NodeJS 使用JWT验证套接字io连接

yptwkmov  于 2022-12-29  发布在  Node.js
关注(0)|答案(4)|浏览(167)

如何验证socket.io连接?我的应用程序使用另一个服务器(python)的登录端点来获取令牌,无论何时用户在节点端打开套接字连接,我如何使用该令牌?

io.on('connection', function(socket) {
    socket.on('message', function(message) {
        io.emit('message', message);
    });
});

而客户端:

var token = sessionStorage.token;
var socket = io.connect('http://localhost:3000', {
    query: 'token=' + token
});

如果令牌是在python中创建的:

token = jwt.encode(payload, SECRET_KEY, algorithm='HS256')

如何使用这个令牌来验证节点中的套接字连接?

zdwk9cvp

zdwk9cvp1#

令牌是否在另一台服务器上创建并不重要,只要您有正确的密钥和算法,您仍然可以验证它。

使用jsonwebtoken模块实现

客户

const {token} = sessionStorage;
const socket = io.connect('http://localhost:3000', {
  query: {token}
});

服务器

const io = require('socket.io')();
const jwt = require('jsonwebtoken');

io.use(function(socket, next){
  if (socket.handshake.query && socket.handshake.query.token){
    jwt.verify(socket.handshake.query.token, 'SECRET_KEY', function(err, decoded) {
      if (err) return next(new Error('Authentication error'));
      socket.decoded = decoded;
      next();
    });
  }
  else {
    next(new Error('Authentication error'));
  }    
})
.on('connection', function(socket) {
    // Connection now authenticated to receive further events

    socket.on('message', function(message) {
        io.emit('message', message);
    });
});

使用socketio-jwt模块实现

这个模块使得客户端和服务器端的认证都变得更加容易。看看他们的例子就知道了。

客户

const {token} = sessionStorage;
const socket = io.connect('http://localhost:3000');
socket.on('connect', function (socket) {
  socket
    .on('authenticated', function () {
      //do other things
    })
    .emit('authenticate', {token}); //send the jwt
});

服务器

const io = require('socket.io')();
const socketioJwt = require('socketio-jwt');

io.sockets
  .on('connection', socketioJwt.authorize({
    secret: 'SECRET_KEY',
    timeout: 15000 // 15 seconds to send the authentication message
  })).on('authenticated', function(socket) {
    //this socket is authenticated, we are good to handle more events from it.
    console.log(`Hello! ${socket.decoded_token.name}`);
  });
htrmnn0y

htrmnn0y2#

由于我没有足够的信誉,无法在已接受的答案中添加评论:
常数socketio_jwt =要求值(“socketio_jwt”);
实际上并不是auth 0的repo的一部分,而是一个基于第三方社区的包。
上面的答案应该更新,因为到auth 0 repo的链接是一个页面404。

whitzsjs

whitzsjs3#

在这里,我写了一篇关于如何在套接字上验证用户身份以及如何保存用户数据的深入文章
https://medium.com/@tameemrafay/how-to-authenticate-user-and-store-the-data-in-sockets-19b262496feb

客户端代码

import io from "socket.io-client";

const SERVER = "localhost:4000";
const socket = io(SERVER, {
    auth: {
      token: "2c87b3d5412551ad69aet757f81f6a73eb919e5b02467aed419f5b2a9cce2b5aZOzgaM+bpKfjdM9jvez37RTEemAp07kOvEFJ3pBzvj8="
    }
  });

 socket.once('connect', (socketConnection) => {
    console.log('socket connected', socketConnection);
  })
 
// Emit the message and receive data from server in callback
 socket.emit("user send message", {message: "Hi you there" }, callback => {
    if (callback) {
      console.log("--- response from server", callback);
     }
  });

服务器端代码

const initializeSockets = (io) => {
  io.on('connection', (socket) => {

  decryptAndStoreUserData(socket,io);
  
}

const decryptAndStoreUserData = async (socket,io) => {

    const { token } = socket.handshake.auth; // receive the token from client

    // here i decypt the auth token and get the user data
    const genToken = new Middlewares().token();
    const userData = genToken.decryptTokenForSockets(token);

    // save the data of user in socket
    socket.data.user = userData;

  }
tcbh2hod

tcbh2hod4#

编写中间件:

const jwt = require("jsonwebtoken");

const authSocketMiddleware = (socket, next) => {
  // since you are sending the token with the query
  const token = socket.handshake.query?.token;
  try {
    const decoded = jwt.verify(token, process.env.TOKEN_SECRET_KEY);
    socket.user = decoded;
  } catch (err) {
    return next(new Error("NOT AUTHORIZED"));
  }
  next();
};

module.exports = authSocketMiddleware;

在套接字服务器内部使用

socketServer = (server) => {
  const io = require("socket.io")(server, {
    cors: {
      origin: "*",
      methods: ["GET", "POST"],
    },
  });
  // before connection use the middleware
  io.use((socket, next) => {
    authSocketMiddleware(socket, next);
  });
  io.on("connection", (socket) => {
    console.log("user connected", socket.id);
  });
};

相关问题