Add a check to make sure provided secret is a string.

```
const JWTOptions: JwtAuthOptions = {
    secret: process.env.JWT_SECRET as string,
    timeout: 5_000,
    decodedPropertyName: 'decodedToken',
};
```

Without the change I made and the options snipped above where the secret is actualy "undefined" because the .env file wasn't loaded yet you get a really weird situation that's very hard to debug. 

With "undefined" used as secret the client will successfully connect and send its "authenticate" event without a problem. But the server will not do anything. No errors, no timeouts, nothing.
This commit is contained in:
ansien12 2019-07-30 22:00:08 +02:00 committed by GitHub
parent 4482bdd1c1
commit 67cc0fb846
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -111,6 +111,10 @@ function noQsMethod(options) {
function authorize(options, onConnection) {
options = xtend({ decodedPropertyName: 'decoded_token', encodedPropertyName: 'encoded_token' }, options);
if (typeof options.secret !== 'string') {
throw new Error(`Provided secret "${options.secret}" is invalid, must be of type string.`)
}
if (!options.handshake) {
return noQsMethod(options);