using tornado.web.RequestHandler along with tornadio2.SocketConnection

[harabara]

Hi

Is there a way to subclass both of the classes from topic?

A reason for this is to use @tornado.web.authenticated decorator with on_message() and on_open()

It would also help me to get current user. A little more details:

I have a class UserHandler class UserHandler(tornado.web.RequestHandler): with a method get_current_user() that is based on secret cookies and mongo db. I need a way to use this method form my SocketConnection's on_message() and on_open()

Right now it is not possible because UserHandler's constructor is never called if I define it like this: class MySocketConnection(SocketConnection, UserHandler):

How would I identify the user otherwise?

Thanks.

[mrjoes]

It is not possible to use tornado.web.authenticated decorators in TornadIO2:

1. TornadIO2 is networking abstraction and it works through variety of protocols. For example, in cross-domain scenario you won't get any cookies at all
2. RequestHandler works with "active" HTTP connection, while in TornadIO2 you might send or receive data when client is disconnected (in between polls)
3. Authentication decorators require certain methods from RequestHandler class and they don't make any sense in SocketConnection.

Possible solutions:

1. Simple: on_open accepts raw cookies, grab your cookie, validate user and store user information in self. This might require playing with Tornado authentication mixins. There's no need to validate user in on_message - it is guaranteed that on_message will be called for same user;
2. Harder, works in cross-domain scenarios: send cookie value from the client as a first message and use it to authenticate the user. Do some checks in on_message to figure out if user authenticated or not.

P.S. Take a look at sockjs-tornado, because socket.io is poorly maintained (not TornadIO2 problem). SockJS does not have any cookies at all.

[harabara]

That was quick and really detailed. Thanks a lot.