NodeJS – Socket.io只允许JWTvalidation的连接

我的代码很简单: 

/*global require module process console*/ /*eslint-disable*/ (function (require, process) { 'use strict'; var config = require('../config') , uuid = require('node-uuid') , crypto = require('crypto') , fs = require('fs') , port = parseInt(process.env.PORT || config.server.port, 10) , serverHandler = function (req, res) { res.writeHead(404); res.end(); } , httpUrl , io , server; // Create an http(s) server instance to that socket.io can listen to if (config.server.secure) { server = require('https').Server({ 'key': fs.readFileSync(config.server.key), 'cert': fs.readFileSync(config.server.cert), 'passphrase': config.server.password }, serverHandler); } else { server = require('http').Server(serverHandler); } server.listen(port); io = require('socket.io').listen(server); if (config.logLevel) { // https://github.com/Automattic/socket.io/wiki/Configuring-Socket.IO io.set('log level', config.logLevel); } function describeRoom(name) { var clients = io.sockets.clients(name); var result = { 'clients': {} }; clients.forEach(function (client) { result.clients[client.id] = client.resources; }); return result; } function clientsInRoom(name) { return io.sockets.clients(name).length; } function safeCb(cb) { if (typeof cb === 'function') { return cb; } } io.sockets.on('connection', function (client) { client.resources = { 'screen': false, 'video': true, 'audio': false }; // pass a message to another id client.on('message', function (details) { if (!details) { return; } var otherClient = io.sockets.sockets[details.to]; if (!otherClient) { return; } details.from = client.id; otherClient.emit('message', details); }); client.on('shareScreen', function () { client.resources.screen = true; }); client.on('unshareScreen', function (type) { client.resources.screen = false; removeFeed('screen'); }); client.on('join', join); function removeFeed(type) { if (client.room) { io.sockets.in(client.room).emit('remove', { 'id': client.id, 'type': type }); if (!type) { client.leave(client.room); client.room = undefined; } } } function join(name, cb) { // sanity check if (typeof name !== 'string') { return; } // check if maximum number of clients reached if (config.rooms && config.rooms.maxClients > 0 && clientsInRoom(name) >= config.rooms.maxClients) { safeCb(cb)('full'); return; } // leave any existing rooms removeFeed(); safeCb(cb)(null, describeRoom(name)); client.join(name); client.room = name; } // we don't want to pass 'leave' directly because the // event type string of 'socket end' gets passed too. client.on('disconnect', function () { removeFeed(); }); client.on('leave', function () { removeFeed(); }); client.on('create', function (name, cb) { if (arguments.length == 2) { cb = (typeof cb == 'function') ? cb : function () {}; name = name || uuid(); } else { cb = name; name = uuid(); } // check if exists if (io.sockets.clients(name).length) { safeCb(cb)('taken'); } else { join(name); safeCb(cb)(null, name); } }); // support for logging full webrtc traces to stdout // useful for large-scale error monitoring client.on('trace', function (data) { console.log('trace', JSON.stringify( [data.type, data.session, data.prefix, data.peer, data.time, data.value] )); }); // tell client about stun and turn servers and generate nonces client.emit('stunservers', config.stunservers || []); // create shared secret nonces for TURN authentication // the process is described in draft-uberti-behave-turn-rest var credentials = []; config.turnservers.forEach(function (server) { var hmac = crypto.createHmac('sha1', server.secret); // default to 86400 seconds timeout unless specified var username = Math.floor(new Date().getTime() / 1000) + (server.expiry || 86400) + ''; hmac.update(username); credentials.push({ 'username':username, 'credential':hmac.digest('base64'), 'url':server.url }); }); client.emit('turnservers', credentials); }); if (config.uid) { process.setuid(config.uid); } if (config.server.secure) { httpUrl = 'https://localhost:' + port; } else { httpUrl = 'http://localhost:' + port; } console.info('Signaling WS is running at:' + httpUrl); /*eslint-enable*/ }(require, process));

我想只是只允许在socket.io jwtvalidation的连接,我该怎么办?

实际上,我会阻止任何不经过authentication的用户连接上socket.io …

用户通过express-jwt expressJWT.sign(userProfile, config.secretKey)方法进行签名

任何帮助赞赏谢谢!

解决了 

 socketioJwt = require('socketio-jwt'); io.set('authorization', socketioJwt.authorize({ secret: secretKey, handshake: true }));
Interesting Posts

REST API不会根据标头中的Passport JWT令牌更改用户?

express-jwt通过路由处理特定的秘密密码

超级testing,testing安全的REST API

快速更新智威汤逊作为回应

运行testing时如何优雅地跳过express-jwt中间件?

在angularjs中重复ajax调用

节点expressJwt除非指定id路由

使用angular和express-jwt实现刷新令牌

如何使用Express-JWT处理错误

在可组合中间件中处理Express-JWT错误