Description
Hi Guys,
sockjs is a great piece of work. I am trying to integrate it with one of my application.
sockjs-erlang application runs on a different host/port than the usual web host/port.
As a result, i would like to have some kind of authorization/authentication flow before
a user can open a websocket stream. I think this is best solved by doing checks on cookie
data and validating them in the cache store.
To get cookie info, i have currently this patch working for me:
git diff src/sockjs_handler.erl
diff --git a/src/sockjs_handler.erl b/src/sockjs_handler.erl
index f0fce8d..e21edfe 100644
--- a/src/sockjs_handler.erl
+++ b/src/sockjs_handler.erl
@@ -222,7 +222,14 @@ extract_info(Req) ->
end, {[], Req2},
['Referer', 'X-Client-Ip', 'X-Forwarded-F
'X-Cluster-Client-Ip', 'Via', 'X-Real-Ip
+
+ %% hack to get cookies in the callback too
+ {cowboy, CReq0} = Req3,
+ {Cookies, CReq1} = cowboy_http_req:cookies(CReq0),
+ Req4 = {cowboy, CReq1},
+
{[{peername, Peer},
{sockname, Sock},
{path, Path},
- {headers, Headers}], Req3}.
+ {headers, Headers},
+ {cookies, Cookies}], Req4}.
Other thing i found missing inside sockjs-erlang api is how can i shutdown/deny a connection attempt
from within my Conn init callback when i detect a invalid cookie data (ideally this should be
happening at /echo/info call level). One possible solution is to straightaway call Conn:close() ,
is that the best solution possible here?