Redis, Node.js, and Socket.io : Cross server authe

2019-04-02 02:43发布

站内问答 / Redis
1332 1 5

I got a single-page application running on Rails and Backbone.js. I'm using Node.js through Redis to push and synchronize data to clients. I am trying to understand, secure and optimize sockets communications.

When writing with console.log I see some log lines (console.log('Redis connection on ..')) are getting duplicate (see bellow).

Does anyone can explain me why ? Is there some specific Node.js behaviours I'm not understanding, through my code implementation ?

Here's my Node.js code:

var io = require('socket.io').listen(3003);
var redis = require('redis');
var cookie = require("cookie");
var redis_subs = redis.createClient(6379, "localhost");
var redis_auth = redis.createClient(6379, "localhost");
var authenticated = false;

var authentication_status = function (status) {
  if (status === true) {
    console.log('Authentication status is true.');
  }
  else {
    console.log('Authentication status is false.');
  }
  authenticated = status;
};

redis_subs.subscribe('application_channel');

io.configure(function () {
  io.set('authorization', function (data, callback) {
    console.log('Cross authentication...');
    if (data.headers.cookie) {
      data.cookie = cookie.parse(data.headers.cookie);
      data.sessionID = data.cookie['_validation_token_key'];
      redis_auth.hget(["sessionStore", data.sessionID], function (err, session) {
        if (err || !session) {
          console.log('Socket.io authorization say false');
          return callback(authentication_status(false), false);
        }
        else {
          data.session = JSON.parse(session);
          console.log('Socket.io authorization say true');
          return callback(authentication_status(true), true);
        }
      });
    }
    else {
      console.log('Socket.io authorization say false');
      return callback(authentication_status(false), false);
    }
  });
});

io.on('connection', function(socket){
    if (socket.handshake.session) {
      var user_socket_channel = socket.handshake.session['user_socket_channel']
      redis_subs.on('message', function(redis_channel, rawdata) {
        console.log('Redis connection on '+redis_channel);
        console.log('Handshaked Session, authenticated user. All channels allowed.');
        var data = JSON.parse(rawdata);
        if (data.channel) { var socket_channel = data.channel; }
        else { var socket_channel = user_socket_channel; }
        var rails_data = data.data;
        console.log('Socket.io emiting on ['+socket_channel+']')
        socket.emit(socket_channel, rails_data);
      });
    }
    else {
      redis_subs.on('message', function(redis_channel, rawdata) {
        console.log('Redis connection on '+redis_channel);
        console.log('No handshaked Session, unauthenticated user. Public channels allowed.');
        var data = JSON.parse(rawdata);
        var rails_data = data.data;
        console.log('Socket.io emiting on [public]')
        socket.emit('public', rails_data);
      });
    }
});

Here is the way I am testing it, and the specific use case where log is getting duplicate :

Loading the page while being logged-in, with web browser1 (e.g: Firefox); output: 

   info  - socket.io started
Cross authentication...
Socket.io authorization say true
Authentication status is true.
   debug - authorized
   info  - handshake authorized bJxm_IcWl2mKZT4Ed-kV
   debug - setting request GET /socket.io/1/websocket/bJxm_IcWl2mKZT4Ed-kV
   debug - set heartbeat interval for client bJxm_IcWl2mKZT4Ed-kV
   debug - client authorized for 
   debug - websocket writing 1::

Loading the same page being logged-out with browser2 (e.g: Chrome)

Cross authentication...
Socket.io authorization say false
Authentication status is false.
   debug - authorized
   info  - handshake unauthorized

Sending some data through page/browser1 (Firefox) -> Rails -> Redis, output: 

Redis connection on application_channel
Handshaked Session, authenticated user. All channels allowed.
Socket.io emiting on [hLTYXuvP+13aQlIT9CZiYc1i9eg=]
   debug - websocket writing 5:::{"name":"hLTYXuvP+13aQlIT9CZiYc1i9eg=","args":[null]}

Reloading the page on browser2(Chrome, logged-out), still output 

Cross authentication...
Socket.io authorization say false
Authentication status is false.
   debug - authorized
   info  - handshake unauthorized

Reloading the page on browser1/Firefox and pushing some more data to Redis through the page and Rails, output:

Redis connection on application_channel
Handshaked Session, authenticated user. All channels allowed.
Socket.io emiting on [hLTYXuvP+13aQlIT9CZiYc1i9eg=]
Redis connection on application_channel
Handshaked Session, authenticated user. All channels allowed.
Socket.io emiting on [hLTYXuvP+13aQlIT9CZiYc1i9eg=]
   debug - websocket writing 5:::{"name":"hLTYXuvP+13aQlIT9CZiYc1i9eg=","args":[null]}

As you can see, the event got duplicated, and the Redis listener now catch two connections; Every time I'll reload page1/Firefox, it will duplicate it one more time (3,4,5...).

I don't understand this behaviours. What am I missing? By the way, as you can see, I don't really understand either the goal of Socket.io configure, set authorization and callback, returning true or false, as Node is reaching to io.on('connection') and Redis listeners anyway.

1条回答
兄弟一词,经得起流年.
2楼-- · 2019-04-02 03:33

Ok, I've got my answer. I had a hard time figuring it out, been looking for hours ...

Here's the related topic that allowed me to make it work (answer AND comments):

How to remove Redis on 'message' listeners

And here's my code:

io.on('connection', function(client){
    console.log('Client id #'+client.id);

    if (client.handshake.session) {
      var user_socket_channel = client.handshake.session['user_socket_channel'];
    }

    var redis_listener = function(redis_channel, rawdata) {
      console.log('Redis connection on '+redis_channel);
      var data = JSON.parse(rawdata);
      if (data.channel) { var socket_channel = data.channel; }
      else { 
        if (user_socket_channel) { var socket_channel = user_socket_channel; }
        else { var socket_channel = 'public' }
      }
      var rails_data = data.data;
      console.log('Socket.io emiting on ['+socket_channel+']');
      client.emit(socket_channel, rails_data);
    };

    redis_subs.on('message', redis_listener);

    client.on('disconnect', function(){
      console.log('Client disconnect, removing redis listener..');
      redis_subs.removeListener('message', redis_listener);
    });
});

Depending on the context, you need to call redis.removeListener on io.client.disconnect event.

Here's a probable alternative :

https://github.com/LearnBoost/Socket.IO/wiki/Configuring-Socket.IO

By the way this related question seems a similar one with an accurate answer, but isn't actually (didn't work). Further more, look at the highlighted comment:

How to reuse redis connection in socket.io?

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)