Posted Wed, 23 Oct 2013 06:19:08 GMT in reply to
Shammah Chancellor
Reply
On Tue, 22 Oct 2013 16:26:28 -0400, Shammah Chancellor wrote:
Anybody have a good way to authenticate websockets at the moment? Will
the session handler automatically handle them if it's turned on?
Also, one thing I don't like about the current websockets setup is the
need to wrap the websocket handler to be able to get at the request
object.
As in : https://github.com/schancel/gameserver/blob/master/source/app.d
The most straight forward solution for authentication in general is using the fall back feature of the UrlRouter
:
auto router = new URLRouter;
// ... register all public routes...
router.any("*", &authenticate);
router.get("/ws", &handleWebSockets(&wshandler));
// ... register other protected routes...
void authenticate(HTTPServerRequest req, HTTPServerResponse res)
{
bool authenticated = ...;
if (authenticated) return; // fall through to protected routes
else res.redirect(...); // redirect to login page
}
Maybe with a special path for req.requestURL == "/ws"
that sends an error code back for web sockets instead.
I'll add a read-only WebSocket.request
field that contains the originating HTTPServerRequest
(nothing speaking against that, just nobody has needed it, yet).