I'm trying to get authentication working over sockets with sailsjs and passport.
The challenge seems to be the fact that a socket connection doesn't have a session, and that sailsjs mocks a request object, causing it to not have Passport middleware setup. This caused nodejs to throw an error, saying that the req object didn't have a method called logIn.
So, I've tried following the code snippet as provided by @xdissent here: Sails.js + Passport.js authentication through websockets which, indeed allows me to sign in without throwing errors. Or does it..? It turns out that it does something, But I have no idea what. Because upon fetching req.user through a different (socket) request, I get an empty object returned.
I've looked in redis, too. This came out of it:
redis 127.0.0.1:6379> keys *
1) "waterline:broadcasting:_sequences:id"
2) "sess:aDJI0YHzh17E3AMjtKsZSijs"
redis 127.0.0.1:6379> get "sess:aDJI0YHzh17E3AMjtKsZSijs"
"{\"cookie\":{\"httpOnly\":true,\"path\":\"/\"}}"
redis 127.0.0.1:6379>
So there is a session, just no user stored in it.
So long story short, how do I get Passport and sailsjs to play nice over sockets.
Update: I'd like some information about sessions, sockets and cookies with sails in general. So if I set stuff in a session, and refresh the browser, I'd like it to still be there. If I make an xhr call on the same page as the socket connection, shouldn't that be the same session?
Thanks to Kasper Isager there will be a passport generator for sails.js in the near future (Sails.js Version 0.10).
He implement Passport by using policies (sails middleware).
api/services/passport.js
var passport = require('passport');
passport.serializeUser(function(user, next) {
next(null, user.id);
});
passport.deserializeUser(function(id, next) {
User.findOne(id).done(next);
});
// Put your Passport config logic here
// Make passport globally available
module.exports = passport;
api/policies/passport.js
module.exports = function (req, res, next) {
// Initialize Passport
passport.initialize()(req, res, function () {
// Use the built-in sessions
passport.session()(req, res, function () {
// Make the user available throughout the frontend
res.locals.user = req.user;
next();
});
});
};
config/policies.js
module.exports.policies = {
'*': [ 'passport' ],
// MyCustomController: {
// update: [
// 'passport',
// 'authorize'
// ]
// }
};
This will make the the passport request methods (logIn, etc.) available in socket requests as well.
After a successful login your server-side session object will look like this:
{
// Express
cookie: {
originalMaxAge: null,
expires: null,
httpOnly: true,
path: '/'
},
// Passport
passport: {
user: '52fc98e108b31348a537fa43' // userId
}
}
You may access it in any policy with req.session or even on socket callbacks like:
config/sockets.js
onConnect: function(session, socket){}
onDisconnect: function(session, socket){}
If you want to see the Kaspers full implementation check out his repository: sails-generate-auth
来源:https://stackoverflow.com/questions/21414610/authentication-methods-over-sockets