From 170c23306f00cd2585fde801eb29c82fff4a836f Mon Sep 17 00:00:00 2001
From: gfetco <gfetco@gmail.com>
Date: Sun, 1 Nov 2015 20:44:25 +0100
Subject: [PATCH] Validation

on socket authenticate, should check that the data.token exists and if it is the desired type?
socket.emit( 'authenticate', {token: {} }); // will crash server if sent from client-side.
---
 lib/index.js | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/lib/index.js b/lib/index.js
index 37405fd..48da0bd 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -27,9 +27,8 @@ function noQsMethod(options) {
       if(options.required){
         clearTimeout(auth_timeout);
       }
-      jwt.verify(data.token, options.secret, options, function(err, decoded) {
-        // error handler
-        var onError = function(err, code) {
+      // error handler
+      var onError = function(err, code) {
           if (err) {
             code = code || 'unknown';
             var error = new UnauthorizedError(code, {
@@ -40,7 +39,13 @@ function noQsMethod(options) {
             });
             return; // stop logic, socket will be close on next tick
           }
-        };
+      };
+      
+      if(typeof data.token !== "string") {
+        return onError({message: 'invalid token datatype'}, 'invalid_token');
+      }
+      
+      jwt.verify(data.token, options.secret, options, function(err, decoded) {
 
         if (err) {
           return onError(err, 'invalid_token');