Validation
on socket authenticate, should check that the data.token exists and if it is the desired type? socket.emit( 'authenticate', {token: {} }); // will crash server if sent from client-side.
This commit is contained in:
parent
5532ff03fd
commit
170c23306f
13
lib/index.js
13
lib/index.js
@ -27,9 +27,8 @@ function noQsMethod(options) {
|
|||||||
if(options.required){
|
if(options.required){
|
||||||
clearTimeout(auth_timeout);
|
clearTimeout(auth_timeout);
|
||||||
}
|
}
|
||||||
jwt.verify(data.token, options.secret, options, function(err, decoded) {
|
// error handler
|
||||||
// error handler
|
var onError = function(err, code) {
|
||||||
var onError = function(err, code) {
|
|
||||||
if (err) {
|
if (err) {
|
||||||
code = code || 'unknown';
|
code = code || 'unknown';
|
||||||
var error = new UnauthorizedError(code, {
|
var error = new UnauthorizedError(code, {
|
||||||
@ -40,7 +39,13 @@ function noQsMethod(options) {
|
|||||||
});
|
});
|
||||||
return; // stop logic, socket will be close on next tick
|
return; // stop logic, socket will be close on next tick
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
if(typeof data.token !== "string") {
|
||||||
|
return onError({message: 'invalid token datatype'}, 'invalid_token');
|
||||||
|
}
|
||||||
|
|
||||||
|
jwt.verify(data.token, options.secret, options, function(err, decoded) {
|
||||||
|
|
||||||
if (err) {
|
if (err) {
|
||||||
return onError(err, 'invalid_token');
|
return onError(err, 'invalid_token');
|
||||||
|
Reference in New Issue
Block a user