gpt4 book ai didi

laravel - 使用socket.io和Laravel Echo时如何保护私有(private) channel ?

转载 作者:行者123 更新时间:2023-12-02 02:07:52 28 4
gpt4 key购买 nike

这是我的 server.js 文件:

var app = require('express')();
var http = require('http').Server(app);
var io = require('socket.io')(http);
var Redis = require('ioredis');
var redis = new Redis();

http.listen(3000, function(){
console.log('Listening on Port 3000');
});

redis.psubscribe('*', function(err, count) {
console.log(err, count);
});
redis.on('pmessage', function(subscribed, channel, message) {
message = JSON.parse(message);
io.emit(message.event, channel, message.data);
});

还有一个简单的事件:

class FieldWasUpdated implements ShouldBroadcast
{
use InteractsWithSockets, SerializesModels;
public $instance;
public $key;
public $value;

public function __construct($instance, $key, $value)
{
$this->instance = $instance;
$this->key = $key;
$this->value = $value;
}

public function broadcastOn()
{
return new PrivateChannel("model." . $this->instance->getModelType() . "." . $this->instance->id);
}
}

客户端连接到socket.io:

Echo = new Echo({
broadcaster: 'socket.io',
host: window.location.hostname + ':3000'
});

然后监听事件(它位于 Blade 模板内):

var channel = "model.{{ $instance->getModelType() }}.{{ $instance->id }}";
Echo.private(channel)
.listen("FieldWasUpdated", function(e) {
window.VueBus.$emit("updated", channel, e.key, e.value);
})
.listen("FieldBecameDisabled", function(e) {
window.VueBus.$emit("disabled", channel, e.key);
});

问题是:未处理身份验证,任何用户都可以订阅这些 channel 。

Broadcast::channel("model.announcement.*", function($user, $id) {
return false; // this function is not called
})

以下是来自 Chrome 开发者控制台 (WebSocket) 的示例事件:

[
"App\\Events\\FieldWasUpdated",
"private-model.announcement.2",
{
"instance":
{
"type":"ANN_TYPE_MISSED_CALL",
"status":"ANN_STATUS_CANCELLED",
"name":"1233421",
"phone":"+7(222)222-3322",
"email":"sdgsg@mail.com",
"message":"sdgdsgsdgdfdg",
"requirement":null,
"web_type":"ANN_WEB_TYPE_UNKNOWN",
"url":null,
"responsible_id":19,
"recommender_id":18
},
"key":"message",
"value":"sdgdsgsdgdfdg"
}
]

此外,也没有 /broadcast/auth URL,但 BroadcastServiceProvider 调用了 Broadcast::routes(); 并且当浏览器加载,不会调用 /broadcast/auth

最佳答案

Laravel 文档在广播章节中详细介绍了这一点:https://laravel.com/docs/5.5/broadcasting#presence-channels 。对于私有(private) channel ,“授权存在 channel ”部分应该相同。

关于laravel - 使用socket.io和Laravel Echo时如何保护私有(private) channel ?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42086623/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com