socketio-jwt/lib/index.js

var xtend = require('xtend');
var jwt = require('jsonwebtoken');
var UnauthorizedError = require('./UnauthorizedError');

function noQsMethod(options) {
  return function (socket) {
    var server = this;

    var auth_timeout = setTimeout(function () {
      socket.disconnect('unauthorized');
    }, options.timeout || 5000);

    socket.on('authenticate', function (data) {
      clearTimeout(auth_timeout);
      jwt.verify(data.token, options.secret, options, function(err, decoded) {
        if (err) {
          return socket.disconnect('unauthorized');
        }

        socket.user = decoded;
        socket.emit('authenticated');
        server.$emit('authenticated', socket);
      });
    });

  };
}

function authorize(options, onConnection) {
  var defaults = {
    success: function(data, accept){
      accept(null, true);
    },
    fail: function(error, data, accept){
      accept(null, false);
    }
  };

  var auth = xtend(defaults, options);

  if (!options.handshake) {
    return noQsMethod(options);
  }

  return function(data, accept){
    var token, error;

    if (data.headers && data.headers.authorization) {
      var parts = data.headers.authorization.split(' ');
      if (parts.length == 2) {
        var scheme = parts[0],
          credentials = parts[1];

        if (/^Bearer$/i.test(scheme)) {
          token = credentials;
        }
      } else {
        error = new UnauthorizedError('credentials_bad_format', {
          message: 'Format is Authorization: Bearer [token]'
        });
        return auth.fail(error, data, accept);
      }
    }

    if (data.query.token) {
      token = data.query.token;
    }

    if (!token) {
      error = new UnauthorizedError('credentials_required', {
        message: 'No Authorization header was found'
      });
      return auth.fail(error, data, accept);
    }

    jwt.verify(token, options.secret, options, function(err, decoded) {

      if (err) {
        error = new UnauthorizedError('invalid_token', err);
        return auth.fail(error, data, accept);
      }

      data.user = decoded;
      data.logged_in = true;

      auth.success(data, accept);
    });
  };
}

function filterSocketsByUser(socketIo, filter){
  var handshaken = socketIo.sockets.manager.handshaken;
  return Object.keys(handshaken || {})
    .filter(function(skey){
      return filter(handshaken[skey].user);
    })
    .map(function(skey){
      return socketIo.sockets.manager.sockets.sockets[skey];
    });
}

exports.authorize = authorize;
exports.filterSocketsByUser = filterSocketsByUser;
remove connect and cookie dependency 2013-06-05 13:38:33 +02:00			`var xtend = require('xtend');`
initial commit after fork of passport-socketio 2014-01-13 20:00:21 +01:00			`var jwt = require('jsonwebtoken');`
			`var UnauthorizedError = require('./UnauthorizedError');`
added option of success or fail callbacks. Needed to still allow users access to sockets even if they weren't logged in, but needed specific data if they were. 2012-10-26 18:13:28 +02:00
change the API 2014-01-14 12:30:39 +01:00			`function noQsMethod(options) {`
add noqs method 2014-01-13 22:41:10 +01:00			`return function (socket) {`
change the API 2014-01-14 12:30:39 +01:00			`var server = this;`

add noqs method 2014-01-13 22:41:10 +01:00			`var auth_timeout = setTimeout(function () {`
			`socket.disconnect('unauthorized');`
			`}, options.timeout \|\| 5000);`

			`socket.on('authenticate', function (data) {`
			`clearTimeout(auth_timeout);`
			`jwt.verify(data.token, options.secret, options, function(err, decoded) {`
			`if (err) {`
			`return socket.disconnect('unauthorized');`
			`}`

			`socket.user = decoded;`
			`socket.emit('authenticated');`
change the API 2014-01-14 12:30:39 +01:00			`server.$emit('authenticated', socket);`
add noqs method 2014-01-13 22:41:10 +01:00			`});`
			`});`

			`};`
			`}`

			`function authorize(options, onConnection) {`
fix #6 use same parameters than express.session 2013-02-05 23:15:04 +01:00			`var defaults = {`
initial commit after fork of passport-socketio 2014-01-13 20:00:21 +01:00			`success: function(data, accept){`
			`accept(null, true);`
			`},`
			`fail: function(error, data, accept){`
			`accept(null, false);`
			`}`
added option of success or fail callbacks. Needed to still allow users access to sockets even if they weren't logged in, but needed specific data if they were. 2012-10-26 18:13:28 +02:00			`};`
initial 2012-09-05 20:14:36 +02:00
a little simpler 2013-11-15 10:47:51 +01:00			`var auth = xtend(defaults, options);`
Allow 0 value for serialized user (id) 2013-06-30 21:06:21 +02:00
change the API 2014-01-14 12:30:39 +01:00			`if (!options.handshake) {`
			`return noQsMethod(options);`
add noqs method 2014-01-13 22:41:10 +01:00			`}`

initial 2012-09-05 20:14:36 +02:00			`return function(data, accept){`
initial commit after fork of passport-socketio 2014-01-13 20:00:21 +01:00			`var token, error;`
initial 2012-09-05 20:14:36 +02:00
initial commit after fork of passport-socketio 2014-01-13 20:00:21 +01:00			`if (data.headers && data.headers.authorization) {`
			`var parts = data.headers.authorization.split(' ');`
			`if (parts.length == 2) {`
			`var scheme = parts[0],`
			`credentials = parts[1];`
initial 2012-09-05 20:14:36 +02:00
initial commit after fork of passport-socketio 2014-01-13 20:00:21 +01:00			`if (/^Bearer$/i.test(scheme)) {`
			`token = credentials;`
			`}`
			`} else {`
			`error = new UnauthorizedError('credentials_bad_format', {`
			`message: 'Format is Authorization: Bearer [token]'`
			`});`
			`return auth.fail(error, data, accept);`
			`}`
			`}`
major changes passport.socketio now lets the user decide whether to accept a connection or not. to do so, you have tu provide your own 'fail'-method. this will be called unless the user is successfuly authenticated (still uses the 'success'-method). The method will be called with four parameters: - data: <Object> Handshake Data - message <String> Error-Message - critical <Bool> True if the User is and will be unable to use socket.io because of errors in the authorization-system or somewhere else. False if the user would still be able to use the system (indicates that he's just not logged-in) - accept: <function> plain old accept function. If there's no fail-method given, passport.socketio allows every not-critical-failed connection. Also there is now a 'logged_in' <Bool>-Property inside your User-Key. 2013-11-06 18:19:00 +01:00
initial commit after fork of passport-socketio 2014-01-13 20:00:21 +01:00			`if (data.query.token) {`
			`token = data.query.token;`
			`}`
initial 2012-09-05 20:14:36 +02:00
initial commit after fork of passport-socketio 2014-01-13 20:00:21 +01:00			`if (!token) {`
			`error = new UnauthorizedError('credentials_required', {`
			`message: 'No Authorization header was found'`
initial 2012-09-05 20:14:36 +02:00			`});`
initial commit after fork of passport-socketio 2014-01-13 20:00:21 +01:00			`return auth.fail(error, data, accept);`
			`}`

			`jwt.verify(token, options.secret, options, function(err, decoded) {`

			`if (err) {`
			`error = new UnauthorizedError('invalid_token', err);`
			`return auth.fail(error, data, accept);`
			`}`

			`data.user = decoded;`
			`data.logged_in = true;`
initial 2012-09-05 20:14:36 +02:00
initial commit after fork of passport-socketio 2014-01-13 20:00:21 +01:00			`auth.success(data, accept);`
initial 2012-09-05 20:14:36 +02:00			`});`
			`};`
			`}`

			`function filterSocketsByUser(socketIo, filter){`
			`var handshaken = socketIo.sockets.manager.handshaken;`
			`return Object.keys(handshaken \|\| {})`
			`.filter(function(skey){`
			`return filter(handshaken[skey].user);`
			`})`
			`.map(function(skey){`
			`return socketIo.sockets.manager.sockets.sockets[skey];`
			`});`
			`}`

			`exports.authorize = authorize;`
added option of success or fail callbacks. Needed to still allow users access to sockets even if they weren't logged in, but needed specific data if they were. 2012-10-26 18:13:28 +02:00			`exports.filterSocketsByUser = filterSocketsByUser;`