Comments (3)
@joinfok You found a bug in socketcluster-server (the session object wasn't being added to the request). It's been fixed in v0.9.43 (https://www.npmjs.org/package/socketcluster-server). Thanks!
One way to fix it is by reinstalling socketcluster using npm.
npm remove -g socketcluster
Then make sure you run:
npm cache clean
before you install again. This should fetch the latest version of socketcluster-server which has the fix.
from socketcluster.
You can add middleware to intercept (or authorize) publish, subscribe and emit actions.
Middleware functions are useful to filter inbound communications.
I.e. Client => server
You can read up on the different kinds of middleware lines here: http://socketcluster.io/#!/docs/middleware-and-authorization
For example, for subscribe (to control who can see what channels), the client-side code might look like this:
// Client
socket.subscribe('foo');
The middleware might be:
// Server (worker.js)
wsServer.addMiddleware(wsServer.MIDDLEWARE_SUBSCRIBE,
function (socket, channel, next) {
// Get the list of channels which this session/socket is allowed to access
// Alternatively, this could come from a database instead of socket.session
socket.session.get('allowedChannels', function (err, channelPermissions) {
if (channelPermissions[channel]) {
// Allow the socket to subscribe to this channel - After calling next(), you don't need to
// do anything else - SC will handle the rest
next();
} else {
// Here we block every other channel which is not in that session's channelPermissions object
// By passing an error to next(err), we are blocking the subscription
next(socket.id + ' is not allowed to subscribe to event ' + event);
}
});
}
);
from socketcluster.
I try this:
scServer.addMiddleware(scServer.MIDDLEWARE_HANDSHAKE, function (req, next) {
req.session.get('isUserAuthorized', function (err, value) {
if (value) {
next();
} else {
next('Session ' + req.session.id + ' was not authorized');
}
});
});
scServer.on('connection', function (socket) {
// Emit a 'greet' event on the current socket with value 'hello world'
socket.emit('greet', 'hello world');
/*
Store that socket's session for later use.
We will emit events on it later - Those events will
affect all sockets which belong to that session.
*/
activeSessions[socket.session.id] = socket.session;
socket.session.set('isUserAuthorized', true, callback);
});
req.session is always undefined.
The handshake called before socket.connected. If req.session is set and true, client is authorize the previous connection method, not require authorization again.
req.session is unavailable always and I don't understand why.
from socketcluster.
Related Issues (20)
- Worker is leaving instance repeatedly and reconnects after a while HOT 1
- Is it possible to merge publish messages? HOT 1
- SocketCluster version 16.0.1 SCC problem in minikube k8
- JWT token : invalid signature HOT 1
- `socketcluster create` screws up app name HOT 2
- badSocketAuthToken event not triggering HOT 2
- Unused dependencies HOT 1
- Bump Docker image HOT 1
- Socket connection gets timed out unexpectedly HOT 3
- Potential security issue HOT 5
- any way to send the missing socket update to client after network restore HOT 3
- We unable received the middleware sending error message from socket client HOT 2
- Has anyone tried to deploy socket cluster on Azure Container apps? HOT 1
- socket.on is not a function HOT 3
- BadConnectionError - socketcluster-client when requesting from server side. It works fine if the request is issued from the browser. HOT 3
- Callbacks scale much more than async/await approach HOT 2
- Namespace in channels HOT 3
- Is there any CPU/Memory Resources requests / limits recommendation?
- Socketcluster 16.x stopped working due to underlying library update HOT 1
- socketcluster compliance HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from socketcluster.