套接字上的身份验证方法 [英] Authentication methods over sockets
问题描述
我正在尝试使用 sailsjs 和 passport 通过套接字进行身份验证.
I'm trying to get authentication working over sockets with sailsjs and passport.
挑战似乎在于套接字连接没有会话,并且sailsjs 模拟请求对象,导致它没有设置Passport 中间件.这导致 nodejs 抛出错误,说 req 对象没有名为 logIn 的方法.
The challenge seems to be the fact that a socket connection doesn't have a session, and that sailsjs mocks a request object, causing it to not have Passport middleware setup. This caused nodejs to throw an error, saying that the req object didn't have a method called logIn.
所以,我尝试按照@xdissent 提供的代码片段进行操作:Sails.js + Passport.js 通过 websockets 进行身份验证 这确实允许我登录而不抛出错误.还是..?事实证明它做了某事,但我不知道是什么.因为在通过不同的(套接字)请求获取 req.user 时,我得到一个返回的空对象.
So, I've tried following the code snippet as provided by @xdissent here: Sails.js + Passport.js authentication through websockets which, indeed allows me to sign in without throwing errors. Or does it..? It turns out that it does something, But I have no idea what. Because upon fetching req.user through a different (socket) request, I get an empty object returned.
我也看过redis.结果是这样的:
I've looked in redis, too. This came out of it:
redis 127.0.0.1:6379> keys *
1) "waterline:broadcasting:_sequences:id"
2) "sess:aDJI0YHzh17E3AMjtKsZSijs"
redis 127.0.0.1:6379> get "sess:aDJI0YHzh17E3AMjtKsZSijs"
"{\"cookie\":{\"httpOnly\":true,\"path\":\"/\"}}"
redis 127.0.0.1:6379>
所以有一个会话,只是没有用户存储在其中.
So there is a session, just no user stored in it.
长话短说,我如何让 Passport 和 Sailsjs 在套接字上运行良好.
So long story short, how do I get Passport and sailsjs to play nice over sockets.
更新:我想要一些关于会话、套接字和 cookie 的一般信息.因此,如果我在会话中设置内容并刷新浏览器,我希望它仍然存在.如果我在与套接字连接相同的页面上进行 xhr 调用,那不应该是同一个会话吗?
Update: I'd like some information about sessions, sockets and cookies with sails in general. So if I set stuff in a session, and refresh the browser, I'd like it to still be there. If I make an xhr call on the same page as the socket connection, shouldn't that be the same session?
推荐答案
感谢 Kasper Isager,我们将会有一个用于风帆的护照生成器.js 在不久的将来(Sails.js 0.10 版).
Thanks to Kasper Isager there will be a passport generator for sails.js in the near future (Sails.js Version 0.10).
他通过使用策略(sails 中间件)实现 Passport.
He implement Passport by using policies (sails middleware).
api/services/passport.js
var passport = require('passport');
passport.serializeUser(function(user, next) {
next(null, user.id);
});
passport.deserializeUser(function(id, next) {
User.findOne(id).done(next);
});
// Put your Passport config logic here
// Make passport globally available
module.exports = passport;
api/policies/passport.js
module.exports = function (req, res, next) {
// Initialize Passport
passport.initialize()(req, res, function () {
// Use the built-in sessions
passport.session()(req, res, function () {
// Make the user available throughout the frontend
res.locals.user = req.user;
next();
});
});
};
config/policies.js
module.exports.policies = {
'*': [ 'passport' ],
// MyCustomController: {
// update: [
// 'passport',
// 'authorize'
// ]
// }
};
这将使护照请求方法(logIn 等)在套接字请求中也可用.
This will make the the passport request methods (logIn, etc.) available in socket requests as well.
成功登录后,您的服务器端会话对象将如下所示:
After a successful login your server-side session object will look like this:
{
// Express
cookie: {
originalMaxAge: null,
expires: null,
httpOnly: true,
path: '/'
},
// Passport
passport: {
user: '52fc98e108b31348a537fa43' // userId
}
}
您可以使用 req.session 在任何策略中访问它,甚至可以在套接字回调中访问它,例如:
You may access it in any policy with req.session or even on socket callbacks like:
config/sockets.js
onConnect: function(session, socket){}
onDisconnect: function(session, socket){}
如果您想查看 Kaspers 的完整实现,请查看他的存储库:sails-generate-auth
If you want to see the Kaspers full implementation check out his repository: sails-generate-auth
这篇关于套接字上的身份验证方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
