R
R
Rishat Sultanov2018-04-23 20:22:56
Node.js
Rishat Sultanov, 2018-04-23 20:22:56

How to correctly authorize a user in a chat?

Hello :)
Now the situation is like this, there is a backend with authorization in php (laravel 5.5). There is a chat on node js that works through socket.io. I want to transfer the username to the chat that the user has in the database when registering (laravel auth). In general, only one idea comes to mind, to make an API on Laravel and give a username, then axios should knock on the API and send it to node js, which in turn will setname to the user in the chat. But I feel here safety can give slack.

...
Server.js

io.on('connection', function(socket) {
socket.on('send-nickname', function(nickname) {
    socket.nickname = nickname;
    users.push(socket.nickname);
    console.log(users);
});
...
Client.js

socket.emit('send-nickname', nickname);

Maybe something better can be done? I am advised to separately verify the token and relogin separately in the chat. But I don't quite understand how. And httponly flag will not save from the fact that someone can steal the token?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
K
Konstantin B., 2018-04-23
@rishatss

Ummm did you read the docs? have you read about echo? Have you read about private channels? Something tells me not...

S
Sergey Sergey, 2018-04-23
@hahenty

Make a page on Laravel, visiting which the client will be redirected to the chat. But add a unique string to the redirect link. Simultaneously with the redirection of the client, Laravel will send a bunch of nickname and a unique string to the chat server. The chat server will use this unique string to understand who is connecting. The process will take no more than 5 seconds.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question