Sails.js authorization for socket requests

浪子不回头ぞ 提交于 2020-01-01 09:15:13

问题


I'm trying to build a chat application based on sails.js. The url for messages from a specific chat looks like this:

/api/chat/:id/messages

When I request this url with XHR, it provides a session cookie and sails.js builds a session object. I can easily check user rights to read the messages from the specific chat.

However, I need to request this url with socket.io so that the client can subscribe to all future changes of the messages collection.

When I request this url with socket.io, no session cookie is set and the sails.js session is empty. So, I cannot check the user rights on the server-side.

I do understand that socket requests are not HTTP-requests. They don't provide any cookies on their own.

Is there any simple workaround?


回答1:


I found a way to get the session object which was set while socket.io handshaking. In your controller, you should do something like this:

myControllerAction: function(req, res) {
    var session = req.session;
    if (req.isSocket) {
        var handshake = req.socket.manager.handshaken[req.socket.id];
        if (handshake) {
            session = handshake.session;
        }
    }
    //session now contains proper session object
}

You can implement this in sails.js policy, and attach this policy to some controllers. But don't write you socket session into req.session! Otherwise, you'll get an error trying to respond to the client (original req.session is still used in some way). Instead, save it as req.socketSession or something like that.




回答2:


please send a JSONP request from your application before sending a socket request,that will create a cookie and accepts socket requests.




回答3:


You can do your initial login over the socket.post() instead of XHR, subsequent socket requests will be authorized.




回答4:


alevkon,in the above mentioned method you have to implement the same in all the controllers,because you don't know which controller is accessed for the first time...but by sending just one jsonp request you can create a cookie between client and server,the same cookie is used until the next session.



来源:https://stackoverflow.com/questions/18246681/sails-js-authorization-for-socket-requests

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!