All geek questions in one place

Socket namespace authorization.

Node.js seems to have the ability to acquire useful modules with insufficient or missing documentation. socket.io is one such module. I would like to use the built-in authorization function for namespaces, but I do not know how this will work on the client side. On the server side, they provide ample documentation, but beyond that, I'm not sure.

EDIT . I do not want to know how to get cookie data from a client. I know how to do this, and how to directly transfer data (e.g. username and password) from the client, through javascript.

+4
source share
1 answer

There is a lot of decent documentation regarding authorization with Socket.IO: https://github.com/LearnBoost/socket.io/wiki/Authorizing (scroll down to “Namespace Resolution” and “How the Client Handles Global Authorization”)

What exactly are you trying to achieve? This sounds a bit like you are trying to "POST" a username / password through Socket.IO. Socket.IO auth occurs during the handshake phase, so you can do the following:

  • "Issue" a username / password combination (I hope you use TLS) after general authorization and disconnect the user after poor authorization (Quite a mediocre IMO approach)

  • Rely on session server information for auth. This is probably the desired approach, since your server-side message should contain everything you need to find out if the user has been authenticated or not. You should rely on authenticating the HTTP session before connecting to the socket so that you do not pass a combination of username and password each time you try to connect to socket.io (which is quite possible if you fall back on XHR). There are many articles about this, but here is a good start: http://www.danielbaulig.de/socket-ioexpress/

+3
source

Source: https://habr.com/ru/post/1399321/

More articles:


All Articles