phpsocket.io 中认证失败的客户端连接如何服务端主动断开

609176445

我修改启动脚本如下,@walkor ,帮忙看看要怎么断开非法的请求连接呢?

<?php
use Workerman\Worker;
use Workerman\WebServer;
use Workerman\Autoloader;
use PHPSocketIO\SocketIO;

// composer autoload
include __DIR__ . '/../../vendor/autoload.php';
include __DIR__ . '/../../src/autoload.php';

$io = new SocketIO(2020);
define('USER', "randy");
define('PWD', '123');
$io->on('connection', function ($socket) use ($io) {
    $socket->addedUser = false;
    $socket->auth = false;
    \Workerman\Lib\Timer::add(1, function () use ($socket, $io) {
        if (!$socket->auth && $socket) {
            unset($socket);
        }
    }, [], false);

    $socket->on("doauth", function ($account) use ($socket) {
        //do auth
        $account = @json_decode($account, true);
        if (!is_array($account)) {
            $socket->emit("auth fail", );
            unset($socket);
            return;
        } elseif ($account != USER || $account != PWD) {
            $socket->emit("auth fail", );
            unset($socket);
            return;
        }

        $socket->auth = true;
        // when the client emits 'new message', this listens and executes
        $socket->on('new message', function ($data) use ($socket) {
            // we tell the client to execute 'new message'
            $socket->broadcast->emit('new message', array(
                'username' => $socket->username,
                'message'  => $data
            ));
        });

        // when the client emits 'add user', this listens and executes
        $socket->on('add user', function ($username) use ($socket) {
            global $usernames, $numUsers;
            // we store the username in the socket session for this client
            $socket->username = $username;
            // add the client's username to the global list
            $usernames = $username;
            ++$numUsers;
            $socket->addedUser = true;
            $socket->emit('login', array(
                'numUsers' => $numUsers
            ));
            // echo globally (all clients) that a person has connected
            $socket->broadcast->emit('user joined', array(
                'username' => $socket->username,
                'numUsers' => $numUsers
            ));
        });

        // when the client emits 'typing', we broadcast it to others
        $socket->on('typing', function () use ($socket) {
            $socket->broadcast->emit('typing', array(
                'username' => $socket->username
            ));
        });

        // when the client emits 'stop typing', we broadcast it to others
        $socket->on('stop typing', function () use ($socket) {
            $socket->broadcast->emit('stop typing', array(
                'username' => $socket->username
            ));
        });

        // when the user disconnects.. perform this
        $socket->on('disconnect', function () use ($socket) {
            global $usernames, $numUsers;
            // remove the username from global usernames list
            if ($socket->addedUser) {
                unset($usernames);
                --$numUsers;

                // echo globally that this client has left
                $socket->broadcast->emit('user left', array(
                    'username' => $socket->username,
                    'numUsers' => $numUsers
                ));
            }
        });
    });

});

$web = new WebServer('http://0.0.0.0:2022');
$web->addRoot('localhost', __DIR__ . '/public');

Worker::runAll();
6654 3 0
3个回答

walkor 打赏

socket.io好像没有关闭链接的方法。

  • 暂无评论
609176445

有个 socket.io-auth 好像是服务端直接disconnect客户端连接。不然直接部署到线上,任何非法连接不授权都可以很容易被攻击挂了,我用PHP unset socket好像连接都还在。不知道有没办法实现

  • 暂无评论
liulingyin

@609176445 我也有这样的问题,unset socket后连接都还在,现在解决了吗。

  • 暂无评论
年代过于久远,无法发表回答
×
🔝