NodeJS - Socket.io仅允许JWT验证的连接

时间:2015-05-09 09:34:58

标签: javascript node.js socket.io jwt express-jwt

我的代码很简单:

/*global require module process console*/
/*eslint-disable*/
(function (require, process) {
  'use strict';

  var config = require('../config')
  , uuid = require('node-uuid')
  , crypto = require('crypto')
  , fs = require('fs')
  , port = parseInt(process.env.PORT || config.server.port, 10)
  , serverHandler = function (req, res) {
    res.writeHead(404);
    res.end();
  }
  , httpUrl
  , io
  , server;

// Create an http(s) server instance to that socket.io can listen to
if (config.server.secure) {

  server = require('https').Server({
    'key': fs.readFileSync(config.server.key),
    'cert': fs.readFileSync(config.server.cert),
    'passphrase': config.server.password
  }, serverHandler);
} else {

  server = require('http').Server(serverHandler);
}

server.listen(port);

io = require('socket.io').listen(server);

if (config.logLevel) {
    // https://github.com/Automattic/socket.io/wiki/Configuring-Socket.IO
    io.set('log level', config.logLevel);
  }

  function describeRoom(name) {

    var clients = io.sockets.clients(name);

    var result = {
      'clients': {}
    };

    clients.forEach(function (client) {
      result.clients[client.id] = client.resources;
    });

    return result;
  }

  function clientsInRoom(name) {

    return io.sockets.clients(name).length;
  }

  function safeCb(cb) {

    if (typeof cb === 'function') {
      return cb;
    }
  }

  io.sockets.on('connection', function (client) {

    client.resources = {
      'screen': false,
      'video': true,
      'audio': false
    };

    // pass a message to another id
    client.on('message', function (details) {

      if (!details) {

        return;
      }

      var otherClient = io.sockets.sockets[details.to];

      if (!otherClient) {

        return;
      }

      details.from = client.id;
      otherClient.emit('message', details);
    });

    client.on('shareScreen', function () {

      client.resources.screen = true;
    });

    client.on('unshareScreen', function (type) {

      client.resources.screen = false;
      removeFeed('screen');
    });

    client.on('join', join);

    function removeFeed(type) {
      if (client.room) {

        io.sockets.in(client.room).emit('remove', {
          'id': client.id,
          'type': type
        });

        if (!type) {

          client.leave(client.room);
          client.room = undefined;
        }
      }
    }

    function join(name, cb) {
        // sanity check
        if (typeof name !== 'string') {

          return;
        }
        // check if maximum number of clients reached
        if (config.rooms
          && config.rooms.maxClients > 0
          && clientsInRoom(name) >= config.rooms.maxClients) {

          safeCb(cb)('full');
        return;
      }
        // leave any existing rooms
        removeFeed();
        safeCb(cb)(null, describeRoom(name));
        client.join(name);
        client.room = name;
      }

    // we don't want to pass 'leave' directly because the
    // event type string of 'socket end' gets passed too.
    client.on('disconnect', function () {
      removeFeed();
    });
    client.on('leave', function () {
      removeFeed();
    });

    client.on('create', function (name, cb) {
      if (arguments.length == 2) {
        cb = (typeof cb == 'function') ? cb : function () {};
        name = name || uuid();
      } else {
        cb = name;
        name = uuid();
      }
        // check if exists
        if (io.sockets.clients(name).length) {
          safeCb(cb)('taken');
        } else {
          join(name);
          safeCb(cb)(null, name);
        }
      });

    // support for logging full webrtc traces to stdout
    // useful for large-scale error monitoring
    client.on('trace', function (data) {
      console.log('trace', JSON.stringify(
        [data.type, data.session, data.prefix, data.peer, data.time, data.value]
        ));
    });


    // tell client about stun and turn servers and generate nonces
    client.emit('stunservers', config.stunservers || []);

    // create shared secret nonces for TURN authentication
    // the process is described in draft-uberti-behave-turn-rest
    var credentials = [];

    config.turnservers.forEach(function (server) {

      var hmac = crypto.createHmac('sha1', server.secret);
        // default to 86400 seconds timeout unless specified
        var username = Math.floor(new Date().getTime() / 1000) + (server.expiry || 86400) + '';

        hmac.update(username);

        credentials.push({
          'username':username,
          'credential':hmac.digest('base64'),
          'url':server.url
        });
      });
    client.emit('turnservers', credentials);
  });

if (config.uid) {

  process.setuid(config.uid);
}

if (config.server.secure) {

  httpUrl = 'https://localhost:' + port;
} else {

  httpUrl = 'http://localhost:' + port;
}

console.info('Signaling WS is running at:' + httpUrl);
/*eslint-enable*/
}(require, process));

我想要的只是在socket.io上只允许jwt验证的连接,我该怎么办?

实际上,我会阻止任何未经jwt身份验证的用户连接socket.io ...

用户通过express-jwt expressJWT.sign(userProfile, config.secretKey)方法

进行签名

任何帮助表示感谢!

1 个答案:

答案 0 :(得分:2)

解决

socketioJwt = require('socketio-jwt');

io.set('authorization', socketioJwt.authorize({
    secret: secretKey,
    handshake: true
  }));