add noqs method

This commit is contained in:
José F. Romaniello 2014-01-13 18:41:10 -03:00
parent 14a34ae380
commit b0f4354ecb
5 changed files with 148 additions and 10 deletions

View File

@ -17,13 +17,17 @@ var socketioJwt = require("socketio-jwt");
io.set('authorization', socketioJwt.authorize({ io.set('authorization', socketioJwt.authorize({
secret: 'your secret or public key' secret: 'your secret or public key'
})); }));
io.on('connection', function (socket) {
console.log('hello! ', socket.handshake.decoded_token.name);
})
``` ```
For more validation options see [auth0/jsonwebtoken](https://github.com/auth0/node-jsonwebtoken). For more validation options see [auth0/jsonwebtoken](https://github.com/auth0/node-jsonwebtoken).
__Client side__: __Client side__:
For now the only way to append the jwt token is using query string: Append the jwt token using query string:
```javascript ```javascript
var socket = io.connect('http://localhost:9000', { var socket = io.connect('http://localhost:9000', {
@ -31,7 +35,35 @@ var socket = io.connect('http://localhost:9000', {
}); });
``` ```
Take care as URLs has a lenght limitation on Internet Explorer. I opened a [issue in engine-io-client](https://github.com/LearnBoost/engine.io-client/issues/228) to support headers. ## Second method, without querystrings
The previous approach send the token through querystring which could be logged by intermediary HTTP proxies. This second method doesn't but it requires an extra roundtrip. __Take care with this method to filter unauthenticated sockets when broadcasting.__
```javascript
// set authorization for socket.io
io.sockets.on('connection', socketioJwt.authorize({
secret: 'your secret or public key',
timeout: 15000 // 15 seconds to send the authentication message
}, function(socket) {
//this socket is authenticated, we are good to handle more events from it.
console.log('hello! ' + socket.decoded_token.name);
}));
```
__Client side__:
For now the only way to append the jwt token is using query string:
```javascript
var socket = io.connect('http://localhost:9000');
socket.on('connect', function (socket) {
socket
.on('authenticated', function () {
//do other things
})
.emit('authenticate', {token: jwt}); //send the jwt
});
```
## Contribute ## Contribute

View File

@ -1,9 +1,30 @@
var xtend = require('xtend'); var xtend = require('xtend');
var jwt = require('jsonwebtoken'); var jwt = require('jsonwebtoken');
var UnauthorizedError = require('./UnauthorizedError'); var UnauthorizedError = require('./UnauthorizedError');
var url = require('url');
function authorize(options) { function noQsMethod(options, onConnection) {
return function (socket) {
var auth_timeout = setTimeout(function () {
socket.disconnect('unauthorized');
}, options.timeout || 5000);
socket.on('authenticate', function (data) {
clearTimeout(auth_timeout);
jwt.verify(data.token, options.secret, options, function(err, decoded) {
if (err) {
return socket.disconnect('unauthorized');
}
socket.user = decoded;
socket.emit('authenticated');
onConnection(socket);
});
});
};
}
function authorize(options, onConnection) {
var defaults = { var defaults = {
success: function(data, accept){ success: function(data, accept){
accept(null, true); accept(null, true);
@ -15,6 +36,10 @@ function authorize(options) {
var auth = xtend(defaults, options); var auth = xtend(defaults, options);
if (onConnection) {
return noQsMethod(options, onConnection);
}
return function(data, accept){ return function(data, accept){
var token, error; var token, error;

View File

@ -0,0 +1,67 @@
var fixture = require('./fixture');
var request = require('request');
var io = require('socket.io-client');
describe('authorizer without querystring', function () {
//start and stop the server
before(function (done) {
fixture.start({
noQS: true
} , done);
});
after(fixture.stop);
describe('when the user is not logged in', function () {
it('should close the connection after a timeout if no auth message is received', function (done){
var socket = io.connect('http://localhost:9000');
socket.on('disconnect', function () {
done();
});
});
it('should not respond echo', function (done){
var socket = io.connect('http://localhost:9000', {
'force new connection':true,
});
socket.on('echo-response', function () {
done(new Error('this should not happen'));
}).emit('echo', { hi: 123 });
setTimeout(done, 1200);
});
});
describe('when the user is logged in', function() {
beforeEach(function (done) {
request.post({
url: 'http://localhost:9000/login',
form: { username: 'jose', password: 'Pa123' },
json: true
}, function (err, resp, body) {
this.token = body.token;
done();
}.bind(this));
});
it('should do the handshake and connect', function (done){
var socket = io.connect('http://localhost:9000', {
'force new connection':true,
});
var token = this.token;
socket.on('connect', function(){
console.log('connected');
socket.on('echo-response', done)
.on('authenticated', function () {
socket.emit('echo');
}).emit('authenticate', { token: token });
});
});
});
});

View File

@ -17,7 +17,10 @@ exports.start = function (options, callback) {
options = {}; options = {};
} }
options = xtend({ secret: 'aaafoo super sercret'}, options); options = xtend({
secret: 'aaafoo super sercret',
timeout: 1000
}, options);
var app = express(); var app = express();
@ -45,13 +48,23 @@ exports.start = function (options, callback) {
var sio = socketIo.listen(server); var sio = socketIo.listen(server);
sio.configure(function(){ sio.configure(function(){
this.set('authorization', socketio_jwt.authorize(options)); if (!options.noQS) {
this.set('authorization', socketio_jwt.authorize(options));
}
this.set('log level', 0); this.set('log level', 0);
}); });
sio.sockets.on('echo', function (m) { if (!options.noQS) {
sio.sockets.emit('echo-response', m); sio.sockets.on('echo', function (m) {
}); sio.sockets.emit('echo-response', m);
});
} else {
sio.sockets.on('connection', socketio_jwt.authorize(options, function (socket) {
socket.on('echo', function (m) {
socket.emit('echo-response', m);
});
}));
}
server.listen(9000, callback); server.listen(9000, callback);
}; };

View File

@ -1,2 +1,3 @@
--require should --require should
--reporter spec --reporter spec
--timeout 15000