过滤 socket.io 订阅 [英] Filtering socket.io subscriptions

问题描述

假设我有一个 User 模型和一个 Message 模型.用户有很多消息.

Imagine I have a User model and also a Message model. User has many messages.

然后在客户端我做了一个:

Then in the client I do a:

io.socket.get('/user/2/messages'....

我收到了我所有的用户消息，尝试接收其他人的消息没有问题，因为我有相关政策.不错.

I get all my user messages and there is no problem trying to get someones else messages because I have a policy for that. Good.

我想听用户是否有新消息，如果我这样做:

I want to listen if the user has new messages, if I do a:

io.socket.on('message')

我创建的每条消息，无论是我的还是非我的.

I get every message created, mine or not mine.

所以:我可以只收听我的消息吗?AKA 侦听相关消息，但并非全部侦听.

So: Can I listen just for MY messages? AKA listen for associated messages but not all of them.

也许为此使用政策或其他东西.因为即使有办法听他们，任何人都可以修改客户端听他想听的，我需要过滤所有这些.

Maybe using a policy or something for just that. Because even if there is a way to listen to them, anyone can modify the client to listen to what he wants to, I need to filter all of that.

推荐答案

是的，你可以.诀窍是使用"addedTo"动词侦听user 事件，而不是直接侦听消息创建.代码类似于:

Yes, you can. The trick is to listen for user events with the "addedTo" verb, rather than listening directly for message creation. The code would be something like:

io.socket.on('user', function(msg) {

    if (msg.verb == 'addedTo' && msg.attribute == 'messages') {

        // A new message was added to the user's "messages" collection
        var messageId = msg.addedId
        // From here you can request /message/[messageId] to get the
        // message details if you need them

    }

});

有关 .publishAdd() 文档的更多信息页.

注意只给出了添加消息的ID；你可能会发现你想要整件事.您可以通过对新消息发出单独的请求，或者像 在此答案中建议.

Note that only the ID of the added message is given; you may find you want the whole thing. You can handle that by either making a separate request for the new message, or overriding publishAdd as is suggested in this answer.

这里唯一的问题是确保您限制订阅这些用户事件的人.听起来您制定了一项政策，以防止用户为其他用户访问 /user/:id/messages.您还希望阻止他们为其他用户访问 /user/:id(至少通过套接字)，因为他们将订阅他们以这种方式访问​​的任何用户.

The only catch here is to make sure you're limiting who gets subscribed to those user events. It sounds like you have a policy in place that prevents users from accessing /user/:id/messages for other users. You'll want want preventing them from accessing /user/:id for other users as well (at least via sockets), since they will be subscribed to any user they access that way.

如果这是不可取的——也就是说，如果你希望人们能够点击这些路线——那么另一种选择是使用 autoSubscribe模型属性来限制蓝图通常所做的自动订阅.autoSubscribe 通常设置为 true，这意味着任何时候对模型发出套接字请求，请求套接字都将订阅该模型实例的所有事件.您可以改为将其设置为应该订阅的 contexts 数组.上下文是您感兴趣的特定事件，例如 update 或 destroy(有关上下文的更多信息 在文档中).最后，您可以将 autoSubscribe 设置为 false 以完全限制对该模型的订阅.然后，只要您想监听事件，就可以使用 .subscribe() 手动订阅.

If this is undesirable--that is, if you'd like people to be able to hit those routes--then an alternative would be to use the autoSubscribe model property to restrict the automatic subscription that blueprints normally do. autoSubscribe is normally set to true, which means that any time a socket request is made for a model, the requesting socket will be subscribed to all events for that model instance. You can instead set it to an array of contexts that should be subscribed to. Contexts are specific events you're interested in, like update or destroy (more about contexts in the docs). Finally, you can set autoSubscribe to false to restrict subscription to that model entirely. Then you can just subscribe manually with .subscribe() whenever you want to listen for events.

您可以在 sailsChat 中看到上下文和 autoSubscribe 的一些示例.a> 示例应用.

You can see some examples of contexts and autoSubscribe in action in the sailsChat sample app.

这篇关于过滤 socket.io 订阅的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！