Socket.io:如何限制从客户端到 websocket 服务器发出的数据的大小 [英] Socket.io: How to limit the size of emitted data from client to the websocket server

问题描述

我有一个带有 socket.io 的 node.js 服务器.我的客户端使用 socket.io 连接到 node.js 服务器.

I have a node.js server with socket.io. My clients use socket.io to connect to the node.js server.

数据从客户端传输到服务器的方式如下:

Data is transmitted from clients to server in the following way:

在客户端

var Data = {'data1':'somedata1', 'data2':'somedata2'};
socket.emit('SendToServer', Data);

在服务器上

socket.on('SendToServer', function(Data) {
    for (var key in Data) {
           // Do some work with Data[key]
    }
});

假设有人修改了他的客户端并向服务器发送了一大块数据.例如:

Suppose that somebody modifies his client and emits to the server a really big chunk of data. For example:

var Data = {'data1':'somedata1', 'data2':'somedata2', ...and so on until he reach for example 'data100000':'data100000'};
socket.emit('SendToServer', Data);

因为服务器上的这个循环...

Because of this loop on the server...

for (var key in Data) {
       // Do some work with Data[key]
}

...服务器需要很长时间才能遍历所有这些数据.

... the server would take a very long time to loop through all this data.

那么，防止此类情况的最佳解决方案是什么?

So, what is the best solution to prevent such scenarios?

谢谢

我用这个函数来验证对象:

I used this function to validate the object:

function ValidateObject(obj) {
    var i = 0;
    for(var key in obj) {
        i++;
        if (i > 10) { // object is too big
            return false;
        }
    }
    return false;
}

推荐答案

所以最简单的方法就是在对数据进行任何操作之前先检查它的大小.

So the easiest thing to do is just check the size of the data before doing anything with it.

socket.on('someevent', function (data) {
    if (JSON.stringify(data).length > 10000) //roughly 10 bytes
        return;

    console.log('valid data: ' + data);
});

老实说，这有点低效.您的客户端发送消息，socket.io 将消息解析为对象，然后您获取事件并将其转回字符串.

To be honest, this is a little inefficient. Your client sends the message, socket.io parses the message into an object, and then you get the event and turn it back into a String.

如果您想在客户端更高效，则应该强制执行最大消息长度.

If you want to be even more efficient then on the client side you should be enforcing max lengths of messages.

为了提高效率(并防止恶意用户)，当数据包进入 Socket.io 时，如果长度太长，那么您应该丢弃它们.您要么需要找到一种方法来扩展原型以执行您想要的操作，要么您需要提取源代码并自行修改它.另外，我还没有研究过 socket.io 协议，但我相信你要做的不仅仅是丢弃"数据包.此外，有些数据包是 ack-backs 和 nack-backs，所以你也不想弄乱它们.

For even more efficiency (and to protect against malicious users), as packets come into Socket.io, if the length gets too long, then you should discard them. You'll either need to figure a way to extend the prototypes to do what you want or you'll need to pull the source and modify it yourself. Also, I haven't looked into the socket.io protocol but I'm sure you'll have to do more than just "discard" the packet. Also, some packets are ack-backs and nack-backs so you don't want to mess with those, either.

旁注:如果你只关心键的数量，那么你可以使用 Object.keys(obj) 它返回一个键数组:

Side note: If you ONLY care about the number of keys then you can use Object.keys(obj) which returns an array of keys:

if (Object.keys(obj).length > 10)
    return;

这篇关于Socket.io:如何限制从客户端到 websocket 服务器发出的数据的大小的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！