts must supply ?acting to pick a persona;
single-actor accounts work without it.
4. Optional require_role(required_role) — for endpoints gated to a
specific role.
Then delegates to register_action_ws for per-message JSON-RPC dispatch.
2 declarations
actions/register_ws_endpoint.ts view source
(options: RegisterWsEndpointOptions): RegisterActionWsResult Mount a WebSocket endpoint with the standard upgrade stack (origin check + auth + actor resolution + optional role) and JSON-RPC dispatch.
Returns the BackendWebsocketTransport (supplied or freshly
created), same as register_action_ws — retain it to wire
create_ws_auth_guard on on_audit_event or to broadcast.
optionsRegisterActionWsResult actions/register_ws_endpoint.ts view source
RegisterWsEndpointOptions Options for register_ws_endpoint.
allowed_originsOrigin allowlist regexes — typically parsed from the ALLOWED_ORIGINS
env var via parse_allowed_origins. Passed straight to
verify_request_source.
Array<RegExp>required_roleRole required to upgrade. Omit for any authenticated account
(require_auth + actor resolution alone); set to e.g. ROLE_ADMIN
to gate the endpoint behind a role. The per-action auth in each
spec still applies at dispatch time — this is a coarse upgrade-time
gate.