On Wed, 23 Oct 2013 06:19:08 GMT, Sönke Ludwig wrote:
On Tue, 22 Oct 2013 16:26:28 -0400, Shammah Chancellor wrote:
Anybody have a good way to authenticate websockets at the moment? Will
the session handler automatically handle them if it's turned on?Also, one thing I don't like about the current websockets setup is the
need to wrap the websocket handler to be able to get at the request
object.As in : https://github.com/schancel/gameserver/blob/master/source/app.d
The most straight forward solution for authentication in general is using the fall back feature of the
UrlRouter
:auto router = new URLRouter; // ... register all public routes... router.any("*", &authenticate); router.get("/ws", &handleWebSockets(&wshandler)); // ... register other protected routes... void authenticate(HTTPServerRequest req, HTTPServerResponse res) { bool authenticated = ...; if (authenticated) return; // fall through to protected routes else res.redirect(...); // redirect to login page }
Maybe with a special path for
req.requestURL == "/ws"
that sends an error code back for web sockets instead.I'll add a read-only
WebSocket.request
field that contains the originatingHTTPServerRequest
(nothing speaking against that, just nobody has needed it, yet).
Done: ad1cdd7