Thream/socketio-jwt
Archived
2
1
Fork 0
Code Issues Pull Requests Releases Activity

chore: initial commit

Browse Source
This commit is contained in:
divlo
2020-12-27 17:25:44 +01:00
parent 04294c69c5
commit 2e5d281f46
27 changed files with 813 additions and 740 deletions
Download Patch File Download Diff File Expand all files Collapse all files

183
test/authorizer.test.js
View File

@ -1,141 +1,148 @@
const Q = require('q');
const fixture = require('./fixture');
const request = require('request');
const io = require('socket.io-client');
const Q = require('q')
const fixture = require('./fixture')
const request = require('request')
const io = require('socket.io-client')
describe('authorizer', () => {
//start and stop the server
before((done) => { fixture.start({ }, done) });
after(fixture.stop);
before((done) => {
fixture.start({}, done)
})
after(fixture.stop)
describe('when the user is not logged in', () => {
it('should emit error with unauthorized handshake', (done) => {
const socket = io.connect('http://localhost:9000?token=boooooo', {
forceNew: true
});
})
socket.on('error', (err) => {
err.message.should.eql('jwt malformed');
err.code.should.eql('invalid_token');
socket.close();
done();
});
});
});
err.message.should.eql('jwt malformed')
err.code.should.eql('invalid_token')
socket.close()
done()
})
})
})
describe('when the user is logged in', () => {
before((done) => {
request.post({
url: 'http://localhost:9000/login',
form: { username: 'jose', password: 'Pa123' },
json: true
}, (err, resp, body) => {
this.token = body.token;
done();
});
});
request.post(
{
url: 'http://localhost:9000/login',
form: { username: 'jose', password: 'Pa123' },
json: true
},
(err, resp, body) => {
this.token = body.token
done()
}
)
})
describe('authorizer disallows query string token when specified in startup options', () => {
before((done) => {
Q.ninvoke(fixture, 'stop')
.then(() => Q.ninvoke(fixture, 'start', { auth_header_required: true }))
.done(done);
});
.then(() =>
Q.ninvoke(fixture, 'start', { auth_header_required: true })
)
.done(done)
})
after((done) => {
Q.ninvoke(fixture, 'stop')
.then(() => Q.ninvoke(fixture, 'start', { }))
.done(done);
});
it('auth headers are supported', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
extraHeaders: { Authorization: 'Bearer ' + this.token}
});
socket
.on('connect', () => {
socket.close();
done();
})
.on('error', done);
});
it('auth token in query string is disallowed', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
query: 'token=' + this.token
});
socket.on('error', (err) => {
err.message.should.eql('Server requires Authorization Header');
err.code.should.eql('missing_authorization_header');
socket.close();
done();
});
});
})
describe('authorizer all auth types allowed', () => {
before((done) => {
Q.ninvoke(fixture, 'stop')
.then(() => Q.ninvoke(fixture, 'start', {}))
.done(done);
.done(done)
})
it('auth headers are supported', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
extraHeaders: { Authorization: 'Bearer ' + this.token }
});
})
socket
.on('connect', () => {
socket.close();
done();
socket.close()
done()
})
.on('error', done);
});
.on('error', done)
})
it('auth token in query string is disallowed', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
query: 'token=' + this.token
})
socket.on('error', (err) => {
err.message.should.eql('Server requires Authorization Header')
err.code.should.eql('missing_authorization_header')
socket.close()
done()
})
})
})
describe('authorizer all auth types allowed', () => {
before((done) => {
Q.ninvoke(fixture, 'stop')
.then(() => Q.ninvoke(fixture, 'start', {}))
.done(done)
})
it('auth headers are supported', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
extraHeaders: { Authorization: 'Bearer ' + this.token }
})
socket
.on('connect', () => {
socket.close()
done()
})
.on('error', done)
})
it('should do the handshake and connect', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
query: 'token=' + this.token
});
})
socket
.on('connect', () => {
socket.close();
done();
socket.close()
done()
})
.on('error', done);
});
});
});
.on('error', done)
})
})
})
describe('unsigned token', () => {
beforeEach(() => {
this.token = 'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.';
});
this.token =
'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.'
})
it('should not do the handshake and connect', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
query: 'token=' + this.token
});
})
socket
.on('connect', () => {
socket.close();
done(new Error('this shouldnt happen'));
socket.close()
done(new Error('this shouldnt happen'))
})
.on('error', (err) => {
socket.close();
err.message.should.eql('jwt signature is required');
done();
});
});
});
});
socket.close()
err.message.should.eql('jwt signature is required')
done()
})
})
})
})

125
test/authorizer_namespaces.test.js
View File

@ -1,91 +1,108 @@
const fixture = require('./fixture/namespace');
const request = require('request');
const io = require('socket.io-client');
const fixture = require('./fixture/namespace')
const request = require('request')
const io = require('socket.io-client')
describe('authorizer with namespaces', () => {
//start and stop the server
before(fixture.start);
after(fixture.stop);
before(fixture.start)
after(fixture.stop)
describe('when the user is not logged in', () => {
it('should be able to connect to the default namespace', (done) => {
io.connect('http://localhost:9000')
.once('hi', () => done())
.on('error', done);
});
.on('error', done)
})
it('should not be able to connect to the admin namespace', (done) => {
io.connect('http://localhost:9000/admin')
.once('disconnect', () => done())
.once('hi admin', () => done(new Error('unauthenticated client was able to connect to the admin namespace')));
});
.once('hi admin', () =>
done(
new Error(
'unauthenticated client was able to connect to the admin namespace'
)
)
)
})
it('should not be able to connect to the admin_hs namespace', (done) => {
io.connect('http://localhost:9000/admin_hs')
.once('hi admin', () => done(new Error('unauthenticated client was able to connect to the admin_hs namespace')))
.once('hi admin', () =>
done(
new Error(
'unauthenticated client was able to connect to the admin_hs namespace'
)
)
)
.on('error', (err) => {
if (err === 'Invalid namespace') { // SocketIO throws this error, if auth failed
return;
if (err === 'Invalid namespace') {
// SocketIO throws this error, if auth failed
return
} else if (err && err.type == 'UnauthorizedError') {
done();
done()
} else {
done(err);
done(err)
}
});
});
});
})
})
})
describe('when the user is logged in', () => {
beforeEach((done) => {
request.post({
url: 'http://localhost:9000/login',
form: { username: 'jose', password: 'Pa123' },
json: true
}, (err, resp, body) => {
this.token = body.token;
done();
});
});
request.post(
{
url: 'http://localhost:9000/login',
form: { username: 'jose', password: 'Pa123' },
json: true
},
(err, resp, body) => {
this.token = body.token
done()
}
)
})
it('should do the authentication and connect', (done) => {
io.connect('http://localhost:9000/admin', { forceNew: true })
.on('hi admin', () => done())
.emit('authenticate', { token: this.token });
});
.emit('authenticate', { token: this.token })
})
it('should do the authentication and connect without "forceNew"', (done) => {
io.connect('http://localhost:9000/admin', { forceNew: false })
.on('hi admin', () => done())
.emit('authenticate', { token: this.token });
});
});
.emit('authenticate', { token: this.token })
})
})
describe('when the user is logged in via handshake', () => {
beforeEach((done) => {
request.post({
url: 'http://localhost:9000/login',
form: { username: 'jose', password: 'Pa123' },
json: true
}, (err, resp, body) => {
this.token = body.token;
done();
});
});
request.post(
{
url: 'http://localhost:9000/login',
form: { username: 'jose', password: 'Pa123' },
json: true
},
(err, resp, body) => {
this.token = body.token
done()
}
)
})
it('should do the handshake and connect', (done) => {
io.connect('http://localhost:9000/admin_hs', { forceNew: true, query: 'token=' + this.token })
.once('hi admin', () => done());
});
io.connect('http://localhost:9000/admin_hs', {
forceNew: true,
query: 'token=' + this.token
}).once('hi admin', () => done())
})
it('should do the handshake and connect without "forceNew"', (done) => {
io.connect('http://localhost:9000/admin_hs', { forceNew: false, query: 'token=' + this.token })
.once('hi admin', () => done());
});
});
});
io.connect('http://localhost:9000/admin_hs', {
forceNew: false,
query: 'token=' + this.token
}).once('hi admin', () => done())
})
})
})

72
test/authorizer_noqs.test.js
View File

@ -1,57 +1,59 @@
const fixture = require('./fixture');
const request = require('request');
const io = require('socket.io-client');
const fixture = require('./fixture')
const request = require('request')
const io = require('socket.io-client')
describe('authorizer without querystring', () => {
//start and stop the server
before((done) => {
fixture.start({ handshake: false }, done);
});
fixture.start({ handshake: false }, done)
})
after(fixture.stop);
after(fixture.stop)
describe('when the user is not logged in', () => {
it('should close the connection after a timeout if no auth message is received', (done) => {
io.connect('http://localhost:9000', { forceNew: true })
.once('disconnect', () => done());
});
io.connect('http://localhost:9000', { forceNew: true }).once(
'disconnect',
() => done()
)
})
it('should not respond echo', (done) => {
io.connect('http://localhost:9000', { forceNew: true })
.on('echo-response', () => done(new Error('this should not happen')))
.emit('echo', { hi: 123 });
.emit('echo', { hi: 123 })
setTimeout(done, 1200);
});
});
setTimeout(done, 1200)
})
})
describe('when the user is logged in', () => {
beforeEach((done) => {
request.post({
url: 'http://localhost:9000/login',
form: { username: 'jose', password: 'Pa123' },
json: true
}, (err, resp, body) => {
this.token = body.token;
done();
});
});
request.post(
{
url: 'http://localhost:9000/login',
form: { username: 'jose', password: 'Pa123' },
json: true
},
(err, resp, body) => {
this.token = body.token
done()
}
)
})
it('should do the authentication and connect', (done) => {
const socket = io.connect('http://localhost:9000', { forceNew: true });
const socket = io.connect('http://localhost:9000', { forceNew: true })
socket
.on('echo-response', () => {
socket.close();
done();
socket.close()
done()
})
.on('authenticated', () => { socket.emit('echo'); })
.emit('authenticate', { token: this.token });
});
});
});
.on('authenticated', () => {
socket.emit('echo')
})
.emit('authenticate', { token: this.token })
})
})
})

86
test/authorizer_secret_function_noqs.test.js
View File

@ -1,63 +1,69 @@
const fixture = require('./fixture/secret_function');
const request = require('request');
const io = require('socket.io-client');
const fixture = require('./fixture/secret_function')
const request = require('request')
const io = require('socket.io-client')
describe('authorizer with secret function', () => {
//start and stop the server
before((done) => {
fixture.start({
handshake: false
}, done);
});
fixture.start(
{
handshake: false
},
done
)
})
after(fixture.stop);
after(fixture.stop)
describe('when the user is not logged in', () => {
describe('and when token is not valid', () => {
beforeEach((done) => {
request.post({
url: 'http://localhost:9000/login',
json: { username: 'invalid_signature', password: 'Pa123' }
}, (err, resp, body) => {
this.invalidToken = body.token;
done();
});
});
request.post(
{
url: 'http://localhost:9000/login',
json: { username: 'invalid_signature', password: 'Pa123' }
},
(err, resp, body) => {
this.invalidToken = body.token
done()
}
)
})
it('should emit unauthorized', (done) => {
io.connect('http://localhost:9000', { forceNew: true })
.on('unauthorized', () => done())
.emit('authenticate', { token: this.invalidToken + 'ass' })
});
});
});
})
})
})
describe('when the user is logged in', () => {
beforeEach((done) => {
request.post({
url: 'http://localhost:9000/login',
json: { username: 'valid_signature', password: 'Pa123' }
}, (err, resp, body) => {
this.token = body.token;
done();
});
});
request.post(
{
url: 'http://localhost:9000/login',
json: { username: 'valid_signature', password: 'Pa123' }
},
(err, resp, body) => {
this.token = body.token
done()
}
)
})
it('should do the authentication and connect', (done) => {
const socket = io.connect('http://localhost:9000', { forceNew: true });
const socket = io.connect('http://localhost:9000', { forceNew: true })
socket
.on('echo-response', () => {
socket.close();
done();
socket.close()
done()
})
.on('authenticated', () => { socket.emit('echo'); })
.emit('authenticate', { token: this.token });
});
});
});
.on('authenticated', () => {
socket.emit('echo')
})
.emit('authenticate', { token: this.token })
})
})
})

89
test/authorizer_secret_function_qs.test.js
View File

@ -1,77 +1,78 @@
const fixture = require('./fixture/secret_function');
const request = require('request');
const io = require('socket.io-client');
const fixture = require('./fixture/secret_function')
const request = require('request')
const io = require('socket.io-client')
describe('authorizer with secret function', () => {
//start and stop the server
before(fixture.start);
after(fixture.stop);
before(fixture.start)
after(fixture.stop)
describe('when the user is not logged in', () => {
it('should emit error with unauthorized handshake', (done) => {
const socket = io.connect('http://localhost:9000?token=boooooo', { forceNew: true });
const socket = io.connect('http://localhost:9000?token=boooooo', {
forceNew: true
})
socket.on('error', (err) => {
err.message.should.eql('jwt malformed');
err.code.should.eql('invalid_token');
socket.close();
done();
});
});
});
err.message.should.eql('jwt malformed')
err.code.should.eql('invalid_token')
socket.close()
done()
})
})
})
describe('when the user is logged in', () => {
beforeEach((done) => {
request.post({
url: 'http://localhost:9000/login',
json: { username: 'valid_signature', password: 'Pa123' }
}, (err, resp, body) => {
this.token = body.token;
done();
});
});
request.post(
{
url: 'http://localhost:9000/login',
json: { username: 'valid_signature', password: 'Pa123' }
},
(err, resp, body) => {
this.token = body.token
done()
}
)
})
it('should do the handshake and connect', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
query: 'token=' + this.token
});
})
socket
.on('connect', () => {
socket.close();
done();
socket.close()
done()
})
.on('error', done);
});
});
.on('error', done)
})
})
describe('unsigned token', () => {
beforeEach(() => {
this.token = 'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.';
});
this.token =
'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.'
})
it('should not do the handshake and connect', (done) => {
const socket = io.connect('http://localhost:9000', {
forceNew: true,
query: 'token=' + this.token
});
})
socket
.on('connect', () => {
socket.close();
done(new Error('this shouldnt happen'));
socket.close()
done(new Error('this shouldnt happen'))
})
.on('error', (err) => {
socket.close();
err.message.should.eql('jwt signature is required');
done();
});
});
});
});
socket.close()
err.message.should.eql('jwt signature is required')
done()
})
})
})
})

86
test/fixture/index.js
View File

@ -1,78 +1,78 @@
'use strict'; // Node 4.x workaround
'use strict' // Node 4.x workaround
const express = require('express');
const http = require('http');
const express = require('express')
const http = require('http')
const socketIo = require('socket.io');
const socketio_jwt = require('../../lib');
const socketIo = require('socket.io')
const socketio_jwt = require('../../lib')
const jwt = require('jsonwebtoken');
const xtend = require('xtend');
const bodyParser = require('body-parser');
const enableDestroy = require('server-destroy');
const jwt = require('jsonwebtoken')
const xtend = require('xtend')
const enableDestroy = require('server-destroy')
let sio;
let sio
exports.start = (options, callback) => {
if (typeof options == 'function') {
callback = options;
options = {};
callback = options
options = {}
}
options = xtend({
secret: 'aaafoo super sercret',
timeout: 1000,
handshake: true
}, options);
options = xtend(
{
secret: 'aaafoo super sercret',
timeout: 1000,
handshake: true
},
options
)
const app = express();
const server = http.createServer(app);
sio = socketIo.listen(server);
const app = express()
const server = http.createServer(app)
sio = socketIo.listen(server)
app.use(bodyParser.json());
app.use(express.json())
app.post('/login', (req, res) => {
const profile = {
first_name: 'John',
last_name: 'Doe',
email: 'john@doe.com',
id: 123
};
}
// We are sending the profile inside the token
const token = jwt.sign(profile, options.secret, { expiresIn: 60*60*5 });
res.json({token: token});
});
const token = jwt.sign(profile, options.secret, { expiresIn: 60 * 60 * 5 })
res.json({ token: token })
})
if (options.handshake) {
sio.use(socketio_jwt.authorize(options));
sio.use(socketio_jwt.authorize(options))
sio.sockets.on('echo', (m) => {
sio.sockets.emit('echo-response', m);
});
sio.sockets.emit('echo-response', m)
})
} else {
sio.sockets
.on('connection', socketio_jwt.authorize(options))
.on('authenticated', (socket) => {
socket.on('echo', (m) => {
socket.emit('echo-response', m);
});
});
socket.emit('echo-response', m)
})
})
}
server.__sockets = [];
server.__sockets = []
server.on('connection', (c) => {
server.__sockets.push(c);
});
server.listen(9000, callback);
enableDestroy(server);
};
server.__sockets.push(c)
})
server.listen(9000, callback)
enableDestroy(server)
}
exports.stop = (callback) => {
sio.close();
sio.close()
try {
server.destroy();
server.destroy()
} catch (er) {}
callback();
};
callback()
}

75
test/fixture/namespace.js
View File

@ -1,17 +1,16 @@
'use strict'; // Node 4.x workaround
'use strict' // Node 4.x workaround
const express = require('express');
const http = require('http');
const express = require('express')
const http = require('http')
const socketIo = require('socket.io');
const socketio_jwt = require('../../lib');
const socketIo = require('socket.io')
const socketio_jwt = require('../../lib')
const jwt = require('jsonwebtoken');
const xtend = require('xtend');
const enableDestroy = require('server-destroy');
const bodyParser = require('body-parser');
const jwt = require('jsonwebtoken')
const xtend = require('xtend')
const enableDestroy = require('server-destroy')
let sio;
let sio
/**
* This is an example server that shows how to do namespace authentication.
@ -19,62 +18,60 @@ let sio;
* The /admin namespace is protected by JWTs while the global namespace is public.
*/
exports.start = (callback) => {
const options = {
secret: 'aaafoo super sercret',
timeout: 1000,
handshake: false
};
}
const app = express();
const server = http.createServer(app);
sio = socketIo.listen(server);
const app = express()
const server = http.createServer(app)
sio = socketIo.listen(server)
app.use(bodyParser.json());
app.use(express.json())
app.post('/login', (req, res) => {
const profile = {
first_name: 'John',
last_name: 'Doe',
email: 'john@doe.com',
id: 123
};
}
// We are sending the profile inside the token
const token = jwt.sign(profile, options.secret, { expiresIn: 60*60*5 });
res.json({ token: token });
});
const token = jwt.sign(profile, options.secret, { expiresIn: 60 * 60 * 5 })
res.json({ token: token })
})
// Global namespace (public)
sio.on('connection', (socket) => {
socket.emit('hi');
});
socket.emit('hi')
})
// Second roundtrip
const admin_nsp = sio.of('/admin');
const admin_nsp = sio.of('/admin')
admin_nsp.on('connection', socketio_jwt.authorize(options))
admin_nsp
.on('connection', socketio_jwt.authorize(options))
.on('authenticated', (socket) => {
socket.emit('hi admin');
});
socket.emit('hi admin')
})
// One roundtrip
const admin_nsp_hs = sio.of('/admin_hs');
const admin_nsp_hs = sio.of('/admin_hs')
admin_nsp_hs.use(socketio_jwt.authorize(xtend(options, { handshake: true })));
admin_nsp_hs.use(socketio_jwt.authorize(xtend(options, { handshake: true })))
admin_nsp_hs.on('connection', (socket) => {
socket.emit('hi admin');
});
socket.emit('hi admin')
})
server.listen(9000, callback);
enableDestroy(server);
};
server.listen(9000, callback)
enableDestroy(server)
}
exports.stop = (callback) => {
sio.close();
sio.close()
try {
server.destroy();
server.destroy()
} catch (er) {}
callback();
};
callback()
}

92
test/fixture/secret_function.js
View File

@ -1,85 +1,87 @@
'use strict'; // Node 4.x workaround
'use strict' // Node 4.x workaround
const express = require('express');
const http = require('http');
const express = require('express')
const http = require('http')
const socketIo = require('socket.io');
const socketio_jwt = require('../../lib');
const socketIo = require('socket.io')
const socketio_jwt = require('../../lib')
const jwt = require('jsonwebtoken');
const xtend = require('xtend');
const bodyParser = require('body-parser');
const enableDestroy = require('server-destroy');
const jwt = require('jsonwebtoken')
const xtend = require('xtend')
const enableDestroy = require('server-destroy')
let sio;
let sio
exports.start = (options, callback) => {
const SECRETS = {
123: 'aaafoo super sercret',
555: 'other'
};
if (typeof options == 'function') {
callback = options;
options = {};
}
options = xtend({
secret: (request, decodedToken, callback) => {
callback(null, SECRETS[decodedToken.id]);
if (typeof options == 'function') {
callback = options
options = {}
}
options = xtend(
{
secret: (request, decodedToken, callback) => {
callback(null, SECRETS[decodedToken.id])
},
timeout: 1000,
handshake: true
},
timeout: 1000,
handshake: true
}, options);
options
)
const app = express();
const server = http.createServer(app);
sio = socketIo.listen(server);
const app = express()
const server = http.createServer(app)
sio = socketIo.listen(server)
app.use(bodyParser.json());
app.use(express.json())
app.post('/login', (req, res) => {
const profile = {
first_name: 'John',
last_name: 'Doe',
email: 'john@doe.com',
id: req.body.username === 'valid_signature' ? 123 : 555
};
}
// We are sending the profile inside the token
const token = jwt.sign(profile, SECRETS[123], { expiresIn: 60*60*5 });
res.json({token: token});
});
const token = jwt.sign(profile, SECRETS[123], { expiresIn: 60 * 60 * 5 })
res.json({ token: token })
})
if (options.handshake) {
sio.use(socketio_jwt.authorize(options));
sio.use(socketio_jwt.authorize(options))
sio.sockets.on('echo', (m) => {
sio.sockets.emit('echo-response', m);
});
sio.sockets.emit('echo-response', m)
})
} else {
sio.sockets
.on('connection', socketio_jwt.authorize(options))
.on('authenticated', (socket) => {
socket.on('echo', (m) => {
socket.emit('echo-response', m);
});
});
socket.emit('echo-response', m)
})
})
}
server.__sockets = [];
server.__sockets = []
server.on('connection', (c) => {
server.__sockets.push(c);
});
server.__sockets.push(c)
})
server.listen(9000, callback);
enableDestroy(server);
};
server.listen(9000, callback)
enableDestroy(server)
}
exports.stop = (callback) => {
sio.close();
sio.close()
try {
server.destroy();
server.destroy()
} catch (er) {}
callback();
};
callback()
}

2
test/mocha.opts
View File

@ -1,3 +1,3 @@
--require should
--reporter spec
--timeout 15000
--timeout 15000