Thream/socketio-jwt
Archived
2
1
Fork 0
Code Issues Pull Requests Releases Activity

Merge branch 'develop' into develop

Browse Source
This commit is contained in:
Théo LUDWIG 2024-11-11 14:42:26 +01:00 committed by GitHub
commit 7abfc0a14d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
30 changed files with 6277 additions and 7009 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.eslintrc.json
View File

@ -1,6 +1,7 @@
{
"extends": ["conventions", "prettier"],
"plugins": ["prettier", "import", "unicorn"],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"project": "./tsconfig.json"
},

8
.github/ISSUE_TEMPLATE/BUG.md vendored
View File

@ -1,8 +1,8 @@
---
name: '🐛 Bug Report'
about: 'Report an unexpected problem or unintended behavior.'
title: '[Bug]'
labels: 'bug'
name: "🐛 Bug Report"
about: "Report an unexpected problem or unintended behavior."
title: "[Bug]"
labels: "bug"
---
<!--

8
.github/ISSUE_TEMPLATE/DOCUMENTATION.md vendored
View File

@ -1,8 +1,8 @@
---
name: '📜 Documentation'
about: 'Correct spelling errors, improvements or additions to documentation files (README, CONTRIBUTING...).'
title: '[Documentation]'
labels: 'documentation'
name: "📜 Documentation"
about: "Correct spelling errors, improvements or additions to documentation files (README, CONTRIBUTING...)."
title: "[Documentation]"
labels: "documentation"
---
<!-- Please make sure your issue has not already been fixed. -->

8
.github/ISSUE_TEMPLATE/FEATURE_REQUEST.md vendored
View File

@ -1,8 +1,8 @@
---
name: '✨ Feature Request'
about: 'Suggest a new feature idea.'
title: '[Feature]'
labels: 'feature request'
name: "✨ Feature Request"
about: "Suggest a new feature idea."
title: "[Feature]"
labels: "feature request"
---
<!-- Please make sure your issue has not already been fixed. -->

8
.github/ISSUE_TEMPLATE/IMPROVEMENT.md vendored
View File

@ -1,8 +1,8 @@
---
name: '🔧 Improvement'
about: 'Improve structure/format/performance/refactor/tests of the code.'
title: '[Improvement]'
labels: 'improvement'
name: "🔧 Improvement"
about: "Improve structure/format/performance/refactor/tests of the code."
title: "[Improvement]"
labels: "improvement"
---
<!-- Please make sure your issue has not already been fixed. -->

8
.github/ISSUE_TEMPLATE/QUESTION.md vendored
View File

@ -1,8 +1,8 @@
---
name: '🙋 Question'
about: 'Further information is requested.'
title: '[Question]'
labels: 'question'
name: "🙋 Question"
about: "Further information is requested."
title: "[Question]"
labels: "question"
---
### Question

2
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -1,6 +1,6 @@
<!-- Please first discuss the change you wish to make via issue before making a change. It might avoid a waste of your time. -->
## What changes this PR introduce?
# What changes this PR introduce?
## List any relevant issue numbers

24
.github/workflows/build.yml vendored
View File

@ -1,4 +1,4 @@
name: 'Build'
name: "Build"
on:
push:
@ -8,20 +8,20 @@ on:
jobs:
build:
runs-on: 'ubuntu-latest'
runs-on: "ubuntu-latest"
steps:
- uses: 'actions/checkout@v3.3.0'
- uses: "actions/checkout@v4.0.0"
- name: 'Use Node.js'
uses: 'actions/setup-node@v3.6.0'
- name: "Setup Node.js"
uses: "actions/setup-node@v3.8.1"
with:
node-version: 'lts/*'
cache: 'npm'
node-version: "20.x"
cache: "npm"
- name: 'Install'
run: 'npm install'
- name: "Install dependencies"
run: "npm clean-install"
- name: 'Build'
run: 'npm run build'
- name: "Build"
run: "npm run build"
- run: 'npm run build:typescript'
- run: "npm run build:typescript"

26
.github/workflows/lint.yml vendored
View File

@ -1,4 +1,4 @@
name: 'Lint'
name: "Lint"
on:
push:
@ -8,21 +8,21 @@ on:
jobs:
lint:
runs-on: 'ubuntu-latest'
runs-on: "ubuntu-latest"
steps:
- uses: 'actions/checkout@v3.3.0'
- uses: "actions/checkout@v4.0.0"
- name: 'Use Node.js'
uses: 'actions/setup-node@v3.6.0'
- name: "Setup Node.js"
uses: "actions/setup-node@v3.8.1"
with:
node-version: 'lts/*'
cache: 'npm'
node-version: "20.x"
cache: "npm"
- name: 'Install'
run: 'npm install'
- name: "Install dependencies"
run: "npm clean-install"
- run: 'npm run lint:commit -- --to "${{ github.sha }}"'
- run: 'npm run lint:editorconfig'
- run: 'npm run lint:markdown'
- run: 'npm run lint:eslint'
- run: 'npm run lint:prettier'
- run: "npm run lint:editorconfig"
- run: "npm run lint:markdown"
- run: "npm run lint:eslint"
- run: "npm run lint:prettier"

36
.github/workflows/release.yml vendored
View File

@ -1,4 +1,4 @@
name: 'Release'
name: "Release"
on:
push:
@ -6,26 +6,34 @@ on:
jobs:
release:
runs-on: 'ubuntu-latest'
runs-on: "ubuntu-latest"
permissions:
contents: "write"
issues: "write"
pull-requests: "write"
id-token: "write"
steps:
- uses: 'actions/checkout@v3.3.0'
- uses: "actions/checkout@v4.0.0"
- name: 'Use Node.js'
uses: 'actions/setup-node@v3.6.0'
- name: "Setup Node.js"
uses: "actions/setup-node@v3.8.1"
with:
node-version: 'lts/*'
cache: 'npm'
node-version: "20.x"
cache: "npm"
- name: 'Install'
run: 'npm install'
- name: "Install dependencies"
run: "npm clean-install"
- name: 'Build Package'
run: 'npm run build'
- name: "Build Package"
run: "npm run build"
- run: 'npm run build:typescript'
- run: "npm run build:typescript"
- name: 'Release'
run: 'npm run release'
- name: "Verify the integrity of provenance attestations and registry signatures for installed dependencies"
run: "npm audit signatures"
- name: "Release"
run: "npm run release"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

26
.github/workflows/test.yml vendored
View File

@ -1,4 +1,4 @@
name: 'Test'
name: "Test"
on:
push:
@ -8,21 +8,21 @@ on:
jobs:
test:
runs-on: 'ubuntu-latest'
runs-on: "ubuntu-latest"
steps:
- uses: 'actions/checkout@v3.3.0'
- uses: "actions/checkout@v4.0.0"
- name: 'Use Node.js'
uses: 'actions/setup-node@v3.6.0'
- name: "Setup Node.js"
uses: "actions/setup-node@v3.8.1"
with:
node-version: 'lts/*'
cache: 'npm'
node-version: "20.x"
cache: "npm"
- name: 'Install'
run: 'npm install'
- name: "Install dependencies"
run: "npm clean-install"
- name: 'Build'
run: 'npm run build'
- name: "Build"
run: "npm run build"
- name: 'Test'
run: 'npm run test'
- name: "Test"
run: "npm run test"

6
.markdownlint-cli2.jsonc
View File

@ -1,4 +1,10 @@
{
"config": {
"extends": "markdownlint/style/prettier",
"relative-links": true,
"default": true,
"MD033": false
},
"globs": ["**/*.{md,mdx}"],
"ignores": ["**/node_modules"],
"customRules": ["markdownlint-rule-relative-links"]

7
.markdownlint.json
View File

@ -1,7 +0,0 @@
{
"default": true,
"relative-links": true,
"extends": "markdownlint/style/prettier",
"MD033": false,
"MD041": false
}

1
.npmrc
View File

@ -1 +1,2 @@
save-exact=true
provenance=true

5
.nycrc.json
View File

@ -1,5 +0,0 @@
{
"reporter": ["text", "cobertura"],
"src": "./build",
"all": true
}

5
.prettierrc.json
View File

@ -1,6 +1,3 @@
{
"singleQuote": true,
"jsxSingleQuote": true,
"semi": false,
"trailingComma": "none"
"semi": false
}

3
.swcrc
View File

@ -1,10 +1,11 @@
{
"sourceMaps": true,
"jsc": {
"parser": {
"syntax": "typescript",
"dynamicImport": true
},
"target": "es2022"
"target": "esnext"
},
"module": {
"type": "es6"

9
.taprc
View File

@ -1,9 +0,0 @@
ts: false
jsx: false
flow: false
check-coverage: false
coverage: false
timeout: 10000
files:
- 'build/**/*.test.js'

2
CODE_OF_CONDUCT.md
View File

@ -60,7 +60,7 @@ representative at an online or offline event.
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported to the community leaders responsible for enforcement at
contact@divlo.fr.
<contact@theoludwig.fr>.
All complaints will be reviewed and investigated promptly and fairly.
All community leaders are obligated to respect the privacy and security of the

24
CONTRIBUTING.md
View File

@ -29,26 +29,4 @@ If you're adding new features to **Thream/socketio-jwt**, please include tests.
## Commits
The commit message guidelines respect [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/master/%40commitlint/config-conventional) and [Semantic Versioning](https://semver.org/) for releases.
### Types
Types define which kind of changes you made to the project.
| Types | Description |
| -------- | ------------------------------------------------------------------------------------------------------------ |
| feat | A new feature. |
| fix | A bug fix. |
| docs | Documentation only changes. |
| style | Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc). |
| refactor | A code change that neither fixes a bug nor adds a feature. |
| perf | A code change that improves performance. |
| test | Adding missing tests or correcting existing tests. |
| build | Changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm). |
| ci | Changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs). |
| chore | Other changes that don't modify src or test files. |
| revert | Reverts a previous commit. |
### Scopes
Scopes define what part of the code changed.
The commit message guidelines adheres to [Conventional Commits](https://www.conventionalcommits.org/) and [Semantic Versioning](https://semver.org/) for releases.

2
LICENSE
View File

@ -1,6 +1,6 @@
MIT License
Copyright (c) Auth0, Inc. <support@auth0.com> (http://auth0.com) and Thream contributors
Copyright (c) Auth0, Inc. <support@auth0.com> (<https://auth0.com/>) and Thream contributors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

57
README.md
View File

@ -22,13 +22,12 @@
Authenticate socket.io incoming connections with JWTs.
Compatible with `socket.io >= 3.0.0`.
This repository was originally forked from [auth0-socketio-jwt](https://github.com/auth0-community/auth0-socketio-jwt) & it is not intended to take any credit but to improve the code from now on.
This repository was originally forked from [auth0-socketio-jwt](https://github.com/auth0-community/auth0-socketio-jwt) and it is not intended to take any credit but to improve the code from now on.
## Prerequisites
- [Node.js](https://nodejs.org/) >= 16.0.0
- [Socket.IO](https://socket.io/) >= 3.0.0
## 💾 Install
@ -43,24 +42,24 @@ npm install --save @thream/socketio-jwt
### Server side
```ts
import { Server } from 'socket.io'
import { authorize } from '@thream/socketio-jwt'
import { Server } from "socket.io"
import { authorize } from "@thream/socketio-jwt"
const io = new Server(9000)
io.use(
authorize({
secret: 'your secret or public key'
})
secret: "your secret or public key",
}),
)
io.on('connection', async (socket) => {
io.on("connection", async (socket) => {
// jwt payload of the connected client
console.log(socket.decodedToken)
const clients = await io.sockets.allSockets()
if (clients != null) {
for (const clientId of clients) {
const client = io.sockets.sockets.get(clientId)
client?.emit('messages', { message: 'Success!' })
client?.emit("messages", { message: "Success!" })
// we can access the jwt payload of each connected client
console.log(client?.decodedToken)
}
@ -71,12 +70,12 @@ io.on('connection', async (socket) => {
### Server side with `jwks-rsa` (example)
```ts
import jwksClient from 'jwks-rsa'
import { Server } from 'socket.io'
import { authorize } from '@thream/socketio-jwt'
import jwksClient from "jwks-rsa"
import { Server } from "socket.io"
import { authorize } from "@thream/socketio-jwt"
const client = jwksClient({
jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json'
jwksUri: "https://sandrino.auth0.com/.well-known/jwks.json",
})
const io = new Server(9000)
@ -85,11 +84,11 @@ io.use(
secret: async (decodedToken) => {
const key = await client.getSigningKeyAsync(decodedToken.header.kid)
return key.getPublicKey()
}
})
},
}),
)
io.on('connection', async (socket) => {
io.on("connection", async (socket) => {
// jwt payload of the connected client
console.log(socket.decodedToken)
// You can do the same things of the previous example there...
@ -99,21 +98,21 @@ io.on('connection', async (socket) => {
### Server side with `onAuthentication` (example)
```ts
import { Server } from 'socket.io'
import { authorize } from '@thream/socketio-jwt'
import { Server } from "socket.io"
import { authorize } from "@thream/socketio-jwt"
const io = new Server(9000)
io.use(
authorize({
secret: 'your secret or public key',
secret: "your secret or public key",
onAuthentication: async (decodedToken) => {
// return the object that you want to add to the user property
// or throw an error if the token is unauthorized
}
})
},
}),
)
io.on('connection', async (socket) => {
io.on("connection", async (socket) => {
// jwt payload of the connected client
console.log(socket.decodedToken)
// You can do the same things of the previous example there...
@ -131,23 +130,23 @@ io.on('connection', async (socket) => {
### Client side
```ts
import { io } from 'socket.io-client'
import { isUnauthorizedError } from '@thream/socketio-jwt/build/UnauthorizedError.js'
import { io } from "socket.io-client"
import { isUnauthorizedError } from "@thream/socketio-jwt/build/UnauthorizedError.js"
// Require Bearer Token
const socket = io('http://localhost:9000', {
auth: { token: `Bearer ${yourJWT}` }
const socket = io("http://localhost:9000", {
auth: { token: `Bearer ${yourJWT}` },
})
// Handling token expiration
socket.on('connect_error', (error) => {
socket.on("connect_error", (error) => {
if (isUnauthorizedError(error)) {
console.log('User token has expired')
console.log("User token has expired")
}
})
// Listening to events
socket.on('messages', (data) => {
socket.on("messages", (data) => {
console.log(data)
})
```

12448
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

79
package.json
View File

@ -8,20 +8,25 @@
"main": "build/index.js",
"types": "build/index.d.ts",
"files": [
"build"
"build",
"!**/*.test.js",
"!**/*.test.d.ts",
"!**/*.map"
],
"engines": {
"node": ">=16.0.0"
"node": ">=16.0.0",
"npm": ">=9.0.0"
},
"publishConfig": {
"access": "public"
"access": "public",
"provenance": true
},
"keywords": [
"socket",
"socket.io",
"jwt"
],
"author": "Divlo <contact@divlo.fr>",
"author": "Théo LUDWIG <contact@theoludwig.fr>",
"repository": {
"type": "git",
"url": "https://github.com/Thream/socketio-jwt"
@ -37,10 +42,10 @@
"lint:commit": "commitlint",
"lint:editorconfig": "editorconfig-checker",
"lint:markdown": "markdownlint-cli2",
"lint:eslint": "eslint \"**/*.{js,jsx,ts,tsx}\" --ignore-path \".gitignore\"",
"lint:prettier": "prettier \".\" --check --ignore-path \".gitignore\"",
"lint:eslint": "eslint . --max-warnings 0 --report-unused-disable-directives --ignore-path .gitignore",
"lint:prettier": "prettier . --check",
"lint:staged": "lint-staged",
"test": "c8 tap",
"test": "cross-env NODE_ENV=test node --enable-source-maps --test build/",
"release": "semantic-release",
"postinstall": "husky install",
"prepublishOnly": "pinst --disable",
@ -50,41 +55,39 @@
"socket.io": ">=3.0.0"
},
"dependencies": {
"jsonwebtoken": "9.0.0"
"jsonwebtoken": "9.0.2"
},
"devDependencies": {
"@commitlint/cli": "17.4.1",
"@commitlint/config-conventional": "17.4.0",
"@swc/cli": "0.1.57",
"@swc/core": "1.3.25",
"@tsconfig/strictest": "1.0.2",
"@types/jsonwebtoken": "9.0.0",
"@types/node": "18.11.18",
"@types/tap": "15.0.7",
"@typescript-eslint/eslint-plugin": "5.48.1",
"@typescript-eslint/parser": "5.48.1",
"axios": "1.2.2",
"c8": "7.12.0",
"editorconfig-checker": "4.0.2",
"eslint": "8.31.0",
"eslint-config-conventions": "6.0.0",
"eslint-config-prettier": "8.6.0",
"eslint-plugin-import": "2.26.0",
"eslint-plugin-prettier": "4.2.1",
"@commitlint/cli": "18.0.0",
"@commitlint/config-conventional": "18.0.0",
"@swc/cli": "0.1.62",
"@swc/core": "1.3.94",
"@tsconfig/strictest": "2.0.2",
"@types/jsonwebtoken": "9.0.4",
"@types/node": "20.8.7",
"@typescript-eslint/eslint-plugin": "6.9.0",
"@typescript-eslint/parser": "6.9.0",
"axios": "1.5.1",
"cross-env": "7.0.3",
"editorconfig-checker": "5.1.1",
"eslint": "8.52.0",
"eslint-config-conventions": "12.0.0",
"eslint-config-prettier": "9.0.0",
"eslint-plugin-import": "2.29.0",
"eslint-plugin-prettier": "5.0.1",
"eslint-plugin-promise": "6.1.1",
"eslint-plugin-unicorn": "45.0.2",
"fastify": "4.11.0",
"eslint-plugin-unicorn": "48.0.1",
"fastify": "4.24.3",
"husky": "8.0.3",
"lint-staged": "13.1.0",
"markdownlint-cli2": "0.6.0",
"markdownlint-rule-relative-links": "1.1.1",
"lint-staged": "15.0.2",
"markdownlint-cli2": "0.10.0",
"markdownlint-rule-relative-links": "2.1.0",
"pinst": "3.0.0",
"prettier": "2.8.2",
"rimraf": "3.0.2",
"semantic-release": "20.0.2",
"socket.io": "4.5.4",
"socket.io-client": "4.5.4",
"tap": "16.3.3",
"typescript": "4.9.4"
"prettier": "3.0.3",
"rimraf": "5.0.5",
"semantic-release": "22.0.5",
"socket.io": "4.7.2",
"socket.io-client": "4.7.2",
"typescript": "5.2.2"
}
}

20
src/UnauthorizedError.ts
View File

@ -1,20 +1,30 @@
export class UnauthorizedError extends Error {
public inner: { message: string }
public data: { message: string; code: string; type: 'UnauthorizedError' }
public data: { message: string; code: string; type: "UnauthorizedError" }
constructor(code: string, error: { message: string }) {
super(error.message)
this.name = 'UnauthorizedError'
this.name = "UnauthorizedError"
this.inner = error
this.data = {
message: this.message,
code,
type: 'UnauthorizedError'
type: "UnauthorizedError",
}
Object.setPrototypeOf(this, UnauthorizedError.prototype)
}
}
export const isUnauthorizedError = (error: any): error is UnauthorizedError => {
return error.data.type === 'UnauthorizedError'
export const isUnauthorizedError = (
error: unknown,
): error is UnauthorizedError => {
return (
typeof error === "object" &&
error != null &&
"data" in error &&
typeof error.data === "object" &&
error.data != null &&
"type" in error.data &&
error.data.type === "UnauthorizedError"
)
}

371
src/__test__/authorize.test.ts
View File

@ -1,37 +1,39 @@
import tap from 'tap'
import axios from 'axios'
import type { Socket } from 'socket.io-client'
import { io } from 'socket.io-client'
import test from "node:test"
import assert from "node:assert/strict"
import { isUnauthorizedError } from '../UnauthorizedError.js'
import type { Profile } from './fixture/index.js'
import axios from "axios"
import type { Socket } from "socket.io-client"
import { io } from "socket.io-client"
import { isUnauthorizedError } from "../UnauthorizedError.js"
import type { Profile } from "./fixture/index.js"
import {
API_URL,
fixtureStart,
fixtureStop,
getSocket,
basicProfile
} from './fixture/index.js'
basicProfile,
} from "./fixture/index.js"
export const api = axios.create({
baseURL: API_URL,
headers: {
'Content-Type': 'application/json'
}
"Content-Type": "application/json",
},
})
const secretCallback = async (): Promise<string> => {
return 'somesecret'
return "somesecret"
}
await tap.test('authorize', async (t) => {
await t.test('with secret as string in options', async (t) => {
let token = ''
await test("authorize", async (t) => {
await t.test("with secret as string in options", async (t) => {
let token = ""
let socket: Socket | null = null
t.beforeEach(async () => {
await fixtureStart()
const response = await api.post('/login', {})
const response = await api.post("/login", {})
token = response.data.token
})
@ -40,82 +42,87 @@ await tap.test('authorize', async (t) => {
await fixtureStop()
})
await t.test('should emit error with no token provided', (t) => {
t.plan(4)
await t.test("should emit error with no token provided", () => {
socket = io(API_URL)
socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true)
socket.on("connect_error", async (error) => {
assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) {
t.equal(error.data.message, 'no token provided')
t.equal(error.data.code, 'credentials_required')
assert.strictEqual(error.data.message, "no token provided")
assert.strictEqual(error.data.code, "credentials_required")
assert.ok(true)
} else {
assert.fail("should be unauthorized error")
}
t.pass()
})
socket.on('connect', async () => {
t.fail()
socket.on("connect", async () => {
assert.fail("should not connect")
})
})
await t.test('should emit error with bad token format', (t) => {
t.plan(4)
await t.test("should emit error with bad token format", () => {
socket = io(API_URL, {
auth: { token: 'testing' }
auth: { token: "testing" },
})
socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true)
socket.on("connect_error", async (error) => {
assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) {
t.equal(error.data.message, 'Format is Authorization: Bearer [token]')
t.equal(error.data.code, 'credentials_bad_format')
}
t.pass()
})
socket.on('connect', async () => {
t.fail()
})
})
await t.test('should emit error with unauthorized handshake', (t) => {
t.plan(4)
socket = io(API_URL, {
auth: { token: 'Bearer testing' }
})
socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) {
t.equal(
assert.strictEqual(
error.data.message,
'Unauthorized: Token is missing or invalid Bearer'
"Format is Authorization: Bearer [token]",
)
t.equal(error.data.code, 'invalid_token')
assert.strictEqual(error.data.code, "credentials_bad_format")
assert.ok(true)
} else {
assert.fail("should be unauthorized error")
}
t.pass()
})
socket.on('connect', async () => {
t.fail()
socket.on("connect", async () => {
assert.fail("should not connect")
})
})
await t.test('should connect the user', (t) => {
t.plan(1)
await t.test("should emit error with unauthorized handshake", () => {
socket = io(API_URL, {
auth: { token: `Bearer ${token}` }
auth: { token: "Bearer testing" },
})
socket.on('connect', async () => {
t.pass()
socket.on("connect_error", async (error) => {
assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) {
assert.strictEqual(
error.data.message,
"Unauthorized: Token is missing or invalid Bearer",
)
assert.strictEqual(error.data.code, "invalid_token")
assert.ok(true)
} else {
assert.fail("should be unauthorized error")
}
})
socket.on('connect_error', async (error) => {
t.fail(error.message)
socket.on("connect", async () => {
assert.fail("should not connect")
})
})
await t.test("should connect the user", () => {
socket = io(API_URL, {
auth: { token: `Bearer ${token}` },
})
socket.on("connect", async () => {
assert.ok(true)
})
socket.on("connect_error", async (error) => {
assert.fail(error.message)
})
})
})
await t.test('with secret as callback in options', async (t) => {
let token = ''
await t.test("with secret as callback in options", async (t) => {
let token = ""
let socket: Socket | null = null
t.beforeEach(async () => {
await fixtureStart({ secret: secretCallback })
const response = await api.post('/login', {})
const response = await api.post("/login", {})
token = response.data.token
})
@ -124,78 +131,83 @@ await tap.test('authorize', async (t) => {
await fixtureStop()
})
await t.test('should emit error with no token provided', (t) => {
t.plan(4)
await t.test("should emit error with no token provided", () => {
socket = io(API_URL)
socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true)
socket.on("connect_error", async (error) => {
assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) {
t.equal(error.data.message, 'no token provided')
t.equal(error.data.code, 'credentials_required')
assert.strictEqual(error.data.message, "no token provided")
assert.strictEqual(error.data.code, "credentials_required")
assert.ok(true)
} else {
assert.fail("should be unauthorized error")
}
t.pass()
})
socket.on('connect', async () => {
t.fail()
socket.on("connect", async () => {
assert.fail("should not connect")
})
})
await t.test('should emit error with bad token format', (t) => {
t.plan(4)
await t.test("should emit error with bad token format", () => {
socket = io(API_URL, {
auth: { token: 'testing' }
auth: { token: "testing" },
})
socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true)
socket.on("connect_error", async (error) => {
assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) {
t.equal(error.data.message, 'Format is Authorization: Bearer [token]')
t.equal(error.data.code, 'credentials_bad_format')
}
t.pass()
})
socket.on('connect', async () => {
t.fail()
})
})
await t.test('should emit error with unauthorized handshake', (t) => {
t.plan(4)
socket = io(API_URL, {
auth: { token: 'Bearer testing' }
})
socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) {
t.equal(
assert.strictEqual(
error.data.message,
'Unauthorized: Token is missing or invalid Bearer'
"Format is Authorization: Bearer [token]",
)
t.equal(error.data.code, 'invalid_token')
assert.strictEqual(error.data.code, "credentials_bad_format")
assert.ok(true)
} else {
assert.fail("should be unauthorized error")
}
t.pass()
})
socket.on('connect', async () => {
t.fail()
socket.on("connect", async () => {
assert.fail("should not connect")
})
})
await t.test('should connect the user', (t) => {
t.plan(1)
await t.test("should emit error with unauthorized handshake", () => {
socket = io(API_URL, {
auth: { token: `Bearer ${token}` }
auth: { token: "Bearer testing" },
})
socket.on('connect', async () => {
t.pass()
socket.on("connect_error", async (error) => {
assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) {
assert.strictEqual(
error.data.message,
"Unauthorized: Token is missing or invalid Bearer",
)
assert.strictEqual(error.data.code, "invalid_token")
assert.ok(true)
} else {
assert.fail("should be unauthorized error")
}
})
socket.on('connect_error', async (error) => {
t.fail(error.message)
socket.on("connect", async () => {
assert.fail("should not connect")
})
})
await t.test("should connect the user", () => {
socket = io(API_URL, {
auth: { token: `Bearer ${token}` },
})
socket.on("connect", async () => {
assert.ok(true)
})
socket.on("connect_error", async (error) => {
assert.fail(error.message)
})
})
})
await t.test('with onAuthentication callback in options', async (t) => {
let token = ''
let wrongToken = ''
await t.test("with onAuthentication callback in options", async (t) => {
let token = ""
let wrongToken = ""
let socket: Socket | null = null
t.beforeEach(async () => {
@ -203,16 +215,16 @@ await tap.test('authorize', async (t) => {
secret: secretCallback,
onAuthentication: (decodedToken: Profile) => {
if (!decodedToken.checkField) {
throw new Error('Check Field validation failed')
throw new Error("Check Field validation failed")
}
return {
email: decodedToken.email
email: decodedToken.email,
}
}
},
})
const response = await api.post('/login', {})
const response = await api.post("/login", {})
token = response.data.token
const responseWrong = await api.post('/login-wrong', {})
const responseWrong = await api.post("/login-wrong", {})
wrongToken = responseWrong.data.token
})
@ -221,104 +233,107 @@ await tap.test('authorize', async (t) => {
await fixtureStop()
})
await t.test('should emit error with no token provided', (t) => {
t.plan(4)
await t.test("should emit error with no token provided", () => {
socket = io(API_URL)
socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true)
socket.on("connect_error", async (error) => {
assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) {
t.equal(error.data.message, 'no token provided')
t.equal(error.data.code, 'credentials_required')
assert.strictEqual(error.data.message, "no token provided")
assert.strictEqual(error.data.code, "credentials_required")
assert.ok(true)
} else {
assert.fail("should be unauthorized error")
}
t.pass()
})
socket.on('connect', async () => {
t.fail()
socket.on("connect", async () => {
assert.fail("should not connect")
})
})
await t.test('should emit error with bad token format', (t) => {
t.plan(4)
await t.test("should emit error with bad token format", () => {
socket = io(API_URL, {
auth: { token: 'testing' }
auth: { token: "testing" },
})
socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true)
socket.on("connect_error", async (error) => {
assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) {
t.equal(error.data.message, 'Format is Authorization: Bearer [token]')
t.equal(error.data.code, 'credentials_bad_format')
}
t.pass()
})
socket.on('connect', async () => {
t.fail()
})
})
await t.test('should emit error with unauthorized handshake', (t) => {
t.plan(4)
socket = io(API_URL, {
auth: { token: 'Bearer testing' }
})
socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) {
t.equal(
assert.strictEqual(
error.data.message,
'Unauthorized: Token is missing or invalid Bearer'
"Format is Authorization: Bearer [token]",
)
t.equal(error.data.code, 'invalid_token')
assert.strictEqual(error.data.code, "credentials_bad_format")
assert.ok(true)
} else {
assert.fail("should be unauthorized error")
}
t.pass()
})
socket.on('connect', async () => {
t.fail()
socket.on("connect", async () => {
assert.fail("should not connect")
})
})
await t.test('should connect the user', (t) => {
t.plan(1)
await t.test("should emit error with unauthorized handshake", () => {
socket = io(API_URL, {
auth: { token: `Bearer ${token}` }
auth: { token: "Bearer testing" },
})
socket.on('connect', async () => {
t.pass()
socket.on("connect_error", async (error) => {
assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) {
assert.strictEqual(
error.data.message,
"Unauthorized: Token is missing or invalid Bearer",
)
assert.strictEqual(error.data.code, "invalid_token")
assert.ok(true)
} else {
assert.fail("should be unauthorized error")
}
})
socket.on('connect_error', async (error) => {
t.fail(error.message)
socket.on("connect", async () => {
assert.fail("should not connect")
})
})
await t.test('should contains user properties', (t) => {
t.plan(2)
await t.test("should connect the user", () => {
socket = io(API_URL, {
auth: { token: `Bearer ${token}` },
})
socket.on("connect", async () => {
assert.ok(true)
})
socket.on("connect_error", async (error) => {
assert.fail(error.message)
})
})
await t.test("should contains user properties", () => {
const socketServer = getSocket()
socketServer?.on('connection', (client: any) => {
t.equal(client.user.email, basicProfile.email)
t.pass()
socketServer?.on("connection", (client: any) => {
assert.strictEqual(client.user.email, basicProfile.email)
assert.ok(true)
})
socket = io(API_URL, {
auth: { token: `Bearer ${token}` }
auth: { token: `Bearer ${token}` },
})
socket.on('connect_error', async (error) => {
t.fail(error.message)
socket.on("connect_error", async (error) => {
assert.fail(error.message)
})
})
await t.test('should emit error when user validation fails', (t) => {
t.plan(2)
await t.test("should emit error when user validation fails", () => {
socket = io(API_URL, {
auth: { token: `Bearer ${wrongToken}` }
auth: { token: `Bearer ${wrongToken}` },
})
socket.on('connect_error', async (error) => {
socket.on("connect_error", async (error) => {
try {
t.equal(error.message, 'Check Field validation failed')
t.pass()
assert.strictEqual(error.message, "Check Field validation failed")
assert.ok(true)
} catch {
t.fail()
assert.fail(error.message)
}
})
socket.on('connect', async () => {
t.fail()
socket.on("connect", async () => {
assert.fail("should not connect")
})
})
})

42
src/__test__/fixture/index.ts
View File

@ -1,16 +1,16 @@
import jwt from 'jsonwebtoken'
import { Server as SocketIoServer } from 'socket.io'
import type { FastifyInstance } from 'fastify'
import fastify from 'fastify'
import jwt from "jsonwebtoken"
import { Server as SocketIoServer } from "socket.io"
import type { FastifyInstance } from "fastify"
import fastify from "fastify"
import type { AuthorizeOptions } from '../../index.js'
import { authorize } from '../../index.js'
import type { AuthorizeOptions } from "../../index.js"
import { authorize } from "../../index.js"
interface FastifyIo {
instance: SocketIoServer
}
declare module 'fastify' {
declare module "fastify" {
export interface FastifyInstance {
io: FastifyIo
}
@ -28,49 +28,49 @@ export interface Profile extends BasicProfile {
export const PORT = 9000
export const API_URL = `http://localhost:${PORT}`
export const basicProfile: BasicProfile = {
email: 'john@doe.com',
id: 123
email: "john@doe.com",
id: 123,
}
let application: FastifyInstance | null = null
export const fixtureStart = async (
options: AuthorizeOptions = { secret: 'super secret' }
options: AuthorizeOptions = { secret: "super secret" },
): Promise<void> => {
const profile: Profile = { ...basicProfile, checkField: true }
let keySecret = ''
if (typeof options.secret === 'string') {
let keySecret = ""
if (typeof options.secret === "string") {
keySecret = options.secret
} else {
keySecret = await options.secret({
header: { alg: 'HS256' },
payload: profile
header: { alg: "HS256" },
payload: profile,
})
}
application = fastify()
application.post('/login', async (_request, reply) => {
application.post("/login", async (_request, reply) => {
const token = jwt.sign(profile, keySecret, {
expiresIn: 60 * 60 * 5
expiresIn: 60 * 60 * 5,
})
reply.statusCode = 201
return { token }
})
application.post('/login-wrong', async (_request, reply) => {
application.post("/login-wrong", async (_request, reply) => {
profile.checkField = false
const token = jwt.sign(profile, keySecret, {
expiresIn: 60 * 60 * 5
expiresIn: 60 * 60 * 5,
})
reply.statusCode = 201
return { token }
})
const instance = new SocketIoServer(application.server)
instance.use(authorize(options))
application.decorate('io', { instance })
application.addHook('onClose', (fastify) => {
application.decorate("io", { instance })
application.addHook("onClose", (fastify) => {
fastify.io.instance.close()
})
await application.listen({
port: PORT
port: PORT,
})
}

42
src/authorize.ts
View File

@ -1,10 +1,10 @@
import type { Algorithm } from 'jsonwebtoken'
import jwt from 'jsonwebtoken'
import type { Socket } from 'socket.io'
import type { Algorithm } from "jsonwebtoken"
import jwt from "jsonwebtoken"
import type { Socket } from "socket.io"
import { UnauthorizedError } from './UnauthorizedError.js'
import { UnauthorizedError } from "./UnauthorizedError.js"
declare module 'socket.io' {
declare module "socket.io" {
interface Socket extends ExtendedSocket {}
}
@ -16,7 +16,7 @@ interface ExtendedSocket {
type SocketIOMiddleware = (
socket: Socket,
next: (error?: UnauthorizedError) => void
next: (error?: UnauthorizedError) => void,
) => void
interface CompleteDecodedToken {
@ -28,7 +28,7 @@ interface CompleteDecodedToken {
}
type SecretCallback = (
decodedToken: CompleteDecodedToken
decodedToken: CompleteDecodedToken,
) => Promise<string> | string
export interface AuthorizeOptions {
@ -38,7 +38,7 @@ export interface AuthorizeOptions {
}
export const authorize = (options: AuthorizeOptions): SocketIOMiddleware => {
const { secret, algorithms = ['HS256'], onAuthentication } = options
const { secret, algorithms = ["HS256"], onAuthentication } = options
return async (socket, next) => {
let encodedToken: string | null = null
const { token } = socket.handshake.auth
@ -46,27 +46,27 @@ export const authorize = (options: AuthorizeOptions): SocketIOMiddleware => {
token = socket.handshake.headers.authorization
}
if (token != null) {
const tokenSplitted = token.split(' ')
if (tokenSplitted.length !== 2 || tokenSplitted[0] !== 'Bearer') {
const tokenSplitted = token.split(" ")
if (tokenSplitted.length !== 2 || tokenSplitted[0] !== "Bearer") {
return next(
new UnauthorizedError('credentials_bad_format', {
message: 'Format is Authorization: Bearer [token]'
})
new UnauthorizedError("credentials_bad_format", {
message: "Format is Authorization: Bearer [token]",
}),
)
}
encodedToken = tokenSplitted[1]
}
if (encodedToken == null) {
return next(
new UnauthorizedError('credentials_required', {
message: 'no token provided'
})
new UnauthorizedError("credentials_required", {
message: "no token provided",
}),
)
}
socket.encodedToken = encodedToken
let keySecret: string | null = null
let decodedToken: any
if (typeof secret === 'string') {
let decodedToken: any = null
if (typeof secret === "string") {
keySecret = secret
} else {
const completeDecodedToken = jwt.decode(encodedToken, { complete: true })
@ -76,9 +76,9 @@ export const authorize = (options: AuthorizeOptions): SocketIOMiddleware => {
decodedToken = jwt.verify(encodedToken, keySecret, { algorithms })
} catch {
return next(
new UnauthorizedError('invalid_token', {
message: 'Unauthorized: Token is missing or invalid Bearer'
})
new UnauthorizedError("invalid_token", {
message: "Unauthorized: Token is missing or invalid Bearer",
}),
)
}
socket.decodedToken = decodedToken

4
src/index.ts
View File

@ -1,2 +1,2 @@
export * from './authorize.js'
export * from './UnauthorizedError.js'
export * from "./authorize.js"
export * from "./UnauthorizedError.js"

4
tsconfig.json
View File

@ -2,9 +2,9 @@
"extends": "@tsconfig/strictest/tsconfig.json",
"compilerOptions": {
"target": "ESNext",
"module": "ESNext",
"lib": ["ESNext"],
"moduleResolution": "node",
"module": "NodeNext",
"moduleResolution": "NodeNext",
"outDir": "./build",
"rootDir": "./src",
"emitDeclarationOnly": true,