search

walkor / workerman

An asynchronous event driven PHP socket framework. Supports HTTP, Websocket, SSL and other custom protocols.
http://www.workerman.net
MIT License
11.03k stars 2.25k forks source link

Restrict access by origin domain and limit the number of connections #1008

Closed programarivm closed 5 months ago

programarivm commented 5 months ago

Hello there,

I've been able to successfully implement the cli/workerman/staging.php script which is now running as shown below.

php cli/workerman/staging.php start
Welcome to PHP Chess Server
Commands available:
/accept {"jwt":"<string>"} Accepts an invitation to play online with an opponent.
/draw {"action":["accept","decline","propose"]} Allows to offer a draw.
/heuristics {"fen":"<string>","variant":"<string>"} Returns the heuristics of a chess position.
/leave {"action":["accept"]} Allows to leave a game.
/legal {"position":"<string>"} Returns the legal FEN positions of a piece.
/online_games Returns the online games waiting to be accepted.
/play_lan {"color":"<string>","lan":"<string>"} Plays a chess move in long algebraic notation.
/randomizer {"turn":"<string>","items":"<string>"} Starts a random position.
/rematch {"action":["accept","decline","propose"]} Allows to offer a rematch.
/resign {"action":["accept"]} Allows to resign a game.
/restart {"hash":"<string>"} Restarts a game.
/start {"variant":["960","capablanca","capablanca-fischer","classical"],"mode":["fen","san","play","stockfish"],"settings":{"color":["w","b"],"fen":"<string>","movetext":"<string>","settings":"<string>","startPos":"<string>"}} Starts a new game.
/stockfish {"options":{"Skill Level":"int"},"params":{"depth":"int"}} Returns Stockfish's response to the current position.
/stockfish_eval {"fen":"<string>","variant":"<string>"} Returns Stockfish's evaluation for the given position.
/takeback {"action":["accept","decline","propose"]} Allows to takeback a move.
/tutor_fen {"fen":"<string>","variant":"<string>"} Explains a FEN position in terms of chess concepts.
/undo Undoes the last move.

Listening to commands...
Workerman[cli/workerman/staging.php] start in DEBUG mode
------------------------------------------- WORKERMAN --------------------------------------------
Workerman version:4.1.14          PHP version:8.3.1           Event-Loop:\Workerman\Events\Select
-------------------------------------------- WORKERS ---------------------------------------------
proto   user            worker          listen                      processes    status           
ssl     standard        none            websocket://0.0.0.0:8443    1             [OK]            
--------------------------------------------------------------------------------------------------
Press Ctrl+C to stop. Start success.

Now I'd want to write a production script called cli/workerman/prod.php to enable some restrictions similarly as with cli/ratchet/prod.php.

Here are two questions.

  1. Is it possible to limit the number of connections to the chess server?
  2. How can I restrict access by origin domain?

Thank you for the help, and keep it up.

fuzqing commented 5 months ago
  1. No.
  2. When workerman version <= 4.1 you can see https://www.workerman.net/doc/workerman/appendices/about-websocket.html 
    
<?php
require_once __DIR__ . '/vendor/autoload.php';

use Workerman\Connection\TcpConnection; use Workerman\Worker;

$ws = new Worker('websocket://0.0.0.0:8181'); $ws->onConnect = function($connection) { $connection->onWebSocketConnect = function($connection , $httpBuffer) { // This is where you can determine if the connection is from a legitimate source and close it if it is not. // $_SERVER['HTTP_ORIGIN'] identifies the site from which the page initiated the websocket connection. if($_SERVER['HTTP_ORIGIN'] != 'https://www.workerman.net') { $connection->close(); } // onWebSocketConnect where $_GET $_SERVER is available. // var_dump($_GET, $_SERVER); }; }; Worker::runAll();