Fix: Move authentication to Socket.IO connection handler

- Remove allowRequest middleware (doesn't have access to auth)
- Validate auth token in connection handler using socket.handshake.auth
- Add detailed logging for auth token
- Disconnect unauthorized clients immediately

Author: tgs9915

src/index.ts

@@ -81,45 +81,10 @@ const io = new Server(httpServer, {
   transports: ['websocket', 'polling'],
   pingTimeout: 60000,
   pingInterval: 25000,
-  // 鉴权中间件
-  allowRequest: (req, callback) => {
-    // 详细日志
-    console.log('[WatchRoom] Connection attempt from:', req.headers.origin);
-    console.log('[WatchRoom] URL:', req.url);
-
-    // 尝试从多个地方获取认证信息
-    const authHeader = req.headers.authorization;
-    const urlParams = new URL(req.url || '', 'http://localhost').searchParams;
-    const authFromQuery = urlParams.get('auth');
-
-    console.log('[WatchRoom] Authorization header:', authHeader);
-    console.log('[WatchRoom] Auth from query:', authFromQuery);
-    console.log('[WatchRoom] Expected AUTH_KEY:', AUTH_KEY);
-
-    // 检查 Authorization header
-    if (authHeader === `Bearer ${AUTH_KEY}`) {
-      console.log('[WatchRoom] ✅ Authentication successful (via header)');
-      callback(null, true);
-      return;
-    }
-
-    // 检查 query 参数（作为备用方案）
-    if (authFromQuery === AUTH_KEY) {
-      console.log('[WatchRoom] ✅ Authentication successful (via query)');
-      callback(null, true);
-      return;
-    }
-
-    console.log('[WatchRoom] ❌ Authentication failed');
-    console.log('[WatchRoom] Received header:', authHeader);
-    console.log('[WatchRoom] Received query:', authFromQuery);
-    console.log('[WatchRoom] Expected:', `Bearer ${AUTH_KEY}`);
-    callback('Unauthorized', false);
-  },
 });
 
 // 初始化观影室服务器
-const watchRoomServer = new WatchRoomServer(io);
+const watchRoomServer = new WatchRoomServer(io, AUTH_KEY);
 
 // 启动服务器
 httpServer.listen(PORT, () => {

src/watch-room-server.ts

@@ -16,8 +16,13 @@ export class WatchRoomServer {
   private members: Map<string, Map<string, Member>> = new Map();
   private socketToRoom: Map<string, RoomMemberInfo> = new Map();
   private cleanupInterval: NodeJS.Timeout | null = null;
+  private authKey: string;
 
-  constructor(private io: SocketIOServer<ClientToServerEvents, ServerToClientEvents>) {
+  constructor(
+    private io: SocketIOServer<ClientToServerEvents, ServerToClientEvents>,
+    authKey?: string
+  ) {
+    this.authKey = authKey || process.env.AUTH_KEY || '';
     this.setupEventHandlers();
     this.startCleanupTimer();
   }
@@ -26,6 +31,20 @@ export class WatchRoomServer {
     this.io.on('connection', (socket: TypedSocket) => {
       console.log(`[WatchRoom] Client connected: ${socket.id}`);
 
+      // 验证认证
+      const auth = socket.handshake.auth as { token?: string };
+      console.log('[WatchRoom] Auth token from handshake:', auth.token);
+      console.log('[WatchRoom] Expected AUTH_KEY:', this.authKey);
+
+      if (!auth.token || auth.token !== this.authKey) {
+        console.log('[WatchRoom] ❌ Authentication failed, disconnecting client');
+        socket.emit('error', 'Unauthorized');
+        socket.disconnect(true);
+        return;
+      }
+
+      console.log('[WatchRoom] ✅ Authentication successful');
+
       // 创建房间
       socket.on('room:create', (data, callback) => {
         try {