Thream/socketio-jwt
Archived
2
1
Fork 0
Code Issues Pull Requests Releases Activity

Add a check to make sure provided secret is a string.

Browse Source 
```
const JWTOptions: JwtAuthOptions = {
    secret: process.env.JWT_SECRET as string,
    timeout: 5_000,
    decodedPropertyName: 'decodedToken',
};
```

Without the change I made and the options snipped above where the secret is actualy "undefined" because the .env file wasn't loaded yet you get a really weird situation that's very hard to debug. 

With "undefined" used as secret the client will successfully connect and send its "authenticate" event without a problem. But the server will not do anything. No errors, no timeouts, nothing.
This commit is contained in:
ansien12
2019-07-30 22:00:08 +02:00
committed by GitHub
parent 4482bdd1c1
commit 67cc0fb846
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/index.js
View File

@@ -111,6 +111,10 @@ function noQsMethod(options) {
function authorize(options, onConnection) { function authorize(options, onConnection) {
options = xtend({ decodedPropertyName: 'decoded_token', encodedPropertyName: 'encoded_token' }, options); options = xtend({ decodedPropertyName: 'decoded_token', encodedPropertyName: 'encoded_token' }, options);
if (typeof options.secret !== 'string') {
throw new Error(`Provided secret "${options.secret}" is invalid, must be of type string.`)
}
if (!options.handshake) { if (!options.handshake) {
return noQsMethod(options); return noQsMethod(options);