我有一个用nodejs制作的网站,使用护照对共享会话存储区的openid用户和socket.io进行身份验证,当未通过身份验证的客户端连接时,不会触发套接字连接事件
//...app.js
var express = require("express");
var app = express();
var http = require("http").createServer(app);
var passport = require('passport');
var io = require('socket.io')(http);
var cookieParser = require('cookie-parser');
var session = require("express-session");
var MongoStore = require("connect-mongo")(session);
var mongoose = require('mongoose');
var passportSocket = require("passport.socketio");
require('mongoose-long')(mongoose);
const sessionStore = new MongoStore({
mongooseConnection: mongoose.connection
});
mongoose.connect('foo.bar', { useNewUrlParser: true });
//...
//...
//...
io.use(
passportSocket.authorize({
cookieParser: cookieParser,
key: "u_sess",
secret: 'mysecret',
store: sessionStore
})
);
app.use(session({
store: sessionStore,
resave: true,
name: "u_sess",
saveUninitialized: true,
secret: 'mysecret'
}));
app.use(passport.initialize());
app.use(passport.session());
io.on("connection",function(sock){
console.log("- new user connected"+sock.request.connection.remoteAddress);
});
我希望当任何客户端连接时,它将触发连接事件,但这仅在护照对用户进行身份验证时才会发生,而如果我禁用Passport.socketio,则任何人都将触发连接事件,但我无权访问护照数据