通过与DDP认证流星（和SRP？） [英] Authenticating with Meteor via DDP (and SRP?)

问题描述

我似乎无法找到有关如何使用流星的DDP用户进行身份验证的任何有用信息。

I can't seem to find any good information about how to authenticate a user using Meteor's DDP.

这可能吗？如果是这样，什么是做到这一点的最好方法是什么？你怎么能使用SRP远程登录到流星？

Is this possible? If so, what's the best way to do it? How can you log in remotely to Meteor using SRP?

我目前使用的直节点（最终将使用防爆preSS），与这个节点DDP客户端

I'm currently using straight Node (eventually will use Express), along with this node ddp client.

推荐答案

要通过DDP登录，只需发送一个方法调用。你改变它稍微取决于您希望如何登录。

To log in via DDP, simply send a method call. You alter it slightly depending on how you want to log in.

我将使用 DDP-工具的尝试，并解释如何登录，因为它会沟通与纯粹的DDP。在下面的例子中的登录细节

I'll use ddp-tools to try and explain how to log in, since it would be communicating with purely ddp. The login details in the below examples are

的用户名的就是 USER_1 密码的就是 QWERTY （是的，我知道它的坏的），而电子邮件地址的就是 email@email.com 的登录令牌的就是 MxNY9BFPKra2uNWG7

The username is user_1, password is qwerty (yeah I know its bad), and email address is email@email.com, the login token is MxNY9BFPKra2uNWG7

格式

ddp call <method call name> [<param1>..]

这是一样的做 ddpclient.call中的NodeJS（＆lt;方法调用名称＆gt;，＆LT;参数1＆GT，回调）

要使用电子邮件和密码登录

ddp call 'login' '{"password":"qwerty","user":{"email":"email@email.com"}}'

要使用的用户名和密码登录

ddp call 'login' '{"password":"qwerty","user":{"username":"user_1"}}'

要使用日志中的标记的（当您登录什么流星节省

To log in with a token (what meteor saves when you log in:

ddp call 'login' '{"resume":"MxNY9BFPKra2uNWG7"}'

-

如果您不想在像上述这样明文发送密码，你没有使用SSL安全/ HTTPS连接，您可以使用SRP。

If you don't want to send the password in plain-text like the above way, you're not using a SSL secured/https connection you can use SRP.

要使用SRP登录其一点一点小技巧，因为它有几个阶段

To login with SRP its a little bit tricker as it has a couple of stages

1. Begin a passwordExchange to establish the key to communicate the hash
2. Send a login call with the hash calculated using the reply from 1)

第1步：

-BEGIN一个SRP密码交换：

-Begin a SRP password exchange:

ddp call 'beginPasswordExchange' '{"A":"A","user":{"email":"email@email.com"}}

的响应将是类似

{"identity":"identity","salt":"salt","B":B"}

然后就可以使用它来登录：

Then you can use this to login:

ddp call 'login' '{"srp":{"M":"srp hash"}}'

同样可以使用用户名，而不是上面的电子邮件。

Similarly you can use the username instead of the email above.

因此​​，要获得M的值，而A你需要一个SRP库。由于有流星的SRP库及其容易解释如何从每个，其相当棘手的密码。如果你想要写一个用另一种语言，你可以使用维基百科的解释打造出来的方法。

So to get the values of M, and A you need an SRP library. Since there's an SRP library in meteor its easy to explain how to get the password from each, its quite tricky. If you want to write one in another language you could use wikipedia's explanation to build the methods out

所以我们开始（在流星SRP包从SRP库）的SRP交流，因为你使用Node.js的，你可以包括所有在你的项目中的文件（除package.js）

So we begin an srp exchange (from the SRP library in meteors SRP package), since you're using node.js you could include all the files in your project (except package.js)

var srp = new SRP.Client(password);

这会给你 A ，那么你会得到你可以用数据回应：

This will give you A, then you will get back data that you can respond with:

var response = srp.respondToChallenge(result);

这将最终给你SHA散列使用M，以在'B'和盐回复。

This will finally give you the SHA hash to reply with using 'M', taking in 'B' and the salt.

最后

不要忘了检查，当你登录到看到最后的响应，如果结果一致它应该是什么

Don't forget to check the final response when you do log in to see if the result matches what it should be

srp.verifyConfirmation({HAMK: result.HAMK}

同样，这些都来自于流星的SRP库，但他们的SRP规范作为维基百科。流星的SRP使用SHA256作为哈希函数。

Again these are all from the SRP library in Meteor, but they're all part of the SRP spec as on wikipedia. Meteor's SRP uses SHA256 as the hashing function.

• 节点JS - https://github.com/emgee3/srp-test

• Node JS - https://github.com/emgee3/srp-test

这篇关于通过与DDP认证流星（和SRP？）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！