Merge pull request #155 from Root-Core/matwithonet1

Cherrypicked commits of #105 by matwithonet1
This commit is contained in:
Conrad Sopala 2019-10-14 08:08:36 +02:00 committed by GitHub
commit 1c60171179
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 428 additions and 367 deletions

View File

@ -1,5 +1,7 @@
language: node_js language: node_js
node_js: node_js:
- "0.12" - 4
- "0.11" - 8
- "0.10" - 10
- 12
- node

View File

@ -41,9 +41,10 @@ io.sockets
.on('connection', socketioJwt.authorize({ .on('connection', socketioJwt.authorize({
secret: 'your secret or public key', secret: 'your secret or public key',
timeout: 15000 // 15 seconds to send the authentication message timeout: 15000 // 15 seconds to send the authentication message
})).on('authenticated', function(socket) { }))
.on('authenticated', (socket) => {
//this socket is authenticated, we are good to handle more events from it. //this socket is authenticated, we are good to handle more events from it.
console.log('hello! ' + socket.decoded_token.name); console.log(`hello! ${socket.decoded_token.name}`);
}); });
``` ```
@ -52,15 +53,15 @@ io.sockets
**Client side** **Client side**
```javascript ```javascript
var socket = io.connect('http://localhost:9000'); const socket = io.connect('http://localhost:9000');
socket.on('connect', function () { socket.on('connect', () => {
socket socket
.emit('authenticate', { token: jwt }) //send the jwt .emit('authenticate', { token: jwt }) //send the jwt
.on('authenticated', function () { .on('authenticated', () => {
//do other things //do other things
}) })
.on('unauthorized', function(msg) { .on('unauthorized', (msg) => {
console.log("unauthorized: " + JSON.stringify(msg.data)); console.log(`unauthorized: ${JSON.stringify(msg.data)}`);
throw new Error(msg.data.type); throw new Error(msg.data.type);
}) })
}); });
@ -71,8 +72,8 @@ socket.on('connect', function () {
The previous approach uses a second roundtrip to send the jwt. There is a way you can authenticate on the handshake by sending the JWT as a query string, the caveat is that intermediary HTTP servers can log the url. The previous approach uses a second roundtrip to send the jwt. There is a way you can authenticate on the handshake by sending the JWT as a query string, the caveat is that intermediary HTTP servers can log the url.
```javascript ```javascript
var io = require('socket.io')(server); const io = require('socket.io')(server);
var socketioJwt = require('socketio-jwt'); const socketioJwt = require('socketio-jwt');
``` ```
With socket.io < 1.0: With socket.io < 1.0:
@ -83,7 +84,7 @@ io.set('authorization', socketioJwt.authorize({
handshake: true handshake: true
})); }));
io.on('connection', function (socket) { io.on('connection', (socket) => {
console.log('hello!', socket.handshake.decoded_token.name); console.log('hello!', socket.handshake.decoded_token.name);
}); });
``` ```
@ -96,7 +97,7 @@ io.use(socketioJwt.authorize({
handshake: true handshake: true
})); }));
io.on('connection', function (socket) { io.on('connection', (socket) => {
console.log('hello!', socket.decoded_token.name); console.log('hello!', socket.decoded_token.name);
}); });
``` ```
@ -108,21 +109,35 @@ For more validation options see [auth0/jsonwebtoken](https://github.com/auth0/no
Append the jwt token using query string: Append the jwt token using query string:
```javascript ```javascript
var socket = io.connect('http://localhost:9000', { const socket = io.connect('http://localhost:9000', {
'query': 'token=' + your_jwt query: `token=${your_jwt}`
}); });
``` ```
Append the jwt token using 'Authorization Header' (Bearer Token): Append the jwt token using 'Authorization Header' (Bearer Token):
```javascript ```javascript
var socket = io.connect('http://localhost:9000', { const socket = io.connect('http://localhost:9000', {
'extraHeaders': { Authorization: `Bearer ${your_jwt}` } extraHeaders: { Authorization: `Bearer ${your_jwt}` }
}); });
``` ```
Both options can be combined or used optionally. Both options can be combined or used optionally.
### Authorization Header Requirement
Require Bearer Tokens to be passed in as an Authorization Header
**Server side**:
```javascript
io.use(socketioJwt.authorize({
secret: 'your secret or public key',
handshake: true,
auth_header_required: true
}));
```
### Handling token expiration ### Handling token expiration
**Server side** **Server side**
@ -130,7 +145,7 @@ Both options can be combined or used optionally.
When you sign the token with an expiration time (example: 60 minutes): When you sign the token with an expiration time (example: 60 minutes):
```javascript ```javascript
var token = jwt.sign(user_profile, jwt_secret, {expiresIn: 60*60}); const token = jwt.sign(user_profile, jwt_secret, { expiresIn: 60*60 });
``` ```
Your client-side code should handle it as below: Your client-side code should handle it as below:
@ -138,7 +153,7 @@ Your client-side code should handle it as below:
**Client side** **Client side**
```javascript ```javascript
socket.on('unauthorized', function(error) { socket.on('unauthorized', (error) => {
if (error.data.type == 'UnauthorizedError' || error.data.code == 'invalid_token') { if (error.data.type == 'UnauthorizedError' || error.data.code == 'invalid_token') {
// redirect user to login page perhaps? // redirect user to login page perhaps?
console.log('User token has expired'); console.log('User token has expired');
@ -159,7 +174,7 @@ No further configuration needed.
Add a callback client-side to execute socket disconnect server-side. Add a callback client-side to execute socket disconnect server-side.
```javascript ```javascript
socket.on('unauthorized', function(error, callback) { socket.on('unauthorized', (error, callback) => {
if (error.data.type == 'UnauthorizedError' || error.data.code == 'invalid_token') { if (error.data.type == 'UnauthorizedError' || error.data.code == 'invalid_token') {
// redirect user to login page perhaps or execute callback: // redirect user to login page perhaps or execute callback:
callback(); callback();
@ -201,7 +216,7 @@ Your client-side code should handle it as below:
**Client side** **Client side**
```javascript ```javascript
socket.on('unauthorized', function(error, callback) { socket.on('unauthorized', (error, callback) => {
if (error.data.type == 'UnauthorizedError' || error.data.code == 'invalid_token') { if (error.data.type == 'UnauthorizedError' || error.data.code == 'invalid_token') {
// redirect user to login page perhaps or execute callback: // redirect user to login page perhaps or execute callback:
callback(); callback();
@ -220,13 +235,13 @@ the provided token.
**Server side** **Server side**
```javascript ```javascript
var SECRETS = { const SECRETS = {
'user1': 'secret 1', 'user1': 'secret 1',
'user2': 'secret 2' 'user2': 'secret 2'
} }
io.use(socketioJwt.authorize({ io.use(socketioJwt.authorize({
secret: function(request, decodedToken, callback) { secret: (request, decodedToken, callback) => {
// SECRETS[decodedToken.userId] will be used as a secret or // SECRETS[decodedToken.userId] will be used as a secret or
// public key for connection user. // public key for connection user.

View File

@ -5,7 +5,7 @@ function UnauthorizedError (code, error) {
this.data = { this.data = {
message: this.message, message: this.message,
code: code, code: code,
type: "UnauthorizedError" type: 'UnauthorizedError'
}; };
} }

View File

@ -1,54 +1,60 @@
var xtend = require('xtend'); const xtend = require('xtend');
var jwt = require('jsonwebtoken'); const jwt = require('jsonwebtoken');
var UnauthorizedError = require('./UnauthorizedError'); const UnauthorizedError = require('./UnauthorizedError');
function noQsMethod (options) { function noQsMethod (options) {
var defaults = { required: true }; const defaults = { required: true };
options = xtend(defaults, options); options = xtend(defaults, options);
return function (socket) { return (socket) => {
var server = this.server || socket.server; 'use strict'; // Node 4.x workaround
const server = this.server || socket.server;
if (!server.$emit) { if (!server.$emit) {
//then is socket.io 1.0 //then is socket.io 1.0
var Namespace = Object.getPrototypeOf(server.sockets).constructor; const Namespace = Object.getPrototypeOf(server.sockets).constructor;
if (!~Namespace.events.indexOf('authenticated')) { if (!~Namespace.events.indexOf('authenticated')) {
Namespace.events.push('authenticated'); Namespace.events.push('authenticated');
} }
} }
let auth_timeout = null;
if (options.required) { if (options.required) {
var auth_timeout = setTimeout(function () { auth_timeout = setTimeout(() => {
socket.disconnect('unauthorized'); socket.disconnect('unauthorized');
}, options.timeout || 5000); }, options.timeout || 5000);
} }
socket.on('authenticate', function (data) { socket.on('authenticate', (data) => {
if (options.required) { if (options.required) {
clearTimeout(auth_timeout); clearTimeout(auth_timeout);
} }
// error handler // error handler
var onError = function(err, code) { const onError = (err, code) => {
if (err) { if (err) {
code = code || 'unknown'; code = code || 'unknown';
var error = new UnauthorizedError(code, { const error = new UnauthorizedError(code, {
message: (Object.prototype.toString.call(err) === '[object Object]' && err.message) ? err.message : err message: (Object.prototype.toString.call(err) === '[object Object]' && err.message) ? err.message : err
}); });
var callback_timeout;
// If callback explicitely set to false, start timeout to disconnect socket let callback_timeout;
if (options.callback === false || typeof options.callback === "number") { // If callback explicitly set to false, start timeout to disconnect socket
if (typeof options.callback === "number") { if (options.callback === false || typeof options.callback === 'number') {
if (typeof options.callback === 'number') {
if (options.callback < 0) { if (options.callback < 0) {
// If callback is negative(invalid value), make it positive // If callback is negative(invalid value), make it positive
options.callback = Math.abs(options.callback); options.callback = Math.abs(options.callback);
} }
} }
callback_timeout = setTimeout(function () {
callback_timeout = setTimeout(() => {
socket.disconnect('unauthorized'); socket.disconnect('unauthorized');
}, (options.callback === false ? 0 : options.callback)); }, (options.callback === false ? 0 : options.callback));
} }
socket.emit('unauthorized', error, function() {
if (typeof options.callback === "number") { socket.emit('unauthorized', error, () => {
if (typeof options.callback === 'number') {
clearTimeout(callback_timeout); clearTimeout(callback_timeout);
} }
socket.disconnect('unauthorized'); socket.disconnect('unauthorized');
@ -57,30 +63,29 @@ function noQsMethod(options) {
} }
}; };
var token = options.cookie ? socket.request.cookies[options.cookie] : (data ? data.token : undefined); const token = options.cookie ? socket.request.cookies[options.cookie] : (data ? data.token : undefined);
if(!token || typeof token !== "string") { if (!token || typeof token !== 'string') {
return onError({ message: 'invalid token datatype' }, 'invalid_token'); return onError({ message: 'invalid token datatype' }, 'invalid_token');
} }
// Store encoded JWT // Store encoded JWT
socket[options.encodedPropertyName] = data.token; socket[options.encodedPropertyName] = token;
var onJwtVerificationReady = function(err, decoded) {
const onJwtVerificationReady = (err, decoded) => {
if (err) { if (err) {
return onError(err, 'invalid_token'); return onError(err, 'invalid_token');
} }
// success handler // success handler
var onSuccess = function() { const onSuccess = () => {
socket[options.decodedPropertyName] = decoded; socket[options.decodedPropertyName] = decoded;
socket.emit('authenticated'); socket.emit('authenticated');
if (server.$emit) { if (server.$emit) {
server.$emit('authenticated', socket); server.$emit('authenticated', socket);
} else { } else {
//try getting the current namespace otherwise fallback to all sockets. //try getting the current namespace otherwise fallback to all sockets.
var namespace = (server.nsps && socket.nsp && const namespace = (server.nsps && socket.nsp &&
server.nsps[socket.nsp.name]) || server.nsps[socket.nsp.name]) ||
server.sockets; server.sockets;
@ -96,7 +101,7 @@ function noQsMethod(options) {
} }
}; };
var onSecretReady = function(err, secret) { const onSecretReady = (err, secret) => {
if (err || !secret) { if (err || !secret) {
return onError(err, 'invalid_secret'); return onError(err, 'invalid_secret');
} }
@ -113,22 +118,22 @@ function authorize(options, onConnection) {
options = xtend({ decodedPropertyName: 'decoded_token', encodedPropertyName: 'encoded_token' }, options); options = xtend({ decodedPropertyName: 'decoded_token', encodedPropertyName: 'encoded_token' }, options);
if (typeof options.secret !== 'string' && typeof options.secret !== 'function') { if (typeof options.secret !== 'string' && typeof options.secret !== 'function') {
throw new Error('Provided secret "' + options.secret + '" is invalid, must be of type string or function.'); throw new Error(`Provided secret ${options.secret} is invalid, must be of type string or function.`);
} }
if (!options.handshake) { if (!options.handshake) {
return noQsMethod(options); return noQsMethod(options);
} }
var defaults = { const defaults = {
success: function(socket, accept){ success: (socket, accept) => {
if (socket.request) { if (socket.request) {
accept(); accept();
} else { } else {
accept(null, true); accept(null, true);
} }
}, },
fail: function(error, socket, accept){ fail: (error, socket, accept) => {
if (socket.request) { if (socket.request) {
accept(error); accept(error);
} else { } else {
@ -137,18 +142,20 @@ function authorize(options, onConnection) {
} }
}; };
var auth = xtend(defaults, options); const auth = xtend(defaults, options);
return function(socket, accept){ return (socket, accept) => {
var token, error; 'use strict'; // Node 4.x workaround
var handshake = socket.handshake; let token, error;
var req = socket.request || socket;
var authorization_header = (req.headers || {}).authorization; const handshake = socket.handshake;
const req = socket.request || socket;
const authorization_header = (req.headers || {}).authorization;
if (authorization_header) { if (authorization_header) {
var parts = authorization_header.split(' '); const parts = authorization_header.split(' ');
if (parts.length == 2) { if (parts.length == 2) {
var scheme = parts[0], const scheme = parts[0],
credentials = parts[1]; credentials = parts[1];
if (scheme.toLowerCase() === 'bearer') { if (scheme.toLowerCase() === 'bearer') {
@ -162,7 +169,14 @@ function authorize(options, onConnection) {
} }
} }
//get the token from handshake or query string // Check if the header has to include authentication
if (options.auth_header_required && !token) {
return auth.fail(new UnauthorizedError('missing_authorization_header', {
message: 'Server requires Authorization Header'
}), socket, accept);
}
// Get the token from handshake or query string
if (handshake && handshake.query.token) { if (handshake && handshake.query.token) {
token = handshake.query.token; token = handshake.query.token;
} }
@ -175,7 +189,7 @@ function authorize(options, onConnection) {
if (!token) { if (!token) {
error = new UnauthorizedError('credentials_required', { error = new UnauthorizedError('credentials_required', {
message: 'No Authorization header was found' message: 'no token provided'
}); });
return auth.fail(error, socket, accept); return auth.fail(error, socket, accept);
} }
@ -183,8 +197,7 @@ function authorize(options, onConnection) {
// Store encoded JWT // Store encoded JWT
socket[options.encodedPropertyName] = token; socket[options.encodedPropertyName] = token;
var onJwtVerificationReady = function(err, decoded) { const onJwtVerificationReady = (err, decoded) => {
if (err) { if (err) {
error = new UnauthorizedError(err.code || 'invalid_token', err); error = new UnauthorizedError(err.code || 'invalid_token', err);
return auth.fail(error, socket, accept); return auth.fail(error, socket, accept);
@ -195,7 +208,7 @@ function authorize(options, onConnection) {
return auth.success(socket, accept); return auth.success(socket, accept);
}; };
var onSecretReady = function(err, secret) { const onSecretReady = (err, secret) => {
if (err) { if (err) {
error = new UnauthorizedError(err.code || 'invalid_secret', err); error = new UnauthorizedError(err.code || 'invalid_secret', err);
return auth.fail(error, socket, accept); return auth.fail(error, socket, accept);
@ -209,12 +222,14 @@ function authorize(options, onConnection) {
} }
function getSecret (request, secret, token, callback) { function getSecret (request, secret, token, callback) {
'use strict'; // Node 4.x workaround
if (typeof secret === 'function') { if (typeof secret === 'function') {
if (!token) { if (!token) {
return callback({ code: 'invalid_token', message: 'jwt must be provided' }); return callback({ code: 'invalid_token', message: 'jwt must be provided' });
} }
var parts = token.split('.'); const parts = token.split('.');
if (parts.length < 3) { if (parts.length < 3) {
return callback({ code: 'invalid_token', message: 'jwt malformed' }); return callback({ code: 'invalid_token', message: 'jwt malformed' });
@ -224,7 +239,7 @@ function getSecret(request, secret, token, callback) {
return callback({ code: 'invalid_token', message: 'jwt signature is required' }); return callback({ code: 'invalid_token', message: 'jwt signature is required' });
} }
var decodedToken = jwt.decode(token); let decodedToken = jwt.decode(token);
if (!decodedToken) { if (!decodedToken) {
return callback({ code: 'invalid_token', message: 'jwt malformed' }); return callback({ code: 'invalid_token', message: 'jwt malformed' });
@ -234,7 +249,7 @@ function getSecret(request, secret, token, callback) {
} else { } else {
callback(null, secret); callback(null, secret);
} }
}; }
exports.authorize = authorize; exports.authorize = authorize;
exports.UnauthorizedError = UnauthorizedError; exports.UnauthorizedError = UnauthorizedError;

View File

@ -32,7 +32,8 @@
"express": "~4.15.2", "express": "~4.15.2",
"mocha": "~3.2.0", "mocha": "~3.2.0",
"request": "~2.81.0", "request": "~2.81.0",
"serve-static": "^1.12.1", "serve-static": "^1.13.2",
"q": "^1.5.1",
"server-destroy": "~1.0.1", "server-destroy": "~1.0.1",
"should": "~11.2.1", "should": "~11.2.1",
"socket.io": "^1.7.3", "socket.io": "^1.7.3",

View File

@ -1,74 +1,141 @@
var fixture = require('./fixture'); const Q = require('q');
var request = require('request'); const fixture = require('./fixture');
var io = require('socket.io-client'); const request = require('request');
const io = require('socket.io-client');
describe('authorizer', function () {
describe('authorizer', () => {
//start and stop the server //start and stop the server
before(fixture.start); before((done) => { fixture.start({ }, done) });
after(fixture.stop); after(fixture.stop);
describe('when the user is not logged in', function () { describe('when the user is not logged in', () => {
it('should emit error with unauthorized handshake', (done) => {
it('should emit error with unauthorized handshake', function (done){ const socket = io.connect('http://localhost:9000?token=boooooo', {
var socket = io.connect('http://localhost:9000?token=boooooo', { forceNew: true
'forceNew': true
}); });
socket.on('error', function(err){ socket.on('error', (err) => {
err.message.should.eql("jwt malformed"); err.message.should.eql('jwt malformed');
err.code.should.eql("invalid_token"); err.code.should.eql('invalid_token');
socket.close(); socket.close();
done(); done();
}); });
}); });
}); });
describe('when the user is logged in', function() { describe('when the user is logged in', () => {
before((done) => {
beforeEach(function (done) {
request.post({ request.post({
url: 'http://localhost:9000/login', url: 'http://localhost:9000/login',
form: { username: 'jose', password: 'Pa123' }, form: { username: 'jose', password: 'Pa123' },
json: true json: true
}, function (err, resp, body) { }, (err, resp, body) => {
this.token = body.token; this.token = body.token;
done(); done();
}.bind(this)); });
}); });
it('should do the handshake and connect', function (done){ describe('authorizer disallows query string token when specified in startup options', () => {
var socket = io.connect('http://localhost:9000', { before((done) => {
'forceNew':true, Q.ninvoke(fixture, 'stop')
'query': 'token=' + this.token .then(() => Q.ninvoke(fixture, 'start', { auth_header_required: true }))
.done(done);
}); });
socket.on('connect', function(){
after((done) => {
Q.ninvoke(fixture, 'stop')
.then(() => Q.ninvoke(fixture, 'start', { }))
.done(done);
});
it('auth headers are supported', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
extraHeaders: { Authorization: 'Bearer ' + this.token}
});
socket
.on('connect', () => {
socket.close(); socket.close();
done(); done();
}).on('error', done); })
.on('error', done);
});
it('auth token in query string is disallowed', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
query: 'token=' + this.token
});
socket.on('error', (err) => {
err.message.should.eql('Server requires Authorization Header');
err.code.should.eql('missing_authorization_header');
socket.close();
done();
});
});
})
describe('authorizer all auth types allowed', () => {
before((done) => {
Q.ninvoke(fixture, 'stop')
.then(() => Q.ninvoke(fixture, 'start', {}))
.done(done);
})
it('auth headers are supported', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
extraHeaders: { Authorization: 'Bearer ' + this.token }
});
socket
.on('connect', () => {
socket.close();
done();
})
.on('error', done);
});
it('should do the handshake and connect', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
query: 'token=' + this.token
});
socket
.on('connect', () => {
socket.close();
done();
})
.on('error', done);
});
}); });
}); });
describe('unsgined token', function() { describe('unsigned token', () => {
beforeEach(function () { beforeEach(() => {
this.token = 'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.'; this.token = 'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.';
}); });
it('should not do the handshake and connect', function (done){ it('should not do the handshake and connect', (done) => {
var socket = io.connect('http://localhost:9000', { const socket = io.connect('http://localhost:9000', {
'forceNew':true, forceNew: true,
'query': 'token=' + this.token query: 'token=' + this.token
}); });
socket.on('connect', function () {
socket
.on('connect', () => {
socket.close(); socket.close();
done(new Error('this shouldnt happen')); done(new Error('this shouldnt happen'));
}).on('error', function (err) { })
.on('error', (err) => {
socket.close(); socket.close();
err.message.should.eql("jwt signature is required"); err.message.should.eql('jwt signature is required');
done(); done();
}); });
}); });
}); });
}); });

View File

@ -1,53 +1,45 @@
var fixture = require('./fixture/namespace'); const fixture = require('./fixture/namespace');
var request = require('request'); const request = require('request');
var io = require('socket.io-client'); const io = require('socket.io-client');
describe('authorizer with namespaces', function () { describe('authorizer with namespaces', () => {
//start and stop the server //start and stop the server
before(fixture.start); before(fixture.start);
after(fixture.stop); after(fixture.stop);
describe('when the user is not logged in', function () { describe('when the user is not logged in', () => {
it('should be able to connect to the default namespace', function (done){ it('should be able to connect to the default namespace', (done) => {
var socket = io.connect('http://localhost:9000'); io.connect('http://localhost:9000')
socket.once('hi', done); .once('hi', () => done());
}); });
it('should not be able to connect to the admin namespace', function (done){ it('should not be able to connect to the admin namespace', (done) => {
var socket = io.connect('http://localhost:9000/admin'); io.connect('http://localhost:9000/admin')
socket.once('disconnect', function () { .once('disconnect', () => done())
done(); .once('hi admin', () => done(new Error('unauthenticated client was able to connect to the admin namespace')));
});
}); });
}); });
describe('when the user is logged in', function() { describe('when the user is logged in', () => {
beforeEach(function (done) { beforeEach((done) => {
request.post({ request.post({
url: 'http://localhost:9000/login', url: 'http://localhost:9000/login',
form: { username: 'jose', password: 'Pa123' }, form: { username: 'jose', password: 'Pa123' },
json: true json: true
}, function (err, resp, body) { }, (err, resp, body) => {
this.token = body.token; this.token = body.token;
done(); done();
}.bind(this)); });
}); });
it('should do the handshake and connect', function (done){ it('should do the handshake and connect', (done) => {
var socket = io.connect('http://localhost:9000/admin', { io.connect('http://localhost:9000/admin', { forceNew: true })
'forceNew': true, .on('authenticated', () => done())
}); .emit('authenticate', { token: this.token });
var token = this.token;
socket.on('connect', function(){
socket.on('authenticated', function () {
done();
}).emit('authenticate', { token: token });
});
}); });
}); });

View File

@ -1,69 +1,56 @@
var fixture = require('./fixture'); const fixture = require('./fixture');
var request = require('request'); const request = require('request');
var io = require('socket.io-client'); const io = require('socket.io-client');
describe('authorizer without querystring', function () { describe('authorizer without querystring', () => {
//start and stop the server //start and stop the server
before(function (done) { before((done) => {
fixture.start({ fixture.start({ handshake: false }, done);
handshake: false
} , done);
}); });
after(fixture.stop); after(fixture.stop);
describe('when the user is not logged in', function () { describe('when the user is not logged in', () => {
it('should close the connection after a timeout if no auth message is received', function (done){ it('should close the connection after a timeout if no auth message is received', (done) => {
var socket = io.connect('http://localhost:9000', { io.connect('http://localhost:9000', { forceNew: true })
forceNew: true .once('disconnect', () => done());
});
socket.once('disconnect', function () {
done();
});
}); });
it('should not respond echo', function (done){ it('should not respond echo', (done) => {
var socket = io.connect('http://localhost:9000', { io.connect('http://localhost:9000', { forceNew: true })
'forceNew':true, .on('echo-response', () => done(new Error('this should not happen')))
}); .emit('echo', { hi: 123 });
socket.on('echo-response', function () {
done(new Error('this should not happen'));
}).emit('echo', { hi: 123 });
setTimeout(done, 1200); setTimeout(done, 1200);
}); });
}); });
describe('when the user is logged in', function() { describe('when the user is logged in', () => {
beforeEach(function (done) { beforeEach((done) => {
request.post({ request.post({
url: 'http://localhost:9000/login', url: 'http://localhost:9000/login',
form: { username: 'jose', password: 'Pa123' }, form: { username: 'jose', password: 'Pa123' },
json: true json: true
}, function (err, resp, body) { }, (err, resp, body) => {
this.token = body.token; this.token = body.token;
done(); done();
}.bind(this)); });
}); });
it('should do the handshake and connect', function (done){ it('should do the handshake and connect', (done) => {
var socket = io.connect('http://localhost:9000', { const socket = io.connect('http://localhost:9000', { forceNew: true });
'forceNew':true,
}); socket
var token = this.token; .on('echo-response', () => {
socket.on('connect', function(){
socket.on('echo-response', function () {
socket.close(); socket.close();
done(); done();
}).on('authenticated', function () { })
socket.emit('echo'); .on('authenticated', () => { socket.emit('echo'); })
}).emit('authenticate', { token: token }); .emit('authenticate', { token: this.token });
});
}); });
}); });

View File

@ -1,11 +1,11 @@
var fixture = require('./fixture/secret_function'); const fixture = require('./fixture/secret_function');
var request = require('request'); const request = require('request');
var io = require('socket.io-client'); const io = require('socket.io-client');
describe('authorizer with secret function', function () { describe('authorizer with secret function', () => {
//start and stop the server //start and stop the server
before(function (done) { before((done) => {
fixture.start({ fixture.start({
handshake: false handshake: false
}, done); }, done);
@ -13,64 +13,50 @@ describe('authorizer with secret function', function () {
after(fixture.stop); after(fixture.stop);
describe('when the user is not logged in', function () { describe('when the user is not logged in', () => {
describe('and when token is not valid', function() { describe('and when token is not valid', () => {
beforeEach(function (done) { beforeEach((done) => {
request.post({ request.post({
url: 'http://localhost:9000/login', url: 'http://localhost:9000/login',
json: { username: 'invalid_signature', password: 'Pa123' } json: { username: 'invalid_signature', password: 'Pa123' }
}, function (err, resp, body) { }, (err, resp, body) => {
this.invalidToken = body.token; this.invalidToken = body.token;
done(); done();
}.bind(this)); });
}); });
it('should emit unauthorized', function (done){ it('should emit unauthorized', (done) => {
var socket = io.connect('http://localhost:9000', { io.connect('http://localhost:9000', { forceNew: true })
'forceNew':true, .on('unauthorized', () => done())
}); .emit('authenticate', { token: this.invalidToken + 'ass' })
var invalidToken = this.invalidToken;
socket.on('unauthorized', function() {
done();
});
socket.on('connect', function(){
socket
.emit('authenticate', { token: invalidToken + 'ass' })
});
}); });
}); });
}); });
describe('when the user is logged in', function() { describe('when the user is logged in', () => {
beforeEach(function (done) { beforeEach((done) => {
request.post({ request.post({
url: 'http://localhost:9000/login', url: 'http://localhost:9000/login',
json: { username: 'valid_signature', password: 'Pa123' } json: { username: 'valid_signature', password: 'Pa123' }
}, function (err, resp, body) { }, (err, resp, body) => {
this.token = body.token; this.token = body.token;
done(); done();
}.bind(this)); });
}); });
it('should do the handshake and connect', function (done){ it('should do the handshake and connect', (done) => {
var socket = io.connect('http://localhost:9000', { const socket = io.connect('http://localhost:9000', { forceNew: true });
'forceNew':true,
}); socket
var token = this.token; .on('echo-response', () => {
socket.on('connect', function(){
socket.on('echo-response', function () {
socket.close(); socket.close();
done(); done();
}).on('authenticated', function () {
socket.emit('echo');
}) })
.emit('authenticate', { token: token }) .on('authenticated', () => { socket.emit('echo'); })
}); .emit('authenticate', { token: this.token });
}); });
}); });

View File

@ -1,23 +1,21 @@
var fixture = require('./fixture/secret_function'); const fixture = require('./fixture/secret_function');
var request = require('request'); const request = require('request');
var io = require('socket.io-client'); const io = require('socket.io-client');
describe('authorizer with secret function', function () { describe('authorizer with secret function', () => {
//start and stop the server //start and stop the server
before(fixture.start); before(fixture.start);
after(fixture.stop); after(fixture.stop);
describe('when the user is not logged in', function () { describe('when the user is not logged in', () => {
it('should emit error with unauthorized handshake', function (done){ it('should emit error with unauthorized handshake', (done) => {
var socket = io.connect('http://localhost:9000?token=boooooo', { const socket = io.connect('http://localhost:9000?token=boooooo', { forceNew: true });
'forceNew': true
});
socket.on('error', function(err){ socket.on('error', (err) => {
err.message.should.eql("jwt malformed"); err.message.should.eql('jwt malformed');
err.code.should.eql("invalid_token"); err.code.should.eql('invalid_token');
socket.close(); socket.close();
done(); done();
}); });
@ -25,46 +23,52 @@ describe('authorizer with secret function', function () {
}); });
describe('when the user is logged in', function() { describe('when the user is logged in', () => {
beforeEach(function (done) { beforeEach((done) => {
request.post({ request.post({
url: 'http://localhost:9000/login', url: 'http://localhost:9000/login',
json: { username: 'valid_signature', password: 'Pa123' } json: { username: 'valid_signature', password: 'Pa123' }
}, function (err, resp, body) { }, (err, resp, body) => {
this.token = body.token; this.token = body.token;
done(); done();
}.bind(this)); });
}); });
it('should do the handshake and connect', function (done){ it('should do the handshake and connect', (done) => {
var socket = io.connect('http://localhost:9000', { const socket = io.connect('http://localhost:9000', {
'forceNew':true, forceNew: true,
'query': 'token=' + this.token query: 'token=' + this.token
}); });
socket.on('connect', function(){
socket
.on('connect', () => {
socket.close(); socket.close();
done(); done();
}).on('error', done); })
.on('error', done);
}); });
}); });
describe('unsigned token', function() { describe('unsigned token', () => {
beforeEach(function () { beforeEach(() => {
this.token = 'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.'; this.token = 'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.';
}); });
it('should not do the handshake and connect', function (done){ it('should not do the handshake and connect', (done) => {
var socket = io.connect('http://localhost:9000', { const socket = io.connect('http://localhost:9000', {
'forceNew':true, forceNew: true,
'query': 'token=' + this.token query: 'token=' + this.token
}); });
socket.on('connect', function () {
socket
.on('connect', () => {
socket.close(); socket.close();
done(new Error('this shouldnt happen')); done(new Error('this shouldnt happen'));
}).on('error', function (err) { })
.on('error', (err) => {
socket.close(); socket.close();
err.message.should.eql("jwt signature is required"); err.message.should.eql('jwt signature is required');
done(); done();
}); });
}); });

View File

@ -1,18 +1,19 @@
var express = require('express'); 'use strict'; // Node 4.x workaround
var http = require('http');
var socketIo = require('socket.io'); const express = require('express');
var socketio_jwt = require('../../lib'); const http = require('http');
var jwt = require('jsonwebtoken'); const socketIo = require('socket.io');
const socketio_jwt = require('../../lib');
var xtend = require('xtend'); const jwt = require('jsonwebtoken');
var bodyParser = require('body-parser'); const xtend = require('xtend');
const bodyParser = require('body-parser');
const enableDestroy = require('server-destroy');
var server, sio; let sio;
var enableDestroy = require('server-destroy');
exports.start = function (options, callback) { exports.start = (options, callback) => {
if (typeof options == 'function') { if (typeof options == 'function') {
callback = options; callback = options;
@ -25,12 +26,13 @@ exports.start = function (options, callback) {
handshake: true handshake: true
}, options); }, options);
var app = express(); const app = express();
const server = http.createServer(app);
sio = socketIo.listen(server);
app.use(bodyParser.json()); app.use(bodyParser.json());
app.post('/login', (req, res) => {
app.post('/login', function (req, res) { const profile = {
var profile = {
first_name: 'John', first_name: 'John',
last_name: 'Doe', last_name: 'Doe',
email: 'john@doe.com', email: 'john@doe.com',
@ -38,40 +40,36 @@ exports.start = function (options, callback) {
}; };
// We are sending the profile inside the token // We are sending the profile inside the token
var token = jwt.sign(profile, options.secret, { expiresIn: 60*60*5 }); const token = jwt.sign(profile, options.secret, { expiresIn: 60*60*5 });
res.json({token: token}); res.json({token: token});
}); });
server = http.createServer(app);
sio = socketIo.listen(server);
if (options.handshake) { if (options.handshake) {
sio.use(socketio_jwt.authorize(options)); sio.use(socketio_jwt.authorize(options));
sio.sockets.on('echo', function (m) { sio.sockets.on('echo', (m) => {
sio.sockets.emit('echo-response', m); sio.sockets.emit('echo-response', m);
}); });
} else { } else {
sio.sockets sio.sockets
.on('connection', socketio_jwt.authorize(options)) .on('connection', socketio_jwt.authorize(options))
.on('authenticated', function (socket) { .on('authenticated', (socket) => {
socket.on('echo', function (m) { socket.on('echo', (m) => {
socket.emit('echo-response', m); socket.emit('echo-response', m);
}); });
}); });
} }
server.__sockets = []; server.__sockets = [];
server.on('connection', function (c) { server.on('connection', (c) => {
server.__sockets.push(c); server.__sockets.push(c);
}); });
server.listen(9000, callback); server.listen(9000, callback);
enableDestroy(server); enableDestroy(server);
}; };
exports.stop = function (callback) { exports.stop = (callback) => {
sio.close(); sio.close();
try { try {
server.destroy(); server.destroy();

View File

@ -1,36 +1,37 @@
var express = require('express'); 'use strict'; // Node 4.x workaround
var http = require('http');
var socketIo = require('socket.io'); const express = require('express');
var socketio_jwt = require('../../lib'); const http = require('http');
var jwt = require('jsonwebtoken'); const socketIo = require('socket.io');
const socketio_jwt = require('../../lib');
var xtend = require('xtend'); const jwt = require('jsonwebtoken');
var bodyParser = require('body-parser'); const enableDestroy = require('server-destroy');
const bodyParser = require('body-parser');
var server, sio; let sio;
var enableDestroy = require('server-destroy');
/** /**
* This is an example server that shows how to do namespace authentication. * This is an example server that shows how to do namespace authentication.
* *
* The /admin namespace is protected by JWTs while the global namespace is public. * The /admin namespace is protected by JWTs while the global namespace is public.
*/ */
exports.start = function (callback) { exports.start = (callback) => {
options = { const options = {
secret: 'aaafoo super sercret', secret: 'aaafoo super sercret',
timeout: 1000, timeout: 1000,
handshake: false handshake: false
}; };
var app = express(); const app = express();
const server = http.createServer(app);
sio = socketIo.listen(server);
app.use(bodyParser.json()); app.use(bodyParser.json());
app.post('/login', (req, res) => {
app.post('/login', function (req, res) { const profile = {
var profile = {
first_name: 'John', first_name: 'John',
last_name: 'Doe', last_name: 'Doe',
email: 'john@doe.com', email: 'john@doe.com',
@ -38,23 +39,20 @@ exports.start = function (callback) {
}; };
// We are sending the profile inside the token // We are sending the profile inside the token
var token = jwt.sign(profile, options.secret, { expiresIn: 60*60*5 }); const token = jwt.sign(profile, options.secret, { expiresIn: 60*60*5 });
res.json({ token: token }); res.json({ token: token });
}); });
server = http.createServer(app);
sio = socketIo.listen(server);
sio.on('connection', function (socket) { sio.on('connection', (socket) => {
socket.emit('hi'); socket.emit('hi');
}); });
var admin_nsp = sio.of('/admin'); const admin_nsp = sio.of('/admin');
admin_nsp.on('connection', socketio_jwt.authorize(options)) admin_nsp.on('connection', socketio_jwt.authorize(options))
.on('authenticated', function (socket) { .on('authenticated', (socket) => {
socket.emit('hi admin'); socket.emit('hi admin');
}); });
@ -63,7 +61,7 @@ exports.start = function (callback) {
enableDestroy(server); enableDestroy(server);
}; };
exports.stop = function (callback) { exports.stop = (callback) => {
sio.close(); sio.close();
try { try {
server.destroy(); server.destroy();

View File

@ -1,19 +1,20 @@
var express = require('express'); 'use strict'; // Node 4.x workaround
var http = require('http');
var socketIo = require('socket.io'); const express = require('express');
var socketio_jwt = require('../../lib'); const http = require('http');
var jwt = require('jsonwebtoken'); const socketIo = require('socket.io');
const socketio_jwt = require('../../lib');
var xtend = require('xtend'); const jwt = require('jsonwebtoken');
var bodyParser = require('body-parser'); const xtend = require('xtend');
const bodyParser = require('body-parser');
const enableDestroy = require('server-destroy');
var server, sio; let sio;
var enableDestroy = require('server-destroy');
exports.start = function (options, callback) { exports.start = (options, callback) => {
var SECRETS = { const SECRETS = {
123: 'aaafoo super sercret', 123: 'aaafoo super sercret',
555: 'other' 555: 'other'
}; };
@ -24,19 +25,20 @@ exports.start = function (options, callback) {
} }
options = xtend({ options = xtend({
secret: function(request, decodedToken, callback) { secret: (request, decodedToken, callback) => {
callback(null, SECRETS[decodedToken.id]); callback(null, SECRETS[decodedToken.id]);
}, },
timeout: 1000, timeout: 1000,
handshake: true handshake: true
}, options); }, options);
var app = express(); const app = express();
const server = http.createServer(app);
sio = socketIo.listen(server);
app.use(bodyParser.json()); app.use(bodyParser.json());
app.post('/login', (req, res) => {
app.post('/login', function (req, res) { const profile = {
var profile = {
first_name: 'John', first_name: 'John',
last_name: 'Doe', last_name: 'Doe',
email: 'john@doe.com', email: 'john@doe.com',
@ -44,33 +46,28 @@ exports.start = function (options, callback) {
}; };
// We are sending the profile inside the token // We are sending the profile inside the token
var token = jwt.sign(profile, SECRETS[123], { expiresIn: 60*60*5 }); const token = jwt.sign(profile, SECRETS[123], { expiresIn: 60*60*5 });
res.json({token: token}); res.json({token: token});
}); });
server = http.createServer(app);
sio = socketIo.listen(server);
if (options.handshake) { if (options.handshake) {
sio.use(socketio_jwt.authorize(options)); sio.use(socketio_jwt.authorize(options));
sio.sockets.on('echo', function (m) { sio.sockets.on('echo', (m) => {
sio.sockets.emit('echo-response', m); sio.sockets.emit('echo-response', m);
}); });
} else { } else {
sio.sockets sio.sockets
.on('connection', socketio_jwt.authorize(options)) .on('connection', socketio_jwt.authorize(options))
.on('authenticated', function (socket) { .on('authenticated', (socket) => {
socket.on('echo', function (m) { socket.on('echo', (m) => {
socket.emit('echo-response', m); socket.emit('echo-response', m);
}); });
}); });
} }
server.__sockets = []; server.__sockets = [];
server.on('connection', function (c) { server.on('connection', (c) => {
server.__sockets.push(c); server.__sockets.push(c);
}); });
@ -78,7 +75,7 @@ exports.start = function (options, callback) {
enableDestroy(server); enableDestroy(server);
}; };
exports.stop = function (callback) { exports.stop = (callback) => {
sio.close(); sio.close();
try { try {
server.destroy(); server.destroy();
@ -86,4 +83,3 @@ exports.stop = function (callback) {
callback(); callback();
}; };