Laravel Ratchet socket Auth

Question

I am starting learning Ratchet (reactPHP) I am using laravel. But I came to a line about security. How can I deny websocket connection based on user is logged in or not

public function onOpen(ConnectionInterface $conn)
    {
        $this->clients->attach($conn);
        $this->users[$conn->resourceId] = $conn;
        if(Auth::check()){
            echo 'user logged in';
        }else{
            echo "New connection! ({$conn->resourceId})\n";
        }

    }

I used something like this but it passes the Auth::check and console always shows New Connection.

score 0 · Accepted Answer · answered Jan 13 '16 at 14:08

Ok Playing around found solution and it seems ok: I am using Sentinel

$session = (new SessionManager(App::getInstance()))->driver();
$cookies = $conn->WebSocket->request->getCookies();
$laravelCookie = urldecode($cookies['timeline_auth']);
$idSession = Crypt::decrypt($laravelCookie);
$user = Sentinel::findByPersistenceCode($idSession);

If there is better solution please leave a comment

score 0 · Answer 2 · answered Apr 02 '17 at 19:06

You cannot use Auth::user() anymore with WebSocket. The WebSocket server is handling multiple connections (so Auth::user() dosent have any sense). BUT you can access the user session.

more details here

https://laravel.io/forum/01-16-2015-loading-laravels-session-using-ratchet

score 0 · Answer 3 · answered Apr 04 '19 at 09:38

0

Use laravel-ratchet package.

It will handle connection to auth conversion and laravel session for you.

answered Apr 04 '19 at 09:38

shamaseen

2,193
2
21
35

Laravel Ratchet socket Auth

3 Answers3

Linked