2013-06-05 13:38:33 +02:00
|
|
|
var xtend = require('xtend');
|
2014-01-13 20:00:21 +01:00
|
|
|
var jwt = require('jsonwebtoken');
|
|
|
|
var UnauthorizedError = require('./UnauthorizedError');
|
2012-10-26 18:13:28 +02:00
|
|
|
|
2014-01-13 22:41:10 +01:00
|
|
|
function noQsMethod(options, onConnection) {
|
|
|
|
return function (socket) {
|
|
|
|
var auth_timeout = setTimeout(function () {
|
|
|
|
socket.disconnect('unauthorized');
|
|
|
|
}, options.timeout || 5000);
|
|
|
|
|
|
|
|
socket.on('authenticate', function (data) {
|
|
|
|
clearTimeout(auth_timeout);
|
|
|
|
jwt.verify(data.token, options.secret, options, function(err, decoded) {
|
|
|
|
if (err) {
|
|
|
|
return socket.disconnect('unauthorized');
|
|
|
|
}
|
|
|
|
|
|
|
|
socket.user = decoded;
|
|
|
|
socket.emit('authenticated');
|
|
|
|
onConnection(socket);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
function authorize(options, onConnection) {
|
2013-02-05 23:15:04 +01:00
|
|
|
var defaults = {
|
2014-01-13 20:00:21 +01:00
|
|
|
success: function(data, accept){
|
|
|
|
accept(null, true);
|
|
|
|
},
|
|
|
|
fail: function(error, data, accept){
|
|
|
|
accept(null, false);
|
|
|
|
}
|
2012-10-26 18:13:28 +02:00
|
|
|
};
|
2012-09-05 20:14:36 +02:00
|
|
|
|
2013-11-15 10:47:51 +01:00
|
|
|
var auth = xtend(defaults, options);
|
2013-06-30 21:06:21 +02:00
|
|
|
|
2014-01-13 22:41:10 +01:00
|
|
|
if (onConnection) {
|
|
|
|
return noQsMethod(options, onConnection);
|
|
|
|
}
|
|
|
|
|
2012-09-05 20:14:36 +02:00
|
|
|
return function(data, accept){
|
2014-01-13 20:00:21 +01:00
|
|
|
var token, error;
|
2012-09-05 20:14:36 +02:00
|
|
|
|
2014-01-13 20:00:21 +01:00
|
|
|
if (data.headers && data.headers.authorization) {
|
|
|
|
var parts = data.headers.authorization.split(' ');
|
|
|
|
if (parts.length == 2) {
|
|
|
|
var scheme = parts[0],
|
|
|
|
credentials = parts[1];
|
2012-09-05 20:14:36 +02:00
|
|
|
|
2014-01-13 20:00:21 +01:00
|
|
|
if (/^Bearer$/i.test(scheme)) {
|
|
|
|
token = credentials;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
error = new UnauthorizedError('credentials_bad_format', {
|
|
|
|
message: 'Format is Authorization: Bearer [token]'
|
|
|
|
});
|
|
|
|
return auth.fail(error, data, accept);
|
|
|
|
}
|
|
|
|
}
|
2013-11-06 18:19:00 +01:00
|
|
|
|
2014-01-13 20:00:21 +01:00
|
|
|
if (data.query.token) {
|
|
|
|
token = data.query.token;
|
|
|
|
}
|
2012-09-05 20:14:36 +02:00
|
|
|
|
2014-01-13 20:00:21 +01:00
|
|
|
if (!token) {
|
|
|
|
error = new UnauthorizedError('credentials_required', {
|
|
|
|
message: 'No Authorization header was found'
|
2012-09-05 20:14:36 +02:00
|
|
|
});
|
2014-01-13 20:00:21 +01:00
|
|
|
return auth.fail(error, data, accept);
|
|
|
|
}
|
|
|
|
|
|
|
|
jwt.verify(token, options.secret, options, function(err, decoded) {
|
|
|
|
|
|
|
|
if (err) {
|
|
|
|
error = new UnauthorizedError('invalid_token', err);
|
|
|
|
return auth.fail(error, data, accept);
|
|
|
|
}
|
|
|
|
|
|
|
|
data.user = decoded;
|
|
|
|
data.logged_in = true;
|
2012-09-05 20:14:36 +02:00
|
|
|
|
2014-01-13 20:00:21 +01:00
|
|
|
auth.success(data, accept);
|
2012-09-05 20:14:36 +02:00
|
|
|
});
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
function filterSocketsByUser(socketIo, filter){
|
|
|
|
var handshaken = socketIo.sockets.manager.handshaken;
|
|
|
|
return Object.keys(handshaken || {})
|
|
|
|
.filter(function(skey){
|
|
|
|
return filter(handshaken[skey].user);
|
|
|
|
})
|
|
|
|
.map(function(skey){
|
|
|
|
return socketIo.sockets.manager.sockets.sockets[skey];
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
exports.authorize = authorize;
|
2012-10-26 18:13:28 +02:00
|
|
|
exports.filterSocketsByUser = filterSocketsByUser;
|