Laravel棘轮插座Auth [英] Laravel Ratchet socket Auth

问题描述

我开始学习Ratchet(reactPHP)，我正在使用laravel.但是我对安全性持肯定态度. 如何根据用户是否登录拒绝websocket连接

I am starting learning Ratchet (reactPHP) I am using laravel. But I came to a line about security. How can I deny websocket connection based on user is logged in or not

public function onOpen(ConnectionInterface $conn)
    {
        $this->clients->attach($conn);
        $this->users[$conn->resourceId] = $conn;
        if(Auth::check()){
            echo 'user logged in';
        }else{
            echo "New connection! ({$conn->resourceId})\n";
        }

    }

我使用了类似的方法，但是它通过了Auth :: check，并且控制台始终显示新建连接".

I used something like this but it passes the Auth::check and console always shows New Connection.

推荐答案

好吧，在找到的解决方案周围玩，看来还可以: 我正在使用Sentinel

Ok Playing around found solution and it seems ok: I am using Sentinel

$session = (new SessionManager(App::getInstance()))->driver();
$cookies = $conn->WebSocket->request->getCookies();
$laravelCookie = urldecode($cookies['timeline_auth']);
$idSession = Crypt::decrypt($laravelCookie);
$user = Sentinel::findByPersistenceCode($idSession);

如果有更好的解决方案，请发表评论

If there is better solution please leave a comment

这篇关于Laravel棘轮插座Auth的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！