So here's the problem. In one of the projects where we want to use XMPP we have a users databasase of around 2.5 millions users. We want that those users are able to login to our Ejabberd server using the same database. This means that every time a user logs into our site, we will query the database with PHP to see if he's allowed to login, and then ejabberd will query the
database again for the same purpose. Now, since the user is already authenticated in our PHP app, why don't we just share the session information with Ejabberd? Here's where InspectorD comes into play.
The first piece that we will use to solve this problem are Ejabberd external authentication scripts. In our case instead of authenticating against a database, we will user InspectorD to check whether a user is authenticated in our website. To do this we need to find some means of passing PHP's session_id to our auth script. How to do this?
In PHP there's a function called session_id() that returns the current session_id key. We will use this string as a user password for Ejabberd, so for example, using Strophe we can do something like this:
connection = new Strophe.Connection(BOSH_SERVICE);
connection.connect(+'@someserver', , onConnect);
Then Ejabberd will call our external authenticatinon script passing that nickname and the session_id as password. In our case we store the session information in Memcache, so our script will use the class SessionInspectorMemcache from InspectorD library. This class will connect to the session memcahe and from there will retrieve the session information belonging to that session_id. Finally it will return True or False depending if the user related to that session_id is authenticated or not.
You can see the complete authentication script here
If you are not using memcache to store the session information then you can create a Python class that extends from InspectorD's SessionInspector class and implements the getData method. You can see an example on the SessionInspectorMemcache class.
I hope this may result useful to you and don't hesitate to clone and improve InspectorD source code.
NOTE: I did a similar script using PHP but I found it somehow harder to implement than using InspectorD code. If you want to see that code, just ask in the comments and I will post it on github.
1 comment:
Fantastic! I was looking for EXACTLY this kind of solution, strophe/memcache dependencies included.
Thank you!
Post a Comment