Authorization

Home » Documentation » Authorization

“Authorization in computing is not just about keeping people out. It’s about letting the right people in with precision and discernment.”

At Connection – Handshake Event

For many reasons, adding verifications before opening connections is useful. The most common reason you would need that is to deny connections that don’t have authorization to access your service resources.

An example of that can be found in the Jacked Server’s strategy, where it creates a single-use token; with that token, during the handshake, there is an authorization procedure that verifies that token and consumes it.

<?php

use Conveyor\ConveyorServer;
use OpenSwoole\Http\Request;
use OpenSwoole\Http\Response;
use Conveyor\Events\PreServerStartEvent;

function validateConnection(Request $request, Response $response) {
    // do some validation...

    // if something goes wrong...
    if (false) {
        $response->status(401);
        $response->end($e->getMessage());
        return false;
    }

    // if everything seems right...
    $response->status(101);
    $response->end();
    return true;
}

$listeners = [
    ConveyorServer::EVENT_PRE_SERVER_START => fn (PreServerStartEvent $event) =>
        $event->server->on('handshake', 'validateConnection'),
];

ConveyorServer::start(eventListeners: $listeners);

In this example, we add a listener to the event ConveyorServer::EVENT_PRE_SERVER_START, and then we add a callback that adds an event handler to the server for the “handshake” event. If you want to know more about the events available at the Conveyor Server, you can find them here: Conveyor Server Events.

At the handshake event handler, we then return a status 101 or 401, depending on the outcome. In between, you add your implementation.

For Channels

Channel authorization happens at another moment. When authorizing in the server, you do it at the handshake, and that comes with some conditions, like not being able to use a body in the request, which is not the case here. When connecting to a channel, because it happens through a message in the sub-protocol, you have the body and more context to decide.

That said, authorizing a channel will happen in the middleware. To know how to work with middleware for channels, check here: Using Middlewares.