pubnub，如何识别发件人？ [英] pubnub, how to identify the sender?

问题描述

从pubnub收到消息时，没有关于发件人的信息。如何知道来自visitorA或visitorB的消息？网上有一些例子，发件人用信息发送他的名字，但是如何知道他不是在欺骗别人的身份呢？

when receiving a message from pubnub, there is no information on the sender. how to know if it's a message from visitorA or visitorB ? there are examples on the web where the sender sends his name with the message, but how to know he isn't spoofing someone else's identity ?

这里是一个例子聊天界面：

here is an example of a chat interface :

<html>
  <body>
    <form id="message_form">
      <input id="message_input" type="text"/>
    </form>
    <div id="chat"></div>
    <script src="http://cdn.pubnub.com/pubnub-3.7.1.min.js"></script>
    <script>
      var pubnub = PUBNUB.init({
        publish_key: 'demo',
        subscribe_key: 'demo'
      });

      pubnub.subscribe({
        channel: 'chat',
        message: function(message){
          var div = document.createElement("div");
          div.textContent = message;
          var chat = document.getElementById("chat");
          chat.appendChild(div);
        }
      });

      var form = document.getElementById("message_form");
      form.onsubmit = function(e) {
        var input = document.getElementById("message_input");
        pubnub.publish({
          channel: 'chat',
          message: input.value
        });
        input.value = '';
        e.preventDefault();
      };
    </script>
  </body>
</html>

推荐答案

聊天用户识别

您可以识别发件人，方法是创建唯一ID 以及附加到邮件有效负载的名称。聊天对话。这与IRC策略类似，但更简单。

Chat User Identification

You can identify the sender by creating a Unique ID as well as a Name attached to the message payload of the chat conversation. This is similar to IRC strategies but a bit more simplistic.

var user_id      = PUBNUB.uuid();
var user_name    = name.value;
var user_message = input.vaule;

这是一个完整的示例，其中包含UserName输入的HTML元素。另请注意，我添加了一个 safe_text（）方法来防止XSS攻击。

Here is a full example which includes the HTML elements for UserName input. Notice also that I added a safe_text() method to prevent XSS attacks.

<form id="message_form">
  Name: <input id="name_input" value="John" type="text"/><br>
  Message: <input id="message_input" value="Hi" type="text"/><br>
  <input type="submit" value="send">
</form>
<div id="chat"></div>
<script src="http://cdn.pubnub.com/pubnub-dev.js"></script>
<script>
  var userid = PUBNUB.uuid();
  var pubnub  = PUBNUB({
    publish_key   : 'demo',
    subscribe_key : 'demo',
    uuid          : userid
  });

  function safe_text(text) {
    return (''+text).replace( /[<>]/g, '' );
  }
  pubnub.subscribe({
    channel: 'chat',
    message: function(message){
      var div = document.createElement("div");
      div.textContent =
        safe_text(message.name) + ": " +
        safe_text(message.text);

      var chat = document.getElementById("chat");
      chat.appendChild(div);
    }
  });

  var form = document.getElementById("message_form");
  form.onsubmit = function(e) {
    var input = document.getElementById("message_input");
    var name  = document.getElementById("name_input"); 

    pubnub.publish({
      channel: 'chat',
      message: { name : name.value, text : input.value, userid :userid }
    });
    input.value = '';
    e.preventDefault();
  };
</script>

虽然此演示为您提供了一个快速简便的入门应用程序，但您需要添加更多< a href =http://www.pubnub.com/products/access-manager/ =nofollow noreferrer>增强的聊天安全和聊天身份验证系统。

While this demonstration provides you with a quick and easy getting started app, you will want to add more enhanced chat security and chat authentication systems.

有关构建聊天应用程序的其他资源，请查看 Build 10行代码中的实时聊天应用指南以及构建基本聊天应用。

For additional resources for building chat applications check out Build Real-time Chat Apps in 10 Lines of Code guide and also Building A Basic Chat Application.

您需要添加安全ACL访问控制层。使用PubNub Access Manager（PAM），您可以通过授予用户访问权限的权限来控制谁有权访问。

You will need to add Security ACL Access Control Layer. With PubNub Access Manager (PAM) you can control who has access by granting users permission with access tokens.

// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
// Grant Chat Access to Secured Conversations
// All server-side data is stored according to defined security policies.
// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
var pubnub = PUBNUB({ 
    publish_key:   "PUBLISH_KEY", 
    subscribe_key: "SUBSCRIBE_KEY", 
    secret_key:    "SECRET_KEY"
})
pubnub.grant({
    channel  : "CHANNEL",
    callback : receiver,
    error    : receiver,
    ttl      : 60, // Minutes
    read     : true,
    write    : true,
    auth_key : "AUTH_KEY"
});

建议在可信系统上运行此级别的ACL代码，例如您自己的数据中心服务器。

It is recommended to run this level of ACL code on Trusted Systems such as your own data center servers.

PubNub客户端库提供内置的高级加密标准（AES）256比特加密。要使用消息加密，只需在初始化时使用cipher_key。

PubNub client libraries offer built-in Advanced Encryption Standard (AES) 256-bit encryption. To use message encryption, simply use cipher_key at initialization.

使用TLS和 ssl 标志启用传输层加密。

To enable Transport Layer Encryption with TLS and the ssl flag.

然后像往常一样发布/订阅。

Then publish/subscribe as usual.

var pubnub = PUBNUB({
    subscribe_key: 'sub-c-f762fb78-...',
    publish_key: 'pub-c-156a6d5f-...',
    ssl: true,
    cipher_key: 'my_cipherkey'
});

这篇关于pubnub，如何识别发件人？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！