i'm developing an application with Socket.IO that needs to authenticate if user can join a room.
Client side:
var socket = io('http://<?php echo $_SERVER['HTTP_HOST'];?>:3000');
socket.on('connect', function() {
var req = [current_user_id,secret_hash];
socket.emit('join', req);
});
Server listens on join requests of clients, gets access to a MySQL database and evaluates if user can join or not the requested hash channel:
...
if (rows.length == 1) {
socket.join(request[1]); //join on channel ID which is request[1] cell of array
}
//if not authorized, does not allow joining.
...
I've got two questions:
1) I don't want to allow client side direct joning of channel. Clients must not be able to launch socket.join("room"). How can i block those requests? Server is the only one that cares about assigning rooms.
2) Is there a way to listen for event "user leaves his private channel id"?
Thanks.
Aucun commentaire:
Enregistrer un commentaire