node.js 使用 Socket.IO 进行授权和握手
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19106861/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Authorizing and handshaking with Socket.IO
提问by Joenel de Asis
I'm wondering what the main function of authorization and the handshake in Socket.IO is. I've already read their wiki and authorizing guideon GitHub but I still don't understand the following:
我想知道Socket.IO中授权和握手的主要功能是什么。我已经在 GitHub 上阅读了他们的 wiki 和授权指南,但我仍然不明白以下内容:
- How does the authorization work in Socket.io?
- What is the handshake in Socket.IO?
- Can I add anything to the
handshakeDataobject?
- Socket.io 中的授权是如何工作的?
- Socket.IO 中的握手是什么?
- 我可以向
handshakeData对象添加任何内容吗?
I hope you can answer my question. Thanks.
我希望你能回答我的问题。谢谢。
回答by hexacyanide
Edit:In Socket.IO 1.0, middleware is now used. Authorization can be done like so:
编辑:在 Socket.IO 1.0 中,现在使用中间件。授权可以这样完成:
io.use(function(socket, next) {
var handshake = socket.request;
next();
});
If you were to need to reject the socket, just pass an error object to the next()callback. The same thing can be done with namespaces:
如果您需要拒绝套接字,只需将错误对象传递给next()回调即可。命名空间也可以做同样的事情:
io.of('/namespace').use(function(socket, next) {
var handshake = socket.request;
next();
});
Authorization in Socket.IO is run through a function which is decided in a boolean that is passed by a callback. This function runs every time a connection attempts a handshake, and this is what it looks like:
Socket.IO 中的授权通过一个函数运行,该函数由回调传递的布尔值决定。每次连接尝试握手时,此函数都会运行,如下所示:
io.set('authorization', function (handshake, callback) {
callback(null, true);
});
The function callback()accepts two parameters. The first is the error reason, if any, and the second parameter is the boolean that decides if a client may connect or not. By default there is no authorization, so the scenario is shown in the code sample above, where the socket that is connecting is allowed passage with true.
该函数callback()接受两个参数。第一个是错误原因(如果有),第二个参数是决定客户端是否可以连接的布尔值。默认情况下没有授权,因此上面的代码示例中显示了该场景,其中允许连接的套接字通过true.
The handshake in Socket.IO is like any other information technology related handshake. It is the process of negotiation, which in Socket.IO's case, decides whether a client may connect, and if not, denies the connection. The handshake is initiated with either a XHR or JSONP request, and doesn't do much when no authorization is specified, but can be helpful in the data passed in the handshakedata object.
Socket.IO 中的握手就像任何其他与信息技术相关的握手一样。它是协商的过程,在 Socket.IO 的情况下,它决定客户端是否可以连接,如果不能,则拒绝连接。握手是通过 XHR 或 JSONP 请求发起的,在未指定授权时不会做太多事情,但有助于handshake数据对象中传递的数据。
To answer your last question, yes, you may add anything into the handshakeobject. The object is the same variable reference to the socket.handshakeobject, which allows you to do things like this:
要回答您的最后一个问题,是的,您可以在handshake对象中添加任何内容。该对象是该对象的相同变量引用socket.handshake,它允许您执行以下操作:
io.set('authorization', function (handshake, callback) {
handshake.foo = 'bar';
callback(null, true);
});
io.sockets.on('connection', function(socket) {
console.log(socket.handshake.foo); // bar
});
This is very useful, because you can store socket-based properties. A common use for this is with the Express framework, where one can identify the session ID based on the cookies passed by Socket.IO, which then a matching session can be identified.
这非常有用,因为您可以存储基于套接字的属性。对此的一个常见用途是与 Express 框架一起使用,其中可以根据 Socket.IO 传递的 cookie 识别会话 ID,然后可以识别匹配的会话。
回答by Marco Vereda Manchego
Since Socket.io 1.0 , Although there is backwards compatibility it is recommended to use "io.use()" in order to add your ad-hoc middleware, so in the Node Server side:
从 Socket.io 1.0 开始,虽然有向后兼容性,但建议使用“io.use()”来添加您的临时中间件,因此在节点服务器端:
io.use(function(socket, next){
var joinServerParameters = JSON.parse(socket.handshake.query.joinServerParameters);
if (joinServerParameters.token == "xxx" ){
next();
} else {
//next(new Error('Authentication error'));
}
return;
});
And on the client side, to add your own attribute to the handshake, it would look like this:
在客户端,要将您自己的属性添加到握手中,它看起来像这样:
var joinServerParameters = { token: "xxx" };
var socket = io.connect('url' , {query: 'joinServerParameters=' + JSON.stringify(joinServerParameters) });
回答by Diogo Garcia
Right now i'm using this simple method:
现在我正在使用这个简单的方法:
io.set('authorization', function (handshakeData, accept) {
var domain = handshakeData.headers.referer.replace('http://','').replace('https://','').split(/[/?#]/)[0];
if('myDomain.com'==domain)
accept(null, true);
else
return accept('Deny', false);
});
回答by Vora Ankit
i know that it too late but i would like to add the information where i found very good article about handshake authorization using the socket.io.
我知道为时已晚,但我想添加有关使用 socket.io 进行握手授权的非常好的文章的信息。
回答by Toxxxiczny
IN THIS CASE
在这种情况下
io.set('authorization', function (handshake, callback) {
handshake.foo = 'bar';
callback(null, true);
});
io.sockets.on('connection', function(socket) {
console.log(socket.handshake.foo); // bar
});
socket.handshake.foo will give undefined
socket.handshake.foo 将给出 undefined
we need to call socket.request.foohere for proper value
我们需要在这里调用socket.request.foo以获得正确的值
somebody has misled us because io auth middleware takes 2 parameters with PROPER NAMES as following (request,callback)not (handshake, callback) PS: idk maybe prev io versions had 2nd scenario :)
有人误导了我们,因为 io auth 中间件需要 2 个带有PROPER NAMES 的参数,如下所示(请求、回调)而不是(握手、回调) PS:idk 可能 prev io 版本有第二个场景 :)
io.set('authorization', function (request, callback) {
request.foo = 'bar';
callback(null, true);
});
