Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Authorizing and handshaking with Socket.IO

I'm wondering what the main function of authorization and the handshake in Socket.IO is. I've already read their wiki and authorizing guide on GitHub but I still don't understand the following:

  1. How does the authorization work in Socket.io?
  2. What is the handshake in Socket.IO?
  3. Can I add anything to the handshakeData object?

I hope you can answer my question. Thanks.

like image 862
Joenel de Asis Avatar asked Oct 01 '13 02:10

Joenel de Asis


People also ask

How can I send a message to a particular client with socket IO?

To send a message to the particular client, we are must provide socket.id of that client to the server and at the server side socket.io takes care of delivering that message by using, socket.broadcast.to('ID'). emit( 'send msg', {somedata : somedata_server} ); For example,user3 want to send a message to user1.

How do I use socket IO middleware?

Here is an example of the syntax: const io = require('socket.io')(); io. use(function(socket, next) { // execute some code next(); }) . on('connection', function(socket) { // Connection now authenticated to receive further events socket.

Is socket IO TCP connection?

The Socket.IO library keeps an open TCP connection to the server, which may result in a high battery drain for your users.

Does socket IO auto reconnect?

In the first case, the Socket will automatically try to reconnect, after a given delay.


1 Answers

Edit: In Socket.IO 1.0, middleware is now used. Authorization can be done like so:

io.use(function(socket, next) {   var handshake = socket.request;   next(); }); 

If you were to need to reject the socket, just pass an error object to the next() callback. The same thing can be done with namespaces:

io.of('/namespace').use(function(socket, next) {   var handshake = socket.request;   next(); }); 

Authorization in Socket.IO is run through a function which is decided in a boolean that is passed by a callback. This function runs every time a connection attempts a handshake, and this is what it looks like:

io.set('authorization', function (handshake, callback) {   callback(null, true); }); 

The function callback() accepts two parameters. The first is the error reason, if any, and the second parameter is the boolean that decides if a client may connect or not. By default there is no authorization, so the scenario is shown in the code sample above, where the socket that is connecting is allowed passage with true.

The handshake in Socket.IO is like any other information technology related handshake. It is the process of negotiation, which in Socket.IO's case, decides whether a client may connect, and if not, denies the connection. The handshake is initiated with either a XHR or JSONP request, and doesn't do much when no authorization is specified, but can be helpful in the data passed in the handshake data object.

To answer your last question, yes, you may add anything into the handshake object. The object is the same variable reference to the socket.handshake object, which allows you to do things like this:

io.set('authorization', function (handshake, callback) {   handshake.foo = 'bar';   callback(null, true); });  io.sockets.on('connection', function(socket) {   console.log(socket.handshake.foo); // bar }); 

This is very useful, because you can store socket-based properties. A common use for this is with the Express framework, where one can identify the session ID based on the cookies passed by Socket.IO, which then a matching session can be identified.

like image 85
hexacyanide Avatar answered Oct 04 '22 20:10

hexacyanide