New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I understand the midleware... #23
Comments
You can add middleware to intercept (or authorize) publish, subscribe and emit actions. You can read up on the different kinds of middleware lines here: http://socketcluster.io/#!/docs/middleware-and-authorization For example, for subscribe (to control who can see what channels), the client-side code might look like this: // Client
socket.subscribe('foo'); The middleware might be: // Server (worker.js)
wsServer.addMiddleware(wsServer.MIDDLEWARE_SUBSCRIBE,
function (socket, channel, next) {
// Get the list of channels which this session/socket is allowed to access
// Alternatively, this could come from a database instead of socket.session
socket.session.get('allowedChannels', function (err, channelPermissions) {
if (channelPermissions[channel]) {
// Allow the socket to subscribe to this channel - After calling next(), you don't need to
// do anything else - SC will handle the rest
next();
} else {
// Here we block every other channel which is not in that session's channelPermissions object
// By passing an error to next(err), we are blocking the subscription
next(socket.id + ' is not allowed to subscribe to event ' + event);
}
});
}
); |
I try this: scServer.addMiddleware(scServer.MIDDLEWARE_HANDSHAKE, function (req, next) { scServer.on('connection', function (socket) {
req.session is always undefined. The handshake called before socket.connected. If req.session is set and true, client is authorize the previous connection method, not require authorization again. req.session is unavailable always and I don't understand why. |
@joinfok You found a bug in socketcluster-server (the session object wasn't being added to the request). It's been fixed in v0.9.43 (https://www.npmjs.org/package/socketcluster-server). Thanks! One way to fix it is by reinstalling socketcluster using npm. npm remove -g socketcluster Then make sure you run: npm cache clean before you install again. This should fetch the latest version of socketcluster-server which has the fix. |
I sorry, if is a stupid question!
Client connecting to server -> Check authorization -> set session.isAuthorized -> setMidlewareSubscribe to room.
Client side is send unauthorized session or unauthorized room, can receive midleware denied.
I see github and socketcluster.io samples.... don't understand what is a client and server side code, where is a function entry point in workflow... on exaples use scServer, wsServer...
I use now simple session auth set/check and try expanding this from midleware preparsing.
Pleas write a simple, completly example howto use midleware handshake, subscribe...etc.
The text was updated successfully, but these errors were encountered: