Thream/socketio-jwt
2
1
Fork 0
mirror of https://github.com/Thream/socketio-jwt.git synced 2024-07-21 09:38:31 +02:00
Code Issues Releases Activity

Add a check to make sure provided secret is a string.

Browse Source 
```
const JWTOptions: JwtAuthOptions = {
    secret: process.env.JWT_SECRET as string,
    timeout: 5_000,
    decodedPropertyName: 'decodedToken',
};
```

Without the change I made and the options snipped above where the secret is actualy "undefined" because the .env file wasn't loaded yet you get a really weird situation that's very hard to debug. 

With "undefined" used as secret the client will successfully connect and send its "authenticate" event without a problem. But the server will not do anything. No errors, no timeouts, nothing.
This commit is contained in:
ansien12 2019-07-30 22:00:08 +02:00 committed by GitHub
parent 4482bdd1c1
commit 67cc0fb846
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/index.js
View File

@ -111,6 +111,10 @@ function noQsMethod(options) {
function authorize(options, onConnection) {
options = xtend({ decodedPropertyName: 'decoded_token', encodedPropertyName: 'encoded_token' }, options);
if (typeof options.secret !== 'string') {
throw new Error(`Provided secret "${options.secret}" is invalid, must be of type string.`)
}
if (!options.handshake) {
return noQsMethod(options);