node.js 使用 JWT 验证套接字 io 连接
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/36788831/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Authenticating socket io connections using JWT
提问by el_pup_le
How can I authenticate a socket.io connection? My application uses a login endpoint from another server (python) to get a token, how can I get use that token whenever a user opens a socket connection on the node side?
如何验证 socket.io 连接?我的应用程序使用来自另一台服务器 (python) 的登录端点来获取令牌,每当用户在节点端打开套接字连接时,我如何才能使用该令牌?
io.on('connection', function(socket) {
socket.on('message', function(message) {
io.emit('message', message);
});
});
And the client side:
和客户端:
var token = sessionStorage.token;
var socket = io.connect('http://localhost:3000', {
query: 'token=' + token
});
If the token is created in python:
如果令牌是在 python 中创建的:
token = jwt.encode(payload, SECRET_KEY, algorithm='HS256')
How can I use this token to authenticate a socket connection in node?
如何使用此令牌来验证节点中的套接字连接?
回答by hassansin
It doesn't matter if the token was created on another server. You can still verify it if you have the right secret key and algorithm.
令牌是否是在另一台服务器上创建的并不重要。如果您拥有正确的密钥和算法,您仍然可以验证它。
Implementation with jsonwebtokenmodule
用jsonwebtoken模块实现
client
客户
var token = sessionStorage.token;
var socket = io.connect('http://localhost:3000', {
query: {token: token}
});
Server
服务器
var io = require('socket.io')();
var jwt = require('jsonwebtoken');
io.use(function(socket, next){
if (socket.handshake.query && socket.handshake.query.token){
jwt.verify(socket.handshake.query.token, 'SECRET_KEY', function(err, decoded) {
if(err) return next(new Error('Authentication error'));
socket.decoded = decoded;
next();
});
} else {
next(new Error('Authentication error'));
}
})
.on('connection', function(socket) {
// Connection now authenticated to receive further events
socket.on('message', function(message) {
io.emit('message', message);
});
});
Implementation with socketio-jwtmodule
用socketio-jwt模块实现
This module makes the authentication much easier in both client and server side. Just check out their examples.
该模块使客户端和服务器端的身份验证更加容易。只需查看他们的示例。
client
客户
var token = sessionStorage.token;
var socket = io.connect('http://localhost:3000');
socket.on('connect', function (socket) {
socket
.on('authenticated', function () {
//do other things
})
.emit('authenticate', {token: token}); //send the jwt
});
Server
服务器
var io = require('socket.io')();
var socketioJwt = require('socketio-jwt');
io.sockets
.on('connection', socketioJwt.authorize({
secret: 'SECRET_KEY',
timeout: 15000 // 15 seconds to send the authentication message
})).on('authenticated', function(socket) {
//this socket is authenticated, we are good to handle more events from it.
console.log('hello! ' + socket.decoded_token.name);
});
回答by Vikash Sharma
you can use this url.
你可以使用这个网址。
var socket = SocketIOClient(socketURL: URL(string: "http://00.00.00.00:port")!, config: SocketIOClientConfiguration(arrayLiteral: SocketIOClientOption.connectParams(["token": "your secret key"])))
