NestJs Socket io 适配器:如果使用 false 调用 allowFunction,服务器不会将 CORS headers 添加到握手的响应中。错误或配置错误?
NestJs Socket io adapter: Server does not add CORS headers to handshake's response if allowFunction is called with false. Bug or misconfiguration?
authenticated-socket-io.adapter.ts
export class AuthenticatedSocketIoAdapter extends IoAdapter {
private readonly authService: AuthService;
constructor(private app: INestApplicationContext) {
super(app);
this.authService = this.app.get(AuthService);
}
createIOServer(port: number, options?: SocketIO.ServerOptions): any {
options.allowRequest = async (request, allowFunction) => {
const { authorized, errorMessage } = await this.check(parse(request?.headers?.cookie || '').jwt, [UserRole.ADMIN]);
if (!authorized) {
return allowFunction(errorMessage, false);
}
return allowFunction(null, true);
};
return super.createIOServer(port, options);
}
main.ts
const app = await NestFactory.create(AppModule);
app.enableCors({
origin: ['http://localhost:4200'],
credentials: true
});
app.use(cookieParser());
app.use(csurf({ cookie: true }));
app.useWebSocketAdapter(new AuthenticatedSocketIoAdapter(app));
授权成功时:
authorization is successful
授权失败时:
authorization fails
发现问题:
来自 socket io 的函数处理错误消息:
/**
* Sends an Engine.IO Error Message
*
* @param {http.ServerResponse} response
* @param {code} error code
* @api private
*/
function sendErrorMessage (req, res, code) {
var headers = { 'Content-Type': 'application/json' };
var isForbidden = !Server.errorMessages.hasOwnProperty(code);
if (isForbidden) {
res.writeHead(403, headers);
res.end(JSON.stringify({
code: Server.errors.FORBIDDEN,
message: code || Server.errorMessages[Server.errors.FORBIDDEN]
}));
return;
}
if (req.headers.origin) {
headers['Access-Control-Allow-Credentials'] = 'true';
headers['Access-Control-Allow-Origin'] = req.headers.origin;
} else {
headers['Access-Control-Allow-Origin'] = '*';
}
if (res !== undefined) {
res.writeHead(400, headers);
res.end(JSON.stringify({
code: code,
message: Server.errorMessages[code]
}));
}
}
这里的“代码”参数将是我在这里传递的参数“allowFunction(errorMessage, false)”
该值必须是“0”、“1”、“2”、“3”或“4”之一,否则 isForbidden 将为假,因此不会设置 'Access-Control-Allow-Credentials' header.
Server.errorMessages = {
0: 'Transport unknown',
1: 'Session ID unknown',
2: 'Bad handshake method',
3: 'Bad request',
4: 'Forbidden'
};
希望有一天这对某人有所帮助。
authenticated-socket-io.adapter.ts
export class AuthenticatedSocketIoAdapter extends IoAdapter {
private readonly authService: AuthService;
constructor(private app: INestApplicationContext) {
super(app);
this.authService = this.app.get(AuthService);
}
createIOServer(port: number, options?: SocketIO.ServerOptions): any {
options.allowRequest = async (request, allowFunction) => {
const { authorized, errorMessage } = await this.check(parse(request?.headers?.cookie || '').jwt, [UserRole.ADMIN]);
if (!authorized) {
return allowFunction(errorMessage, false);
}
return allowFunction(null, true);
};
return super.createIOServer(port, options);
}
main.ts
const app = await NestFactory.create(AppModule);
app.enableCors({
origin: ['http://localhost:4200'],
credentials: true
});
app.use(cookieParser());
app.use(csurf({ cookie: true }));
app.useWebSocketAdapter(new AuthenticatedSocketIoAdapter(app));
授权成功时: authorization is successful
授权失败时: authorization fails
发现问题: 来自 socket io 的函数处理错误消息:
/**
* Sends an Engine.IO Error Message
*
* @param {http.ServerResponse} response
* @param {code} error code
* @api private
*/
function sendErrorMessage (req, res, code) {
var headers = { 'Content-Type': 'application/json' };
var isForbidden = !Server.errorMessages.hasOwnProperty(code);
if (isForbidden) {
res.writeHead(403, headers);
res.end(JSON.stringify({
code: Server.errors.FORBIDDEN,
message: code || Server.errorMessages[Server.errors.FORBIDDEN]
}));
return;
}
if (req.headers.origin) {
headers['Access-Control-Allow-Credentials'] = 'true';
headers['Access-Control-Allow-Origin'] = req.headers.origin;
} else {
headers['Access-Control-Allow-Origin'] = '*';
}
if (res !== undefined) {
res.writeHead(400, headers);
res.end(JSON.stringify({
code: code,
message: Server.errorMessages[code]
}));
}
}
这里的“代码”参数将是我在这里传递的参数“allowFunction(errorMessage, false)” 该值必须是“0”、“1”、“2”、“3”或“4”之一,否则 isForbidden 将为假,因此不会设置 'Access-Control-Allow-Credentials' header.
Server.errorMessages = {
0: 'Transport unknown',
1: 'Session ID unknown',
2: 'Bad handshake method',
3: 'Bad request',
4: 'Forbidden'
};
希望有一天这对某人有所帮助。