chore: basic structure of files to rewrite in TS

oldCode/test/authorizer.test.js

@@ -0,0 +1,148 @@
+const Q = require('q')
+const fixture = require('./fixture')
+const request = require('request')
+const io = require('socket.io-client')
+
+describe('authorizer', () => {
+  //start and stop the server
+  before((done) => {
+    fixture.start({}, done)
+  })
+  after(fixture.stop)
+
+  describe('when the user is not logged in', () => {
+    it('should emit error with unauthorized handshake', (done) => {
+      const socket = io.connect('http://localhost:9000?token=boooooo', {
+        forceNew: true
+      })
+
+      socket.on('error', (err) => {
+        err.message.should.eql('jwt malformed')
+        err.code.should.eql('invalid_token')
+        socket.close()
+        done()
+      })
+    })
+  })
+
+  describe('when the user is logged in', () => {
+    before((done) => {
+      request.post(
+        {
+          url: 'http://localhost:9000/login',
+          form: { username: 'jose', password: 'Pa123' },
+          json: true
+        },
+        (err, resp, body) => {
+          this.token = body.token
+          done()
+        }
+      )
+    })
+
+    describe('authorizer disallows query string token when specified in startup options', () => {
+      before((done) => {
+        Q.ninvoke(fixture, 'stop')
+          .then(() =>
+            Q.ninvoke(fixture, 'start', { auth_header_required: true })
+          )
+          .done(done)
+      })
+
+      after((done) => {
+        Q.ninvoke(fixture, 'stop')
+          .then(() => Q.ninvoke(fixture, 'start', {}))
+          .done(done)
+      })
+
+      it('auth headers are supported', (done) => {
+        const socket = io.connect('http://localhost:9000', {
+          forceNew: true,
+          extraHeaders: { Authorization: 'Bearer ' + this.token }
+        })
+
+        socket
+          .on('connect', () => {
+            socket.close()
+            done()
+          })
+          .on('error', done)
+      })
+
+      it('auth token in query string is disallowed', (done) => {
+        const socket = io.connect('http://localhost:9000', {
+          forceNew: true,
+          query: 'token=' + this.token
+        })
+
+        socket.on('error', (err) => {
+          err.message.should.eql('Server requires Authorization Header')
+          err.code.should.eql('missing_authorization_header')
+          socket.close()
+          done()
+        })
+      })
+    })
+
+    describe('authorizer all auth types allowed', () => {
+      before((done) => {
+        Q.ninvoke(fixture, 'stop')
+          .then(() => Q.ninvoke(fixture, 'start', {}))
+          .done(done)
+      })
+
+      it('auth headers are supported', (done) => {
+        const socket = io.connect('http://localhost:9000', {
+          forceNew: true,
+          extraHeaders: { Authorization: 'Bearer ' + this.token }
+        })
+
+        socket
+          .on('connect', () => {
+            socket.close()
+            done()
+          })
+          .on('error', done)
+      })
+
+      it('should do the handshake and connect', (done) => {
+        const socket = io.connect('http://localhost:9000', {
+          forceNew: true,
+          query: 'token=' + this.token
+        })
+
+        socket
+          .on('connect', () => {
+            socket.close()
+            done()
+          })
+          .on('error', done)
+      })
+    })
+  })
+
+  describe('unsigned token', () => {
+    beforeEach(() => {
+      this.token =
+        'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.'
+    })
+
+    it('should not do the handshake and connect', (done) => {
+      const socket = io.connect('http://localhost:9000', {
+        forceNew: true,
+        query: 'token=' + this.token
+      })
+
+      socket
+        .on('connect', () => {
+          socket.close()
+          done(new Error('this shouldnt happen'))
+        })
+        .on('error', (err) => {
+          socket.close()
+          err.message.should.eql('jwt signature is required')
+          done()
+        })
+    })
+  })
+})

oldCode/test/authorizer_namespaces.test.js

@@ -0,0 +1,108 @@
+const fixture = require('./fixture/namespace')
+const request = require('request')
+const io = require('socket.io-client')
+
+describe('authorizer with namespaces', () => {
+  //start and stop the server
+  before(fixture.start)
+  after(fixture.stop)
+
+  describe('when the user is not logged in', () => {
+    it('should be able to connect to the default namespace', (done) => {
+      io.connect('http://localhost:9000')
+        .once('hi', () => done())
+        .on('error', done)
+    })
+
+    it('should not be able to connect to the admin namespace', (done) => {
+      io.connect('http://localhost:9000/admin')
+        .once('disconnect', () => done())
+        .once('hi admin', () =>
+          done(
+            new Error(
+              'unauthenticated client was able to connect to the admin namespace'
+            )
+          )
+        )
+    })
+
+    it('should not be able to connect to the admin_hs namespace', (done) => {
+      io.connect('http://localhost:9000/admin_hs')
+        .once('hi admin', () =>
+          done(
+            new Error(
+              'unauthenticated client was able to connect to the admin_hs namespace'
+            )
+          )
+        )
+        .on('error', (err) => {
+          if (err === 'Invalid namespace') {
+            // SocketIO throws this error, if auth failed
+            return
+          } else if (err && err.type == 'UnauthorizedError') {
+            done()
+          } else {
+            done(err)
+          }
+        })
+    })
+  })
+
+  describe('when the user is logged in', () => {
+    beforeEach((done) => {
+      request.post(
+        {
+          url: 'http://localhost:9000/login',
+          form: { username: 'jose', password: 'Pa123' },
+          json: true
+        },
+        (err, resp, body) => {
+          this.token = body.token
+          done()
+        }
+      )
+    })
+
+    it('should do the authentication and connect', (done) => {
+      io.connect('http://localhost:9000/admin', { forceNew: true })
+        .on('hi admin', () => done())
+        .emit('authenticate', { token: this.token })
+    })
+
+    it('should do the authentication and connect without "forceNew"', (done) => {
+      io.connect('http://localhost:9000/admin', { forceNew: false })
+        .on('hi admin', () => done())
+        .emit('authenticate', { token: this.token })
+    })
+  })
+
+  describe('when the user is logged in via handshake', () => {
+    beforeEach((done) => {
+      request.post(
+        {
+          url: 'http://localhost:9000/login',
+          form: { username: 'jose', password: 'Pa123' },
+          json: true
+        },
+        (err, resp, body) => {
+          this.token = body.token
+          done()
+        }
+      )
+    })
+
+    it('should do the handshake and connect', (done) => {
+      io.connect('http://localhost:9000/admin_hs', {
+        forceNew: true,
+        query: 'token=' + this.token
+      }).once('hi admin', () => done())
+    })
+
+    it('should do the handshake and connect without "forceNew"', (done) => {
+      io.connect('http://localhost:9000/admin_hs', {
+        forceNew: false,
+        query: 'token=' + this.token
+      }).once('hi admin', () => done())
+    })
+  })
+})

oldCode/test/authorizer_noqs.test.js

@@ -0,0 +1,59 @@
+const fixture = require('./fixture')
+const request = require('request')
+const io = require('socket.io-client')
+
+describe('authorizer without querystring', () => {
+  //start and stop the server
+  before((done) => {
+    fixture.start({ handshake: false }, done)
+  })
+
+  after(fixture.stop)
+
+  describe('when the user is not logged in', () => {
+    it('should close the connection after a timeout if no auth message is received', (done) => {
+      io.connect('http://localhost:9000', { forceNew: true }).once(
+        'disconnect',
+        () => done()
+      )
+    })
+
+    it('should not respond echo', (done) => {
+      io.connect('http://localhost:9000', { forceNew: true })
+        .on('echo-response', () => done(new Error('this should not happen')))
+        .emit('echo', { hi: 123 })
+
+      setTimeout(done, 1200)
+    })
+  })
+
+  describe('when the user is logged in', () => {
+    beforeEach((done) => {
+      request.post(
+        {
+          url: 'http://localhost:9000/login',
+          form: { username: 'jose', password: 'Pa123' },
+          json: true
+        },
+        (err, resp, body) => {
+          this.token = body.token
+          done()
+        }
+      )
+    })
+
+    it('should do the authentication and connect', (done) => {
+      const socket = io.connect('http://localhost:9000', { forceNew: true })
+
+      socket
+        .on('echo-response', () => {
+          socket.close()
+          done()
+        })
+        .on('authenticated', () => {
+          socket.emit('echo')
+        })
+        .emit('authenticate', { token: this.token })
+    })
+  })
+})

oldCode/test/authorizer_secret_function_noqs.test.js

@@ -0,0 +1,69 @@
+const fixture = require('./fixture/secret_function')
+const request = require('request')
+const io = require('socket.io-client')
+
+describe('authorizer with secret function', () => {
+  //start and stop the server
+  before((done) => {
+    fixture.start(
+      {
+        handshake: false
+      },
+      done
+    )
+  })
+
+  after(fixture.stop)
+
+  describe('when the user is not logged in', () => {
+    describe('and when token is not valid', () => {
+      beforeEach((done) => {
+        request.post(
+          {
+            url: 'http://localhost:9000/login',
+            json: { username: 'invalid_signature', password: 'Pa123' }
+          },
+          (err, resp, body) => {
+            this.invalidToken = body.token
+            done()
+          }
+        )
+      })
+
+      it('should emit unauthorized', (done) => {
+        io.connect('http://localhost:9000', { forceNew: true })
+          .on('unauthorized', () => done())
+          .emit('authenticate', { token: this.invalidToken + 'ass' })
+      })
+    })
+  })
+
+  describe('when the user is logged in', () => {
+    beforeEach((done) => {
+      request.post(
+        {
+          url: 'http://localhost:9000/login',
+          json: { username: 'valid_signature', password: 'Pa123' }
+        },
+        (err, resp, body) => {
+          this.token = body.token
+          done()
+        }
+      )
+    })
+
+    it('should do the authentication and connect', (done) => {
+      const socket = io.connect('http://localhost:9000', { forceNew: true })
+
+      socket
+        .on('echo-response', () => {
+          socket.close()
+          done()
+        })
+        .on('authenticated', () => {
+          socket.emit('echo')
+        })
+        .emit('authenticate', { token: this.token })
+    })
+  })
+})

oldCode/test/authorizer_secret_function_qs.test.js

@@ -0,0 +1,78 @@
+const fixture = require('./fixture/secret_function')
+const request = require('request')
+const io = require('socket.io-client')
+
+describe('authorizer with secret function', () => {
+  //start and stop the server
+  before(fixture.start)
+  after(fixture.stop)
+
+  describe('when the user is not logged in', () => {
+    it('should emit error with unauthorized handshake', (done) => {
+      const socket = io.connect('http://localhost:9000?token=boooooo', {
+        forceNew: true
+      })
+
+      socket.on('error', (err) => {
+        err.message.should.eql('jwt malformed')
+        err.code.should.eql('invalid_token')
+        socket.close()
+        done()
+      })
+    })
+  })
+
+  describe('when the user is logged in', () => {
+    beforeEach((done) => {
+      request.post(
+        {
+          url: 'http://localhost:9000/login',
+          json: { username: 'valid_signature', password: 'Pa123' }
+        },
+        (err, resp, body) => {
+          this.token = body.token
+          done()
+        }
+      )
+    })
+
+    it('should do the handshake and connect', (done) => {
+      const socket = io.connect('http://localhost:9000', {
+        forceNew: true,
+        query: 'token=' + this.token
+      })
+
+      socket
+        .on('connect', () => {
+          socket.close()
+          done()
+        })
+        .on('error', done)
+    })
+  })
+
+  describe('unsigned token', () => {
+    beforeEach(() => {
+      this.token =
+        'eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJuYW1lIjoiSm9obiBGb28ifQ.'
+    })
+
+    it('should not do the handshake and connect', (done) => {
+      const socket = io.connect('http://localhost:9000', {
+        forceNew: true,
+        query: 'token=' + this.token
+      })
+
+      socket
+        .on('connect', () => {
+          socket.close()
+          done(new Error('this shouldnt happen'))
+        })
+        .on('error', (err) => {
+          socket.close()
+          err.message.should.eql('jwt signature is required')
+          done()
+        })
+    })
+  })
+})

oldCode/test/fixture/index.js

@@ -0,0 +1,78 @@
+'use strict' // Node 4.x workaround
+
+const express = require('express')
+const http = require('http')
+
+const socketIo = require('socket.io')
+const socketio_jwt = require('../../lib')
+
+const jwt = require('jsonwebtoken')
+const xtend = require('xtend')
+const enableDestroy = require('server-destroy')
+
+let sio
+
+exports.start = (options, callback) => {
+  if (typeof options == 'function') {
+    callback = options
+    options = {}
+  }
+
+  options = xtend(
+    {
+      secret: 'aaafoo super sercret',
+      timeout: 1000,
+      handshake: true
+    },
+    options
+  )
+
+  const app = express()
+  const server = http.createServer(app)
+  sio = socketIo.listen(server)
+
+  app.use(express.json())
+  app.post('/login', (req, res) => {
+    const profile = {
+      first_name: 'John',
+      last_name: 'Doe',
+      email: 'john@doe.com',
+      id: 123
+    }
+
+    // We are sending the profile inside the token
+    const token = jwt.sign(profile, options.secret, { expiresIn: 60 * 60 * 5 })
+    res.json({ token: token })
+  })
+
+  if (options.handshake) {
+    sio.use(socketio_jwt.authorize(options))
+
+    sio.sockets.on('echo', (m) => {
+      sio.sockets.emit('echo-response', m)
+    })
+  } else {
+    sio.sockets
+      .on('connection', socketio_jwt.authorize(options))
+      .on('authenticated', (socket) => {
+        socket.on('echo', (m) => {
+          socket.emit('echo-response', m)
+        })
+      })
+  }
+
+  server.__sockets = []
+  server.on('connection', (c) => {
+    server.__sockets.push(c)
+  })
+  server.listen(9000, callback)
+  enableDestroy(server)
+}
+
+exports.stop = (callback) => {
+  sio.close()
+  try {
+    server.destroy()
+  } catch (er) {}
+  callback()
+}

oldCode/test/fixture/namespace.js

@@ -0,0 +1,77 @@
+'use strict' // Node 4.x workaround
+
+const express = require('express')
+const http = require('http')
+
+const socketIo = require('socket.io')
+const socketio_jwt = require('../../lib')
+
+const jwt = require('jsonwebtoken')
+const xtend = require('xtend')
+const enableDestroy = require('server-destroy')
+
+let sio
+
+/**
+ * This is an example server that shows how to do namespace authentication.
+ *
+ * The /admin namespace is protected by JWTs while the global namespace is public.
+ */
+exports.start = (callback) => {
+  const options = {
+    secret: 'aaafoo super sercret',
+    timeout: 1000,
+    handshake: false
+  }
+
+  const app = express()
+  const server = http.createServer(app)
+  sio = socketIo.listen(server)
+
+  app.use(express.json())
+  app.post('/login', (req, res) => {
+    const profile = {
+      first_name: 'John',
+      last_name: 'Doe',
+      email: 'john@doe.com',
+      id: 123
+    }
+
+    // We are sending the profile inside the token
+    const token = jwt.sign(profile, options.secret, { expiresIn: 60 * 60 * 5 })
+    res.json({ token: token })
+  })
+
+  // Global namespace (public)
+  sio.on('connection', (socket) => {
+    socket.emit('hi')
+  })
+
+  // Second roundtrip
+  const admin_nsp = sio.of('/admin')
+
+  admin_nsp
+    .on('connection', socketio_jwt.authorize(options))
+    .on('authenticated', (socket) => {
+      socket.emit('hi admin')
+    })
+
+  // One roundtrip
+  const admin_nsp_hs = sio.of('/admin_hs')
+
+  admin_nsp_hs.use(socketio_jwt.authorize(xtend(options, { handshake: true })))
+  admin_nsp_hs.on('connection', (socket) => {
+    socket.emit('hi admin')
+  })
+
+  server.listen(9000, callback)
+  enableDestroy(server)
+}
+
+exports.stop = (callback) => {
+  sio.close()
+  try {
+    server.destroy()
+  } catch (er) {}
+  callback()
+}

oldCode/test/fixture/secret_function.js

@@ -0,0 +1,87 @@
+'use strict' // Node 4.x workaround
+
+const express = require('express')
+const http = require('http')
+
+const socketIo = require('socket.io')
+const socketio_jwt = require('../../lib')
+
+const jwt = require('jsonwebtoken')
+const xtend = require('xtend')
+const enableDestroy = require('server-destroy')
+
+let sio
+
+exports.start = (options, callback) => {
+  const SECRETS = {
+    123: 'aaafoo super sercret',
+    555: 'other'
+  }
+
+  if (typeof options == 'function') {
+    callback = options
+    options = {}
+  }
+
+  options = xtend(
+    {
+      secret: (request, decodedToken, callback) => {
+        callback(null, SECRETS[decodedToken.id])
+      },
+      timeout: 1000,
+      handshake: true
+    },
+    options
+  )
+
+  const app = express()
+  const server = http.createServer(app)
+  sio = socketIo.listen(server)
+
+  app.use(express.json())
+  app.post('/login', (req, res) => {
+    const profile = {
+      first_name: 'John',
+      last_name: 'Doe',
+      email: 'john@doe.com',
+      id: req.body.username === 'valid_signature' ? 123 : 555
+    }
+
+    // We are sending the profile inside the token
+    const token = jwt.sign(profile, SECRETS[123], { expiresIn: 60 * 60 * 5 })
+    res.json({ token: token })
+  })
+
+  if (options.handshake) {
+    sio.use(socketio_jwt.authorize(options))
+
+    sio.sockets.on('echo', (m) => {
+      sio.sockets.emit('echo-response', m)
+    })
+  } else {
+    sio.sockets
+      .on('connection', socketio_jwt.authorize(options))
+      .on('authenticated', (socket) => {
+        socket.on('echo', (m) => {
+          socket.emit('echo-response', m)
+        })
+      })
+  }
+
+  server.__sockets = []
+  server.on('connection', (c) => {
+    server.__sockets.push(c)
+  })
+
+  server.listen(9000, callback)
+  enableDestroy(server)
+}
+
+exports.stop = (callback) => {
+  sio.close()
+  try {
+    server.destroy()
+  } catch (er) {}
+
+  callback()
+}

oldCode/test/mocha.opts

@@ -0,0 +1,3 @@
+--require should
+--reporter spec
+--timeout 15000