TsgcWSAPIKeyManager › Methods › IsMessageAllowed
Server hook called for every inbound message; IP-level no-op by default.
function IsMessageAllowed(const aIP: string; const aMessage: string = ''): Boolean;| Name | Type | Description |
|---|---|---|
aIP | const string | Peer IP of the connection sending the message. |
aMessage | const string | Raw message payload. Ignored by the default implementation; subclasses may inspect it. |
True by default. Returns False only when the IP fails IsConnectionAllowed (that is, when Enabled is True, FailClosed is True, the IPAllowlist is non-empty and the IP is not in it). (Boolean)
Per-message hook invoked automatically by the server for every inbound frame. The stock implementation re-checks the IP allowlist and lets every message through otherwise — API-key authentication is not repeated per message (the initial handshake has already established identity). Override in a subclass if you need payload-based filtering. Do not perform expensive work here: this is on the hot path of every WebSocket frame.
// Custom subclass adding payload-based filtering
function TMyAPIKeyManager.IsMessageAllowed(const aIP, aMessage: string): Boolean;
begin
Result := inherited IsMessageAllowed(aIP, aMessage);
if Result and (Length(aMessage) > 1024 * 1024) then
Result := False; // reject oversized frames
end;