Allow Public RPC Registration

[thegoldenmule]

Full description of the problem is here: #537

Proposed Solution:

I added a new method, RegisterPublicRpc (and register_public_rpc for Lua). This method allows you to register RPCs that do not require authentication.

An end-to-end test is included in runtime_test.go, named TestRuntimeRegisterPublicRPCWithPayloadEndToEnd. This successfully calls a public RPC without any HTTP key.

Most of the work is in api_rpc.go, and there are a few specific details to note:

1. Previously, metrics were being gathered for RPC calls without an RPC id or with a bad RPC id. This check was moved forward to simplify some logic and so metrics are no longer gathered in those circumstances.

2. The simplest method of bypassing auth was simply to branch. This means that the userId and username will be empty for public RPC handlers, regardless of whether or not they are authenticated. There are a couple other cases in which the handler would have been called with uid and username, but I specifically stripped that data out to guarantee that those values will always be empty. This seems like desired behavior, but obviously up to you.

[thegoldenmule]

@novabyte Hi there, any indication on how this is being received internally? It'd be great to understand if this is something that your team thinks could be accepted.

[novabyte]

@thegoldenmule Thanks for the ping. I'll make sure its added to our next internal Nakama meeting so we can make suggestions. /cc @zyro

[waldobronchart]

Friendly ping on this, I'm waiting on this feature too.

[thegoldenmule]

@novabyte Any news?

[MaksArh]

friendly ping, any news?

[thegoldenmule]

Any news @novabyte? Or perhaps from @zyro the hero?

[zyro]

We're looking to include this change in a Nakama release by end of this month. 👍

[MaksArh]

what about anonym auth with device? i think its looks like a solution now

[thegoldenmule]

w0000000000 let's GO

[thegoldenmule]

what about anonym auth with device? i think its looks like a solution now

@MaksArh Unless I'm misunderstanding you, that is already supported. See https://heroiclabs.com/docs/nakama/concepts/authentication/#device

[MaksArh]

what about anonym auth with device? i think its looks like a solution now

@MaksArh Unless I'm misunderstanding you, that is already supported. See https://heroiclabs.com/docs/nakama/concepts/authentication/#device

I mean, if you need to use rpc before authentication (for example, 2fa), you can use a temporary (anonymous) login via the device

[thegoldenmule]

Oh I see what you mean. Yah, potentially possible but obviously not ideal for a number of reasons. We don't want to have to create accounts to get public data, device login or not. It would be very tricky to get right, especially for users that actually do use device login, but for whom we want to cohort for login itself.