From a14d4e937b764fdf4fb6b173c55b6f49688766dd Mon Sep 17 00:00:00 2001
From: divlo <contact@divlo.fr>
Date: Mon, 22 Feb 2021 13:00:53 +0100
Subject: [PATCH] feat: usage of auth option to send credentials

BREAKING CHANGE: extraHeaders with Authorization doesn't work anymore

See: https://socket.io/docs/v3/middlewares/#Sending-credentials
---
 README.md                      | 4 ++--
 src/__test__/authorize.test.ts | 8 ++++----
 src/authorize.ts               | 6 +++---
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 733846f..7fd6531 100644
--- a/README.md
+++ b/README.md
@@ -97,9 +97,9 @@ io.on('connection', async (socket) => {
 ```ts
 import { io } from 'socket.io-client'
 
-// Require Bearer Tokens to be passed in as an Authorization Header
+// Require Bearer Token
 const socket = io('http://localhost:9000', {
-  extraHeaders: { Authorization: `Bearer ${yourJWT}` }
+  auth: { token: `Bearer ${yourJWT}` }
 })
 
 // Handling token expiration
diff --git a/src/__test__/authorize.test.ts b/src/__test__/authorize.test.ts
index dca1621..dd059f1 100644
--- a/src/__test__/authorize.test.ts
+++ b/src/__test__/authorize.test.ts
@@ -31,7 +31,7 @@ describe('authorize - with secret as string in options', () => {
 
   it('should emit error with bad token format', (done) => {
     const socket = io('http://localhost:9000', {
-      extraHeaders: { Authorization: 'testing' }
+      auth: { token: 'testing' }
     })
     socket.on('connect_error', (err: any) => {
       expect(err.data.message).toEqual(
@@ -45,7 +45,7 @@ describe('authorize - with secret as string in options', () => {
 
   it('should emit error with unauthorized handshake', (done) => {
     const socket = io('http://localhost:9000', {
-      extraHeaders: { Authorization: 'Bearer testing' }
+      auth: { token: 'Bearer testing' }
     })
     socket.on('connect_error', (err: any) => {
       expect(err.data.message).toEqual(
@@ -59,7 +59,7 @@ describe('authorize - with secret as string in options', () => {
 
   it('should connect the user', (done) => {
     const socket = io('http://localhost:9000', {
-      extraHeaders: { Authorization: `Bearer ${token}` }
+      auth: { token: `Bearer ${token}` }
     })
     socket.on('connect', () => {
       socket.close()
@@ -93,7 +93,7 @@ describe('authorize - with secret as callback in options', () => {
 
   it('should connect the user', (done) => {
     const socket = io('http://localhost:9000', {
-      extraHeaders: { Authorization: `Bearer ${token}` }
+      auth: { token: `Bearer ${token}` }
     })
     socket.on('connect', () => {
       socket.close()
diff --git a/src/authorize.ts b/src/authorize.ts
index 0576ace..410a9b8 100644
--- a/src/authorize.ts
+++ b/src/authorize.ts
@@ -40,9 +40,9 @@ export const authorize = (options: AuthorizeOptions): SocketIOMiddleware => {
   const { secret, algorithms = ['HS256'] } = options
   return async (socket, next) => {
     let encodedToken: string | null = null
-    const authorizationHeader = socket.request.headers.authorization
-    if (authorizationHeader != null) {
-      const tokenSplitted = authorizationHeader.split(' ')
+    const { token } = socket.handshake.auth
+    if (token != null) {
+      const tokenSplitted = token.split(' ')
       if (tokenSplitted.length !== 2 || tokenSplitted[0] !== 'Bearer') {
         return next(
           new UnauthorizedError('credentials_bad_format', {