Thream/socketio-jwt
2
1
Fork 0
mirror of https://github.com/Thream/socketio-jwt.git synced 2024-07-21 09:38:31 +02:00
Code Issues Releases Activity

Validation

Browse Source 
on socket authenticate, should check that the data.token exists and if it is the desired type? 
socket.emit( 'authenticate', {token: {} }); // will crash server if sent from client-side.
This commit is contained in:
gfetco 2015-11-01 20:44:25 +01:00
parent 5532ff03fd
commit 170c23306f
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/index.js
View File

@ -27,7 +27,6 @@ function noQsMethod(options) {
if(options.required){
clearTimeout(auth_timeout);
}
jwt.verify(data.token, options.secret, options, function(err, decoded) {
// error handler
var onError = function(err, code) {
if (err) {
@ -42,6 +41,12 @@ function noQsMethod(options) {
}
};
if(typeof data.token !== "string") {
return onError({message: 'invalid token datatype'}, 'invalid_token');
}
jwt.verify(data.token, options.secret, options, function(err, decoded) {
if (err) {
return onError(err, 'invalid_token');
}