移动应用程序中的套接字认

我想知道如何正确validation用户使用套接字和cordova。

目前,发生以下情况:

  1. 用户使用正常的ajax命令注册或login,发送emailpassword
  2. 我发回一个访问令牌和他们的电子邮件,这是存储在localstorage存储在localstorage上,并作为email => accesstoken在redis
  3. 然后用户发送一个连接请求到socket.io服务器,就像( 客户端 ):

 var socket = io('http://192.168.50.3:8080/'); socket.on('connect', function(){ socket.emit('init', { email: 'email@email.com', token: '12ueno1' }); }); 
  1. 然后,我检查后端,如果访问令牌和电子邮件在我的Redis服务器,如果他们是,我开始监听客户端发送的任何命令( 服务器端 ):

 var io = require('socket.io').listen(8080), mongoose = require('mongoose'), schema = mongoose.Schema, userModel = require('./models/user'), lobbyModel = require('./models/lobby'), redis = require('redis').createClient(); io.sockets.on('connection', function(socket){ socket.on('init', function(data){ // here, we check for an init command which will have an email and access token // if it's there, we put the user into a room and let them wait for data redis.get(data.email, function(err, reply){ if(reply === data.token){ // get into room var roomKey = data.email; socket.join(roomKey); // get user var user; userModel.findOne({ email: data.email }, function(err, doc){ user = doc; }); socket.in(roomKey).on('create_lobby', function(data){ // do stuff for creating a lobby and then send back the data io.sockets.in(roomKey).emit('created_lobby', { email: user.email }); }); } }); }); }); 
  1. 现在通过身份validation,用户可以发送类似( 客户端 )的命令:

 socket.on('create_lobby', { name: 'test' }); 

现在,这工作正常,我只是想知道如果我正确的方式,或者如果我创build一个不安全的系统。