SailsJS-在JWT中使用sails.io.js [英] SailsJS - using sails.io.js with JWT
问题描述
我已经实现了一个AngularJS应用,并使用sails.io.js通过websocket与Sails后端进行通信.
I have implemented an AngularJS app, communicating with Sails backend through websockets, using sails.io.js.
由于后端基本上是纯API,并且也将从其他应用程序连接到后端,因此我试图完全禁用会话并使用JWT.
Since the backend is basically a pure API and will be connected to from other apps as well, I'm trying to disable sessions completely and use JWT.
我已经设置了express-jwt并可以很好地使用常规HTTP请求,但是当我通过sails.io.js发送请求时,什么都没有发生-websocket请求一直在客户端上处于挂起状态,并且没有任何反应服务器(日志级别为傻").
I have set up express-jwt and can use regular HTTP requests quite nicely, but when I send a request through sails.io.js, nothing happens at all - websocket request keeps pending on the client, and there's nothing happening on the server (with "silly" log level).
我尝试修补sails.io.js以支持查询参数,并且连接时,我从Angular发送令牌,但在最佳情况下,我收到来自Express-jwt的错误消息响应,称凭据丢失...
I've tried patching sails.io.js to support the query parameter, and when connecting, I send the token from Angular, but in the best case, I get a response with error message coming from express-jwt saying credentials are missing...
我也看到一些提示,需要使用beforeConnect修改帆中的socket.js,我已经看到 socketio-jwt ,但不知道在Sails中将其插入何处以及如何插入.
I've also seen some hints that socket.js in sails needs to be modified with beforeConnect, I've seen socketio-jwt, but have no idea where and how to plug that in, in Sails.
有人实现了这一点,并且将JWT与Sails和sockets一起使用吗?我很乐意向任何方向发展:)
Has anyone implemented this and is using JWT with Sails and sockets? I'd appreciate any kind of hint in what direction to go :)
推荐答案
我意识到我已经制定了策略,并且该策略使用的express-jwt离我太多了,所以我没有弄清楚到底是什么发生了.看完其他示例后,我发现只需要检查websocket请求与常规请求有何不同,我很快就找到了解决此问题的方法.
I realised that policy I've put in place and that was using express-jwt abstracted too much away from me, so I didn't figure out what exactly was happening. Once I looked at other examples, I've figured out that I only needed to check what's different for websocket requests than regular, and I quickly found a way around the problem.
所以:
- 设置令牌签名并在登录时发送
- Angular获取令牌并保存到本地存储
- 为HTTP请求创建拦截器,以添加授权标头和令牌
- 修复sails.io.js以转发通过选项提供的查询参数(如问题中所述)
- 使用sails.io.js连接时,将令牌作为查询参数发送,即url +'?token ='+令牌
-
在航行策略中,检查令牌的所有组合,包括req.socket.handshake.query,如下所示:
- set up token signing and sending on login
- Angular takes the token and saves to local storage
- Create an interceptor for HTTP requests to add authorization header and token
- Fix up sails.io.js to forward query parameters provided through options (as mentioned in the question)
- When connecting using sails.io.js, send token as query parameter, i.e. url + '?token=' + token
In sails policy, check all combinations for token, including req.socket.handshake.query, as below:
module.exports = function (req, res, next) {
var token;
if (req.headers && req.headers.authorization) {
var parts = req.headers.authorization.split(' ');
if (parts.length == 2) {
var scheme = parts[0],
credentials = parts[1];
if (/^Bearer$/i.test(scheme)) {
token = credentials;
}
} else {
return res.json(401, {err: 'Format is Authorization: Bearer [token]'});
}
} else if (req.param('token')) {
token = req.param('token');
// We delete the token from param to not mess with blueprints
delete req.query.token;
}
// If connection from socket
else if (req.socket && req.socket.handshake && req.socket.handshake.query && req.socket.handshake.query.token) {
token = req.socket.handshake.query.token;
} else {
sails.log(req.socket.handshake);
return res.json(401, {err: 'No Authorization header was found'});
}
JWTService.verifyToken(token, function (err, token) {
if (err) {
return res.json(401, {err: 'The token is not valid'});
}
sails.log('Token valid');
req.token = token;
return next();
});
};
效果很好! :)
这篇关于SailsJS-在JWT中使用sails.io.js的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!