Laravel棘轮插座Auth [英] Laravel Ratchet socket Auth
本文介绍了Laravel棘轮插座Auth的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我开始学习Ratchet(reactPHP),我正在使用laravel.但是我对安全性持肯定态度. 如何根据用户是否登录拒绝websocket连接
I am starting learning Ratchet (reactPHP) I am using laravel. But I came to a line about security. How can I deny websocket connection based on user is logged in or not
public function onOpen(ConnectionInterface $conn)
{
$this->clients->attach($conn);
$this->users[$conn->resourceId] = $conn;
if(Auth::check()){
echo 'user logged in';
}else{
echo "New connection! ({$conn->resourceId})\n";
}
}
我使用了类似的方法,但是它通过了Auth :: check,并且控制台始终显示新建连接".
I used something like this but it passes the Auth::check and console always shows New Connection.
推荐答案
好吧,在找到的解决方案周围玩,看来还可以: 我正在使用Sentinel
Ok Playing around found solution and it seems ok: I am using Sentinel
$session = (new SessionManager(App::getInstance()))->driver();
$cookies = $conn->WebSocket->request->getCookies();
$laravelCookie = urldecode($cookies['timeline_auth']);
$idSession = Crypt::decrypt($laravelCookie);
$user = Sentinel::findByPersistenceCode($idSession);
如果有更好的解决方案,请发表评论
If there is better solution please leave a comment
这篇关于Laravel棘轮插座Auth的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文