1. 首页
  2. 问答
  3. 如何在使用socket.io和Laravel Echo时防范私人频道?

如何在使用socket.io和Laravel Echo时防范私人频道?

2017-02-07 47 views
5

这里是我的server.js文件:如何在使用socket.io和Laravel Echo时防范私人频道?

var app = require('express')(); 
var http = require('http').Server(app); 
var io = require('socket.io')(http); 
var Redis = require('ioredis'); 
var redis = new Redis(); 

http.listen(3000, function(){ 
    console.log('Listening on Port 3000'); 
}); 

redis.psubscribe('*', function(err, count) { 
    console.log(err, count); 
}); 
redis.on('pmessage', function(subscribed, channel, message) { 
    message = JSON.parse(message); 
    io.emit(message.event, channel, message.data); 
});

和一个简单的事件:

class FieldWasUpdated implements ShouldBroadcast 
{ 
    use InteractsWithSockets, SerializesModels; 
    public $instance; 
    public $key; 
    public $value; 

    public function __construct($instance, $key, $value) 
    { 
     $this->instance = $instance; 
     $this->key = $key; 
     $this->value = $value; 
    } 

    public function broadcastOn() 
    { 
     return new PrivateChannel("model." . $this->instance->getModelType() . "." . $this->instance->id); 
    } 
}

客户端连接到socket.io:

Echo = new Echo({ 
    broadcaster: 'socket.io', 
    host: window.location.hostname + ':3000' 
});

然后事件监听(这是在Blade模板中):

var channel = "model.{{ $instance->getModelType() }}.{{ $instance->id }}"; 
Echo.private(channel) 
    .listen("FieldWasUpdated", function(e) { 
     window.VueBus.$emit("updated", channel, e.key, e.value); 
    }) 
    .listen("FieldBecameDisabled", function(e) { 
     window.VueBus.$emit("disabled", channel, e.key); 
    });

问题是:验证不处理,任何用户都可以订阅这些通道。

Broadcast::channel("model.announcement.*", function($user, $id) { 
    return false; // this function is not called 
})

下面是来自Chrome开发者控制台(的WebSocket)样本事件:

[ 
    "App\\Events\\FieldWasUpdated", 
    "private-model.announcement.2", 
    { 
     "instance": 
     { 
      "type":"ANN_TYPE_MISSED_CALL", 
      "status":"ANN_STATUS_CANCELLED", 
      "name":"1233421", 
      "phone":"+7(222)222-3322", 
      "email":"[email protected]", 
      "message":"sdgdsgsdgdfdg", 
      "requirement":null, 
      "web_type":"ANN_WEB_TYPE_UNKNOWN", 
      "url":null, 
      "responsible_id":19, 
      "recommender_id":18 
     }, 
     "key":"message", 
     "value":"sdgdsgsdgdfdg" 
    } 
]

还没有/broadcast/auth URL,但BroadcastServiceProvider有一个呼叫Broadcast::routes();和浏览器加载时,没有来电到/broadcast/auth发生。

来源

2017-02-07 Jackson J

+0

尝试Broadcast :: channel(“model.announcement。*”,function($ user,$ id){ abort(401); }) –

回答

相关问题

 相关问题