在SPA公共和私人socket.io连接 [英] Both public and private socket.io connection in SPA

问题描述

所以我有一个具有两种类型的用户web应用程序。谁尚未验证的公共用户和谁已登录和认证自己私人用户。我在单页应用程序中使用基于令牌的认证，没有页面刷新页面初始加载后。因此，用户首先来到现场和非认证，没有提供给他的令牌。然后，他验证它返回一个令牌给他，可用于检查，他被node.js中在服务器端进行身份验证现在，我也有一些我从node.js的向客户发送实时消息。将有两种类型的消息。我需要的公共信息发送到公共和私人客户，并经过客户端验证我需要能够给私人消息发送到身份验证的用户（例如，当数据库中的账户余额变动我要发送的私人客户通知）。这些私人信息应该得到保护。

So I have a webapp that has two types of users. Public users who have not yet authenticated and private users who have logged in and authenticated themselves. I am using token based authentication in single page app, there are no page refreshes after the page is initially loaded. So user first comes to site and is unauthenticated, has no token available to him. He then authenticates which returns a token to him that can be used to check that he is authenticated on the server side by node.js. Now I also have some real time messages that I am sending from node.js to the client. There will be two types of messages. I need to send public messages to both public and private clients and also after a client has authenticated I need to be able to send private messages to the authenticated user (for example when his account balance changes in the database I want to send the private client a notification). These private messages should be protected.

现在我有点困惑，什么是实现这一目标的最佳实践。

Now I am a bit confused as to what is the best practice of achieving this.

什么是有一个单页的应用程序提供公共和私人socket.io的最佳方式？

What's the best way to have both public and private socket.io available in a single page app?

和我使用的客户方angular.js，但是这可能是不相关（使用的https： //github.com/btford/angular-socket-io ）

And I am using angular.js on the clientside but this is probably not relevant (using https://github.com/btford/angular-socket-io)

非常感谢你，如果你能帮助我，并指出我在正确的方向！

Thank you very much if you can help me out and point me in the right direction!

推荐答案

Socket.io提供像房间或命名空间来帮助一些工具。

Socket.io provide some tools like rooms or namespaces to help.

在你的情况，我认为最好的办法是有两个名字空间。一个未登录的用户，一个是登录的用户。

In your case, i think the best solution is to have two namespaces. One for not logged user, and one for logged user.

您可以在只有当你需要一个命名空间使用授权。

You can use authorisation on one namespace only if you need.

然后，你可以根据需要在特定的命名空间播出。

Then you can broadcast in a namespace in particular if needed.

io.of('/user').on('connection', function (socket) {
     //Manage socket
}

io.of('/operator').authorization(function (handshakeData, callback) {
    if(isAuthorized){
        callback(null,true);
    }else{
        callback(null,false);
    }
}).on('connection', function (socket) {
    //Manage the socket
}

io.of('/operator').emit('msg', { text:text});

这篇关于在SPA公共和私人socket.io连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！