el_*_*_le 66 token node.js flask socket.io
如何验证socket.io连接?我的应用程序使用来自另一台服务器(python)的登录端点来获取令牌,每当用户在节点端打开套接字连接时,我如何才能使用该令牌?
io.on('connection', function(socket) {
socket.on('message', function(message) {
io.emit('message', message);
});
});
而客户方:
var token = sessionStorage.token;
var socket = io.connect('http://localhost:3000', {
query: 'token=' + token
});
如果令牌是在python中创建的:
token = jwt.encode(payload, SECRET_KEY, algorithm='HS256')
如何使用此令牌验证节点中的套接字连接?
has*_*sin 148
令牌是否在另一台服务器上创建并不重要.如果您有正确的密钥和算法,您仍然可以验证它.
jsonwebtoken模块实现客户
var token = sessionStorage.token;
var socket = io.connect('http://localhost:3000', {
query: {token: token}
});
服务器
var io = require('socket.io')();
var jwt = require('jsonwebtoken');
io.use(function(socket, next){
if (socket.handshake.query && socket.handshake.query.token){
jwt.verify(socket.handshake.query.token, 'SECRET_KEY', function(err, decoded) {
if(err) return next(new Error('Authentication error'));
socket.decoded = decoded;
next();
});
} else {
next(new Error('Authentication error'));
}
})
.on('connection', function(socket) {
// Connection now authenticated to receive further events
socket.on('message', function(message) {
io.emit('message', message);
});
});
socketio-jwt模块实现此模块使客户端和服务器端的身份验证变得更加容易.看看他们的例子吧.
客户
var token = sessionStorage.token;
var socket = io.connect('http://localhost:3000');
socket.on('connect', function (socket) {
socket
.on('authenticated', function () {
//do other things
})
.emit('authenticate', {token: token}); //send the jwt
});
服务器
var io = require('socket.io')();
var socketioJwt = require('socketio-jwt');
io.sockets
.on('connection', socketioJwt.authorize({
secret: 'SECRET_KEY',
timeout: 15000 // 15 seconds to send the authentication message
})).on('authenticated', function(socket) {
//this socket is authenticated, we are good to handle more events from it.
console.log('hello! ' + socket.decoded_token.name);
});
小智 8
由于我没有足够的声誉来添加评论到接受的答案:
const socketioJwt = require('socketio-jwt');
实际上并不属于 auth0 的存储库,而是基于第三方社区的软件包。
上面的答案应该更新,因为 auth0 存储库的链接是第 404 页。
在这里我写了一篇关于如何在套接字上对用户进行身份验证并保存用户数据的深入文章
https://medium.com/@tameemrafay/how-to-authenticate-user-and-store-the-data-in-sockets-19b262496feb
客户端代码
import io from "socket.io-client";
const SERVER = "localhost:4000";
const socket = io(SERVER, {
auth: {
token: "2c87b3d5412551ad69aet757f81f6a73eb919e5b02467aed419f5b2a9cce2b5aZOzgaM+bpKfjdM9jvez37RTEemAp07kOvEFJ3pBzvj8="
}
});
socket.once('connect', (socketConnection) => {
console.log('socket connected', socketConnection);
})
// Emit the message and receive data from server in callback
socket.emit("user send message", {message: "Hi you there" }, callback => {
if (callback) {
console.log("--- response from server", callback);
}
});
服务器端代码
const initializeSockets = (io) => {
io.on('connection', (socket) => {
decryptAndStoreUserData(socket,io);
}
const decryptAndStoreUserData = async (socket,io) => {
const { token } = socket.handshake.auth; // receive the token from client
// here i decypt the auth token and get the user data
const genToken = new Middlewares().token();
const userData = genToken.decryptTokenForSockets(token);
// save the data of user in socket
socket.data.user = userData;
}
写一个中间件:
const jwt = require("jsonwebtoken");
const authSocketMiddleware = (socket, next) => {
// since you are sending the token with the query
const token = socket.handshake.query?.token;
try {
const decoded = jwt.verify(token, process.env.TOKEN_SECRET_KEY);
socket.user = decoded;
} catch (err) {
return next(new Error("NOT AUTHORIZED"));
}
next();
};
module.exports = authSocketMiddleware;
在套接字服务器内部使用它
socketServer = (server) => {
const io = require("socket.io")(server, {
cors: {
origin: "*",
methods: ["GET", "POST"],
},
});
// before connection use the middleware
io.use((socket, next) => {
authSocketMiddleware(socket, next);
});
io.on("connection", (socket) => {
console.log("user connected", socket.id);
});
};
| 归档时间: |
|
| 查看次数: |
48879 次 |
| 最近记录: |