SailsJS-在JWT中使用sails.io.js [英] SailsJS - using sails.io.js with JWT

问题描述

我已经实现了一个AngularJS应用，并使用sails.io.js通过websocket与Sails后端进行通信.

I have implemented an AngularJS app, communicating with Sails backend through websockets, using sails.io.js.

由于后端基本上是纯API，并且也将从其他应用程序连接到后端，因此我试图完全禁用会话并使用JWT.

Since the backend is basically a pure API and will be connected to from other apps as well, I'm trying to disable sessions completely and use JWT.

我已经设置了express-jwt并可以很好地使用常规HTTP请求，但是当我通过sails.io.js发送请求时，什么都没有发生-websocket请求一直在客户端上处于挂起状态，并且没有任何反应服务器(日志级别为傻").

I have set up express-jwt and can use regular HTTP requests quite nicely, but when I send a request through sails.io.js, nothing happens at all - websocket request keeps pending on the client, and there's nothing happening on the server (with "silly" log level).

我尝试修补sails.io.js以支持查询参数，并且连接时，我从Angular发送令牌，但在最佳情况下，我收到来自Express-jwt的错误消息响应，称凭据丢失...

I've tried patching sails.io.js to support the query parameter, and when connecting, I send the token from Angular, but in the best case, I get a response with error message coming from express-jwt saying credentials are missing...

我也看到一些提示，需要使用beforeConnect修改帆中的socket.js，我已经看到 socketio-jwt ，但不知道在Sails中将其插入何处以及如何插入.

I've also seen some hints that socket.js in sails needs to be modified with beforeConnect, I've seen socketio-jwt, but have no idea where and how to plug that in, in Sails.

有人实现了这一点，并且将JWT与Sails和sockets一起使用吗?我很乐意向任何方向发展:)

Has anyone implemented this and is using JWT with Sails and sockets? I'd appreciate any kind of hint in what direction to go :)

推荐答案

我意识到我已经制定了策略，并且该策略使用的express-jwt离我太多了，所以我没有弄清楚到底是什么发生了.看完其他示例后，我发现只需要检查websocket请求与常规请求有何不同，我很快就找到了解决此问题的方法.

I realised that policy I've put in place and that was using express-jwt abstracted too much away from me, so I didn't figure out what exactly was happening. Once I looked at other examples, I've figured out that I only needed to check what's different for websocket requests than regular, and I quickly found a way around the problem.

所以:

1. 设置令牌签名并在登录时发送
2. Angular获取令牌并保存到本地存储
3. 为HTTP请求创建拦截器，以添加授权标头和令牌
4. 修复sails.io.js以转发通过选项提供的查询参数(如问题中所述)
5. 使用sails.io.js连接时，将令牌作为查询参数发送，即url +'?token ='+令牌

6. 在航行策略中，检查令牌的所有组合，包括req.socket.handshake.query，如下所示:

1. set up token signing and sending on login
2. Angular takes the token and saves to local storage
3. Create an interceptor for HTTP requests to add authorization header and token
4. Fix up sails.io.js to forward query parameters provided through options (as mentioned in the question)
5. When connecting using sails.io.js, send token as query parameter, i.e. url + '?token=' + token

6. In sails policy, check all combinations for token, including req.socket.handshake.query, as below:

module.exports = function (req, res, next) {

var token;

if (req.headers && req.headers.authorization) {

    var parts = req.headers.authorization.split(' ');

    if (parts.length == 2) {

        var scheme = parts[0],
        credentials = parts[1];

        if (/^Bearer$/i.test(scheme)) {
            token = credentials;
        }

    } else {
        return res.json(401, {err: 'Format is Authorization: Bearer [token]'});
    }

} else if (req.param('token')) {

    token = req.param('token');
    // We delete the token from param to not mess with blueprints
    delete req.query.token;

}

// If connection from socket
else if (req.socket && req.socket.handshake && req.socket.handshake.query && req.socket.handshake.query.token) {

    token = req.socket.handshake.query.token;

} else {
    sails.log(req.socket.handshake);
    return res.json(401, {err: 'No Authorization header was found'});
}

JWTService.verifyToken(token, function (err, token) {

    if (err) {
        return res.json(401, {err: 'The token is not valid'});
    }

    sails.log('Token valid');

    req.token = token;

    return next();

});

};

效果很好！ :)

这篇关于SailsJS-在JWT中使用sails.io.js的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！