From abbabc588e3ea8b906fa0a0dcc83c91a3b5b5ea8 Mon Sep 17 00:00:00 2001 From: divlo Date: Wed, 30 Dec 2020 14:50:56 +0100 Subject: [PATCH] feat: add algorithms option --- src/authorize.ts | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/authorize.ts b/src/authorize.ts index 810f6d7..c445eb7 100644 --- a/src/authorize.ts +++ b/src/authorize.ts @@ -1,4 +1,4 @@ -import jwt from 'jsonwebtoken' +import jwt, { Algorithm } from 'jsonwebtoken' import { Socket } from 'socket.io' import { UnauthorizedError } from './UnauthorizedError' @@ -14,10 +14,11 @@ type SocketIOMiddleware = ( interface AuthorizeOptions { secret: string + algorithms?: Algorithm[] } export const authorize = (options: AuthorizeOptions): SocketIOMiddleware => { - const { secret } = options + const { secret, algorithms = ['HS256'] } = options return (socket, next) => { let token: string | null = null const authorizationHeader = socket.request.headers.authorization @@ -43,7 +44,7 @@ export const authorize = (options: AuthorizeOptions): SocketIOMiddleware => { socket = Object.assign(socket, { encodedToken: token }) let payload: any try { - payload = jwt.verify(token, secret) + payload = jwt.verify(token, secret, { algorithms }) } catch { return next( new UnauthorizedError('invalid_token', {