我正在尝试使用 cookie 使用 elixir 和苦艾酒进行授权/身份验证 graphql 订阅,我使用了以下链接:
https://nts.strzibny.name/graphql-subscriptions-with-elixir-and-absinth/
我正在尝试对用户进行身份验证以订阅正确的主题,但我无权访问订阅连接中的 cookie。为什么?
在我看到以下链接后:
https://hexdocs.pm/absinthe_phoenix/Absinthe.Phoenix.Socket.html
在我的 user_socket.ex 中,我将 user_id 作为查询参数传递,这是可行的,但它根本不安全......我可以传递我想要的 id ??!!
有人能帮我吗?
@moduledoc false
use Phoenix.Socket
use Absinthe.Phoenix.Socket,
schema: MyAppGraphQL.Schema
## Channels
# channel "room:*", MyAppWeb.RoomChannel
# Socket params are passed from the client and can
# be used to verify and authenticate a user. After
# verification, you can put default assigns into
# the socket that will be set for all channels, ie
#
# {:ok, assign(socket, :user_id, verified_user_id)}
#
# To deny connection, return `:error`.
#
# See `Phoenix.Token` documentation for examples in
# performing token verification on connect.
def connect(%{"user_id" => user_id}, socket) do
case current_user(user_id) do
nil ->
:error
current_user ->
socket =
Absinthe.Phoenix.Socket.put_options(socket,
context: %{
current_user: current_user
}
)
{:ok, socket}
end
end
def connect(_, _), do: :error
defp current_user(user_id), do: MyApp.Accounts.lookup_user_with_company(user_id)
# Socket id's are topics that allow you to identify all sockets for a given user:
#
# def id(socket), do: "user_socket:#{socket.assigns.user_id}"
#
# Would allow you to broadcast a "disconnect" event and terminate
# all active sockets and channels for a given user:
#
# MyAppWeb.Endpoint.broadcast("user_socket:#{user.id}", "disconnect", %{})
#
# Returning `nil` makes this socket anonymous.
def id(_socket), do: nil
end```