From f62a93c9d29156c12b948db5ec4caa425f4b4d18 Mon Sep 17 00:00:00 2001 From: Bradley Olson Date: Fri, 26 Oct 2012 11:13:28 -0500 Subject: [PATCH 1/2] added option of success or fail callbacks. Needed to still allow users access to sockets even if they weren't logged in, but needed specific data if they were. --- lib/index.js | 63 +++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 47 insertions(+), 16 deletions(-) diff --git a/lib/index.js b/lib/index.js index 5fd042c..1f1d6e6 100644 --- a/lib/index.js +++ b/lib/index.js @@ -1,13 +1,37 @@ var connectUtils = require('connect').utils, cookie = require('cookie'); -function authorize(options){ - var passport = options.passport || require('passport'), - sessionKey = options.sessionKey || 'express.sid', - sessionSecret = options.sessionSecret, - sessionStore = options.sessionStore; +var overwrite = function(overwritten) { + return (function() { + if( arguments.length > 1 ) { + for( objects in arguments ) { + overwrite( this, arguments[objects] ); + } + } - var userProperty = passport._userProperty || 'user'; + for( var key in arguments[0] ) { + if( arguments[0].hasOwnProperty(key) ) { + this[key] = arguments[0][key]; + } + } + + return this; + }).apply(overwritten, Array.prototype.slice.call(arguments, 1)); +} + +function authorize(options) { + var auth = { + passport: require('passport'), + sessionKey: 'express.sid', + sessionSecret: null, + sessionStore: null, + success: null, + fail: null + }; + + overwrite( auth, options ); + + auth.userProperty = auth.passport._userProperty || 'user'; return function(data, accept){ if (!data.headers.cookie) { @@ -16,30 +40,37 @@ function authorize(options){ var parsedCookie = cookie.parse(data.headers.cookie); - data.cookie = connectUtils.parseSignedCookies(parsedCookie, sessionSecret); + data.cookie = connectUtils.parseSignedCookies(parsedCookie, auth.sessionSecret); - data.sessionID = data.cookie[sessionKey]; + data.sessionID = data.cookie[ auth.sessionKey ]; - sessionStore.get(data.sessionID, function(err, session){ - + auth.sessionStore.get(data.sessionID, function(err, session){ if (err) { return accept('Error in session store.', false); } else if (!session) { return accept('Session not found.', false); } - if(!session[passport._key]){ + if( !session[ auth.passport._key ] ){ return accept('passport was not initialized', false); } - var userKey = session[passport._key][userProperty]; + var userKey = session[ auth.passport._key ][ auth.userProperty ]; - if(!userKey){ + if( !userKey && auth.fail ) { + return auth.fail( data, accept ); + } else if( !userKey ) { return accept('not yet authenticated', false); } - passport.deserializeUser(userKey, function(err, user) { - data[userProperty] = user; + if( auth.success ) { + auth.passport.deserializeUser(userKey, function(err, user) { + data[ auth.userProperty ] = user; + return auth.success( data, accept ); + }); + } + auth.passport.deserializeUser(userKey, function(err, user) { + data[ auth.userProperty ] = user; return accept(null, true); }); @@ -59,4 +90,4 @@ function filterSocketsByUser(socketIo, filter){ } exports.authorize = authorize; -exports.filterSocketsByUser = filterSocketsByUser; \ No newline at end of file +exports.filterSocketsByUser = filterSocketsByUser; From 4123c382730c63c23a693a53eace6911f572780b Mon Sep 17 00:00:00 2001 From: Bradley Olson Date: Fri, 26 Oct 2012 11:19:01 -0500 Subject: [PATCH 2/2] updated readme to reflect changes. --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ab8b740..660d3e3 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,13 @@ Usage sio.set("authorization", passportSocketIo.authorize({ sessionKey: 'express.sid', //the cookie where express (or connect) stores its session id. sessionStore: mySessionStore, //the session store that express uses - sessionSecret: "my session secret" //the session secret to parse the cookie + sessionSecret: "my session secret", //the session secret to parse the cookie + fail: function(data, accept) { // *optional* callbacks on success or fail + accept(null, false); // second param takes boolean on whether or not to allow handshake + }, + success: function(data, accept) { + accept(null, true); + } })); sio.sockets.on("connection", function(socket){