This repository has been archived on 2024-11-11. You can view files and clone it, but cannot push or open issues or pull requests.
socketio-jwt/oldCode/lib/index.js

302 lines
7.9 KiB
JavaScript
Raw Normal View History

2020-12-27 17:25:44 +01:00
const xtend = require('xtend')
const jwt = require('jsonwebtoken')
const UnauthorizedError = require('./UnauthorizedError')
function noQsMethod (options) {
2020-12-27 17:25:44 +01:00
const defaults = { required: true }
options = xtend(defaults, options)
2015-05-29 13:52:14 +02:00
return (socket) => {
2020-12-27 17:25:44 +01:00
'use strict' // Node 4.x workaround
const server = this.server || socket.server
2014-01-14 12:30:39 +01:00
if (!server.$emit) {
//then is socket.io 1.0
2020-12-27 17:25:44 +01:00
const Namespace = Object.getPrototypeOf(server.sockets).constructor
if (!~Namespace.events.indexOf('authenticated')) {
2020-12-27 17:25:44 +01:00
Namespace.events.push('authenticated')
}
}
2015-05-29 13:52:14 +02:00
2020-12-27 17:25:44 +01:00
let auth_timeout = null
if (options.required) {
auth_timeout = setTimeout(() => {
2020-12-27 17:25:44 +01:00
socket.disconnect('unauthorized')
}, options.timeout || 5000)
2015-05-29 13:52:14 +02:00
}
socket.on('authenticate', (data) => {
if (options.required) {
2020-12-27 17:25:44 +01:00
clearTimeout(auth_timeout)
2015-05-29 13:52:14 +02:00
}
// error handler
const onError = (err, code) => {
2017-11-13 16:54:19 +01:00
if (err) {
2020-12-27 17:25:44 +01:00
code = code || 'unknown'
const error = new UnauthorizedError(code, {
2020-12-27 17:25:44 +01:00
message:
Object.prototype.toString.call(err) === '[object Object]' &&
err.message
? err.message
: err
})
let callback_timeout
// If callback explicitly set to false, start timeout to disconnect socket
2020-12-27 17:25:44 +01:00
if (
options.callback === false ||
typeof options.callback === 'number'
) {
2017-11-13 16:54:19 +01:00
if (typeof options.callback === 'number') {
if (options.callback < 0) {
// If callback is negative(invalid value), make it positive
2020-12-27 17:25:44 +01:00
options.callback = Math.abs(options.callback)
}
}
2020-12-27 17:25:44 +01:00
callback_timeout = setTimeout(
() => {
socket.disconnect('unauthorized')
},
options.callback === false ? 0 : options.callback
)
}
socket.emit('unauthorized', error, () => {
2017-11-13 16:54:19 +01:00
if (typeof options.callback === 'number') {
2020-12-27 17:25:44 +01:00
clearTimeout(callback_timeout)
2017-11-13 16:54:19 +01:00
}
2020-12-27 17:25:44 +01:00
socket.disconnect('unauthorized')
})
return // stop logic, socket will be close on next tick
2017-11-13 16:54:19 +01:00
}
2020-12-27 17:25:44 +01:00
}
2020-12-27 17:25:44 +01:00
const token = options.cookie
? socket.request.cookies[options.cookie]
: data
? data.token
: undefined
2018-09-27 10:53:48 +02:00
if (!token || typeof token !== 'string') {
2020-12-27 17:25:44 +01:00
return onError({ message: 'invalid token datatype' }, 'invalid_token')
}
// Store encoded JWT
2020-12-27 17:25:44 +01:00
socket[options.encodedPropertyName] = token
2015-05-29 13:52:14 +02:00
const onJwtVerificationReady = (err, decoded) => {
if (err) {
2020-12-27 17:25:44 +01:00
return onError(err, 'invalid_token')
2014-01-13 22:41:10 +01:00
}
2015-05-29 13:52:14 +02:00
// success handler
const onSuccess = () => {
socket[options.decodedPropertyName] = options.customDecoded
? options.customDecoded(decoded)
2020-12-27 17:25:44 +01:00
: decoded
socket.emit('authenticated')
if (server.$emit) {
2020-12-27 17:25:44 +01:00
server.$emit('authenticated', socket)
} else {
2015-08-31 16:04:04 +02:00
//try getting the current namespace otherwise fallback to all sockets.
2020-12-27 17:25:44 +01:00
const namespace =
(server.nsps && socket.nsp && server.nsps[socket.nsp.name]) ||
server.sockets
2015-08-31 16:04:04 +02:00
// explicit namespace
2020-12-27 17:25:44 +01:00
namespace.emit('authenticated', socket)
}
2020-12-27 17:25:44 +01:00
}
2015-05-29 13:52:14 +02:00
2020-12-27 17:25:44 +01:00
if (
options.additional_auth &&
typeof options.additional_auth === 'function'
) {
options.additional_auth(decoded, onSuccess, onError)
} else {
2020-12-27 17:25:44 +01:00
onSuccess()
}
2020-12-27 17:25:44 +01:00
}
const onSecretReady = (err, secret) => {
if (err || !secret) {
2020-12-27 17:25:44 +01:00
return onError(err, 'invalid_secret')
}
2014-01-13 22:41:10 +01:00
2020-12-27 17:25:44 +01:00
jwt.verify(token, secret, options, onJwtVerificationReady)
}
2020-12-27 17:25:44 +01:00
getSecret(socket.request, options.secret, token, onSecretReady)
})
}
2014-01-13 22:41:10 +01:00
}
function authorize (options) {
2020-12-27 17:25:44 +01:00
options = xtend(
{
decodedPropertyName: 'decoded_token',
encodedPropertyName: 'encoded_token'
},
options
)
if (
typeof options.secret !== 'string' &&
typeof options.secret !== 'function'
) {
throw new Error(
`Provided secret ${options.secret} is invalid, must be of type string or function.`
)
}
2015-05-29 13:52:14 +02:00
if (!options.handshake) {
2020-12-27 17:25:44 +01:00
return noQsMethod(options)
2015-05-29 13:52:14 +02:00
}
const defaults = {
success: (socket, accept) => {
if (socket.request) {
2020-12-27 17:25:44 +01:00
accept()
2014-06-03 13:12:07 +02:00
} else {
2020-12-27 17:25:44 +01:00
accept(null, true)
2014-06-03 13:12:07 +02:00
}
},
fail: (error, socket, accept) => {
if (socket.request) {
2020-12-27 17:25:44 +01:00
accept(error)
2014-06-03 13:12:07 +02:00
} else {
2020-12-27 17:25:44 +01:00
accept(null, false)
2014-06-03 13:12:07 +02:00
}
}
2020-12-27 17:25:44 +01:00
}
2012-09-05 20:14:36 +02:00
2020-12-27 17:25:44 +01:00
const auth = xtend(defaults, options)
2013-06-30 21:06:21 +02:00
return (socket, accept) => {
2020-12-27 17:25:44 +01:00
'use strict' // Node 4.x workaround
let token, error
2019-10-14 04:13:25 +02:00
2020-12-27 17:25:44 +01:00
const handshake = socket.handshake
const req = socket.request || socket
const authorization_header = (req.headers || {}).authorization
2014-06-03 13:12:07 +02:00
if (authorization_header) {
2020-12-27 17:25:44 +01:00
const parts = authorization_header.split(' ')
if (parts.length == 2) {
2020-12-27 17:25:44 +01:00
const scheme = parts[0],
credentials = parts[1]
2012-09-05 20:14:36 +02:00
2015-05-18 03:05:00 +02:00
if (scheme.toLowerCase() === 'bearer') {
2020-12-27 17:25:44 +01:00
token = credentials
}
} else {
error = new UnauthorizedError('credentials_bad_format', {
message: 'Format is Authorization: Bearer [token]'
2020-12-27 17:25:44 +01:00
})
return auth.fail(error, socket, accept)
}
}
// Check if the header has to include authentication
if (options.auth_header_required && !token) {
2020-12-27 17:25:44 +01:00
return auth.fail(
new UnauthorizedError('missing_authorization_header', {
message: 'Server requires Authorization Header'
}),
socket,
accept
)
}
// Get the token from handshake or query string
if (handshake && handshake.query.token) {
2020-12-27 17:25:44 +01:00
token = handshake.query.token
} else if (req._query && req._query.token) {
token = req._query.token
} else if (req.query && req.query.token) {
token = req.query.token
}
2012-09-05 20:14:36 +02:00
if (!token) {
error = new UnauthorizedError('credentials_required', {
2017-08-04 17:18:23 +02:00
message: 'no token provided'
2020-12-27 17:25:44 +01:00
})
return auth.fail(error, socket, accept)
}
// Store encoded JWT
2020-12-27 17:25:44 +01:00
socket[options.encodedPropertyName] = token
const onJwtVerificationReady = (err, decoded) => {
if (err) {
2020-12-27 17:25:44 +01:00
error = new UnauthorizedError(err.code || 'invalid_token', err)
return auth.fail(error, socket, accept)
}
socket[options.decodedPropertyName] = options.customDecoded
? options.customDecoded(decoded)
2020-12-27 17:25:44 +01:00
: decoded
2012-09-05 20:14:36 +02:00
2020-12-27 17:25:44 +01:00
return auth.success(socket, accept)
}
const onSecretReady = (err, secret) => {
if (err) {
2020-12-27 17:25:44 +01:00
error = new UnauthorizedError(err.code || 'invalid_secret', err)
return auth.fail(error, socket, accept)
}
2020-12-27 17:25:44 +01:00
jwt.verify(token, secret, options, onJwtVerificationReady)
}
2020-12-27 17:25:44 +01:00
getSecret(req, options.secret, token, onSecretReady)
}
2012-09-05 20:14:36 +02:00
}
function getSecret (request, secret, token, callback) {
2020-12-27 17:25:44 +01:00
'use strict' // Node 4.x workaround
2019-10-14 04:13:25 +02:00
if (typeof secret === 'function') {
if (!token) {
2020-12-27 17:25:44 +01:00
return callback({
code: 'invalid_token',
message: 'jwt must be provided'
})
}
2020-12-27 17:25:44 +01:00
const parts = token.split('.')
if (parts.length < 3) {
2020-12-27 17:25:44 +01:00
return callback({ code: 'invalid_token', message: 'jwt malformed' })
}
if (parts[2].trim() === '') {
2020-12-27 17:25:44 +01:00
return callback({
code: 'invalid_token',
message: 'jwt signature is required'
})
}
2020-12-27 17:25:44 +01:00
let decodedToken = jwt.decode(token, { complete: true })
if (!decodedToken) {
2020-12-27 17:25:44 +01:00
return callback({ code: 'invalid_token', message: 'jwt malformed' })
}
2020-12-27 17:25:44 +01:00
const arity = secret.length
if (arity == 4) {
2020-12-27 17:25:44 +01:00
secret(request, decodedToken.header, decodedToken.payload, callback)
} else {
// arity == 3
secret(request, decodedToken.payload, callback)
}
} else {
2020-12-27 17:25:44 +01:00
callback(null, secret)
}
2017-11-13 16:54:19 +01:00
}
2020-12-27 17:25:44 +01:00
exports.authorize = authorize
exports.UnauthorizedError = UnauthorizedError