使用 socket.io-client 对 Featherjs 进行身份验证

Authentication to Featherjs using socket.io-client

如何向 Feathersjs (https://docs.feathersjs.com/api/client/socketio.html#authentication) using Direct Connection (https://docs.feathersjs.com/api/client/socketio.html#direct-connection) 进行身份验证?以下代码表示我的 accessToken 格式不正确,但我怀疑要使其正常工作还不止于此。我在哪里获取 accessToken?

app.js(客户端):

import express from 'express';

const socket = require('socket.io-client')('http://localhost:3030', {
  transports: ['websocket']
});

socket.emit('authenticate', { 
  strategy: 'jwt',
  accessToken: 'what to enter here'
}, (message: any, data: any) => {
  console.log(message);
  console.log(data);
});

const app = express();

app.get('/', (req, res) => res.send('Up and running!'));

app.listen(4390, () => console.log('Example app listening on port 4390!'));

authentication.js(羽毛服务器)

const authentication = require('@feathersjs/authentication');
const jwt = require('@feathersjs/authentication-jwt');
const local = require('@feathersjs/authentication-local');

module.exports = function (app) {
  const config = app.get('authentication');

  // Set up authentication with the secret
  app.configure(authentication(config));
  app.configure(jwt());
  app.configure(local());

  app.service('authentication').hooks({
    before: {
      create: [
        authentication.hooks.authenticate(config.strategies),
      ],
      remove: [
        authentication.hooks.authenticate('jwt')
      ]
    }
  });
};

我尝试使用秘密作为 accessToken 但它没有用:) default.json(羽毛服务器配置)

"authentication": {
    "secret": "r323r32rada86700f18d82ea1d3e74fb58141dbefcd7460ef71736759265e347151a12d68dff50aa59c05e2f18db88661be8ae91a3f12932fddea8891b5ca9f63b5e4fc650edabc59d0d14e8fe4ea54256e7e386845321ab58a320a9ec99438bd058a3fbbda65dadf97bc9585ea82f72201f932beqwdqwdqwd5761a0d0be3e95474db5b9c8a3f4c7303beed0344a1768ba5dad6a1c916d183ea5dd923587768661ff0b08f25ed85dff4ff4e6b58327fe5914e5e7fb2356ee67754b102434f22686444a35fc38c75bcdd6386240a22e0cf62bdc7f227200868da387174b365af2afa7dec378c4ccf22956b134a3ec961fd1ba8d3dc85a7594ab711",
    "strategies": [
      "jwt",
      "local"
    ],
    "path": "/authentication",
    "service": "users",
    "jwt": {
      "header": {
        "typ": "access"
      },
      "audience": "https://yourdomain.com",
      "subject": "anonymous",
      "issuer": "feathers",
      "algorithm": "HS256",
      "expiresIn": "1d"
    },
    "local": {
      "entity": "user",
      "usernameField": "email",
      "passwordField": "password"
    }
  },
...

感谢所有回复!

为了获得 accessToken,您通常需要使用 email/passwordoauth 的策略进行身份验证。这将 return 一个 accessToken,然后您可以将其用于 jwt 身份验证。

另一种方法是使用 custom authentication strategy,这将允许您拥有两个服务器可以用来相互通信的共享密钥。

谢谢@mchaffe!在你的帮助下我设法解决了它。这是使用的代码:

import dotenv from 'dotenv';

// Load environments
const config = dotenv.config()
if (config.error) throw config.error

const io = require('socket.io-client');
const feathers = require('@feathersjs/client');
const localStorage = require('localstorage-memory');

const client = feathers();

const socket = io('http://localhost:3030/', {
  transports: ['websocket'],
  forceNew: true
});

client.configure(feathers.socketio(socket), {
  timeout: 10000
});

client.configure(feathers.authentication({
  jwtStrategy: 'jwt',
  storage: localStorage,
  storageKey: 'some-token'
}));

const payload = {
  strategy: 'local',
  email: process.env.FEATHERS_AUTHENTICATION_EMAIL,
  password: process.env.FEATHERS_AUTHENTICATION_PASSWORD
};

client.authenticate(payload).then((response: any) => {
  // Do stuff to hooray here
  console.log('Access Token: ' + response.accessToken);

  // Works!
  socket.emit('get', 'logger', 1, (error: any, log: any) => {
    console.log('Found log: ' + JSON.stringify(log));
  });

}).catch((e: any) =>  {
  console.log('Error: ' + e); 
});

如果您有改进的建议,我会洗耳恭听! :) 看来我可以使用 socket.emit 方法从数据库访问数据。我是否需要验证返回的 accessToken?再次感谢!