与节点/ EX preSS / Socket.IO认证 [英] Authentication with Node/Express/Socket.IO
问题描述
我有一个是连接到一个HTML文件中的一个节点/ socket.io / EX preSS服务器(如的这样)。所以访问的网址您连接到服务器。我试图建立一个系统,由表示服务器正在上的时间和通过某种用户名和密码认证的方式在多台计算机上运行,访问特定的凭证网页将您连接到一台计算机与那些同凭据运行的服务器。
I have a node/socket.io/express server that's connected to a HTML file (like so). So visiting the web address connects you to the server. I am trying to set up a system where by, said server is being run on multiple computers at a time and by way of some sort of username and password authentication, visiting the webpage with specific credentials connects you to one of the computers with those same credentials running the server.
我见过的Redis提到从previous类似的问题,但他们是pretty老即时知道是否有实现这一目标的一个新的或更好的方法。
Ive seen mention of "Redis" from previous similar questions but they are pretty old and im wondering if there is a newer or better way of achieving this.
推荐答案
您不会找到很多了最新的文档,因为前preSS 4是一种新的,所以让我尝试弥补这这里:
You won't find a lot of up-to-date documentation since Express 4 is kind of new, so let me try to remedy that here :
让我们先从一个困惑,我认为你正在做:
Let's start with a confusion I think you're making:
-
什么是Redis的?
Redis是一个数据结构的发动机。它允许你存储键/值对,仅此而已(在这种情况下)。构建认证系统存储数据,用户信息,会话ID,等时,在你的情况下,它可以为你做的唯一一件事,您可以共享存储多台计算机之间,你会共享一个数据库以同样的方式,或一个文本文件。
Redis is a data structure engine. It allows you to store key/values pairs, nothing more (In this context). The only thing it can do for you when building your authentication system is storing the data, user info, session ids, etc. In your case, you can share a store between multiple machines, the same way you'd share a database, or a text file.
验证用户对节点/ EX preSS服务器
一,你可以做到这一点的方法之一是使用 护照 。 护照是一家致力于对Node.js的身份验证的中间件它与前preSS和相对容易安装使用的。有一个优秀教程系列如何设置护照与你的前任preSS的应用程序,所以我不会详细介绍这个部分,请花时间去通过串联,这是宝贵的知识。
One of the ways you can do that is by using passport. Passport is a middleware dedicated to authentication on Node.js. It is made for use with Express and relatively easy to setup. There is an excellent tutorial series on how to setup passport with your express application, so I won't detail this part, please take the time to go through the series, it's invaluable knowledge.
这里的链接到第一部分,这是一个我'会专注于为下一步。
Here's the link to the first part, which is the one I'll focus on for the next step.
socket.io加进来
Socket.io无法访问您在第1部分创建要补救的会话cookie,我们将使用 护照socketio 模块。
Socket.io doesn't have access to the session cookies that you create in part 1. To remedy that, we will use the passport-socketio module.
护照socketio需要本地会话存储器,相对于一个存储器存储。这意味着我们需要一些方法来存储一些会话数据,是否按门铃?
Passport-socketio requires a local session store, as opposed to a memory store. This means we need some way to store the session data somewhere, does that ring a bell?
没错, Redis的。
您可以尝试其他的卖场,像MongoDB的或MySQL,但Redis是最快的。
You can try other stores, like mongoDB or MySQL, but Redis is the fastest.
在这个例子中,我假设你的前preSS的应用程序和护照已经开始运作,并会专注于增加socket.io到应用程序。
In this example, I'll assume that your express app and passport are already operational and will focus on adding socket.io to the app.
设置:
var session = require('express-session'); //You should already have this line in your app
var passportSocketIo = require("passport.socketio");
var io = require("socket.io")(server);
var RedisStore = require('connect-redis')(session);
var sessionStore = new RedisStore({ // Create a session Store
host: 'localhost',
port: 6379,
});
app.use(session({
store: sessionStore, //tell express to store session info in the Redis store
secret: 'mysecret'
}));
io.use(passportSocketIo.authorize({ //configure socket.io
cookieParser: cookieParser,
secret: 'mysecret', // make sure it's the same than the one you gave to express
store: sessionStore,
success: onAuthorizeSuccess, // *optional* callback on success
fail: onAuthorizeFail, // *optional* callback on fail/error
}));
连接,Redis的是使用Redis的一个会话存储包(如该名称并不明显)。
Connect-redis is a session store package that uses redis (in case the name isn't obvious).
- 最后一步:
- Final step :
function onAuthorizeSuccess(data, accept){
console.log('successful connection to socket.io');
accept(); //Let the user through
}
function onAuthorizeFail(data, message, error, accept){
if(error) accept(new Error(message));
console.log('failed connection to socket.io:', message);
accept(null, false);
}
io.sockets.on('connection', function(socket) {
console.log(socket.request.user);
});
在socket.request找到的用户对象将包含所有的用户信息登录的用户,可以通过周围,或做任何你从这个角度需要它。
The user object found in socket.request will contain all the user info from the logged in user, you can pass it around, or do whatever you need with it from this point.
请注意:此设置将成为Socket.IO&LT略有不同; 1.x的
Note : This setup will be slightly different for Socket.IO < 1.x
这篇关于与节点/ EX preSS / Socket.IO认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
