change the API

2024-07-21 09:38:31 +02:00 · 2014-01-14 08:30:39 -03:00 · 2014-01-14 08:30:39 -03:00 · b292ab75af
commit b292ab75af
parent b0f4354ecb
4 changed files with 47 additions and 43 deletions
--- a/README.md
+++ b/README.md
@ -8,6 +8,34 @@ npm install socketio-jwt

 ## Example usage

+```javascript
+// set authorization for socket.io
+io.sockets
+  .on('connection', socketioJwt.authorize({
+    secret: 'your secret or public key',
+    timeout: 15000 // 15 seconds to send the authentication message
+  }).on('authenticated', function(socket) {
+    //this socket is authenticated, we are good to handle more events from it.
+    console.log('hello! ' + socket.decoded_token.name);
+  }));
+```
+
+__Client side__:
+
+```javascript
+var socket = io.connect('http://localhost:9000');
+socket.on('connect', function (socket) {
+  socket
+    .on('authenticated', function () {
+      //do other things
+    })
+    .emit('authenticate', {token: jwt}); //send the jwt
+});
+```
+
+## One roundtrip
+
+The previous approach uses a second roundtrip to send the jwt, there is a way you can authenticate on the handshake by sending the JWT as a query string, the caveat is that intermediary HTTP servers can log the url.

 ```javascript
 var io            = require("socket.io")(server);
@ -15,7 +43,8 @@ var socketioJwt   = require("socketio-jwt");

 // set authorization for socket.io
 io.set('authorization', socketioJwt.authorize({
-  secret: 'your secret or public key'
+  secret: 'your secret or public key',
+  handshake: true
 }));

 io.on('connection', function (socket) {
@ -35,36 +64,6 @@ var socket = io.connect('http://localhost:9000', {
 });
 ```

-## Second method, without querystrings
-
-The previous approach send the token through querystring which could be logged by intermediary HTTP proxies. This second method doesn't but it requires an extra roundtrip. __Take care with this method to filter unauthenticated sockets when broadcasting.__
-
-```javascript
-// set authorization for socket.io
-io.sockets.on('connection', socketioJwt.authorize({
-  secret: 'your secret or public key',
-  timeout: 15000 // 15 seconds to send the authentication message
-}, function(socket) {
-  //this socket is authenticated, we are good to handle more events from it.
-  console.log('hello! ' + socket.decoded_token.name);
-}));
-```
-
-__Client side__:
-
-For now the only way to append the jwt token is using query string:
-
-```javascript
-var socket = io.connect('http://localhost:9000');
-socket.on('connect', function (socket) {
-  socket
-    .on('authenticated', function () {
-      //do other things
-    })
-    .emit('authenticate', {token: jwt}); //send the jwt
-});
-```
-
 ## Contribute

 You are always welcome to open an issue or provide a pull-request!
--- a/lib/index.js
+++ b/lib/index.js
@ -2,8 +2,10 @@ var xtend = require('xtend');
 var jwt = require('jsonwebtoken');
 var UnauthorizedError = require('./UnauthorizedError');

-function noQsMethod(options, onConnection) {
+function noQsMethod(options) {
  return function (socket) {
+    var server = this;
+
    var auth_timeout = setTimeout(function () {
      socket.disconnect('unauthorized');
    }, options.timeout || 5000);
@ -17,7 +19,7 @@ function noQsMethod(options, onConnection) {

        socket.user = decoded;
        socket.emit('authenticated');
-        onConnection(socket);
+        server.$emit('authenticated', socket);
      });
    });

@ -36,8 +38,8 @@ function authorize(options, onConnection) {

  var auth = xtend(defaults, options);

-  if (onConnection) {
-    return noQsMethod(options, onConnection);
+  if (!options.handshake) {
+    return noQsMethod(options);
  }

  return function(data, accept){
--- a/test/authorizer_noqs.test.js
+++ b/test/authorizer_noqs.test.js
@ -7,7 +7,7 @@ describe('authorizer without querystring', function () {
  //start and stop the server
  before(function (done) {
    fixture.start({
-      noQS: true
+      handshake: false
    } , done);
  });

--- a/test/fixture/index.js
+++ b/test/fixture/index.js
@ -19,7 +19,8 @@ exports.start = function (options, callback) {

  options = xtend({
    secret: 'aaafoo super sercret',
-    timeout: 1000
+    timeout: 1000,
+    handshake: true
  }, options);

  var app = express();
@ -48,22 +49,24 @@ exports.start = function (options, callback) {
  var sio = socketIo.listen(server);

  sio.configure(function(){
-    if (!options.noQS) {
+    if (options.handshake) {
      this.set('authorization', socketio_jwt.authorize(options));
    }
    this.set('log level', 0);
  });

-  if (!options.noQS) {
+  if (options.handshake) {
    sio.sockets.on('echo', function (m) {
      sio.sockets.emit('echo-response', m);
    });
  } else {
-    sio.sockets.on('connection', socketio_jwt.authorize(options, function (socket) {
-      socket.on('echo', function (m) {
-        socket.emit('echo-response', m);
+    sio.sockets
+      .on('connection', socketio_jwt.authorize(options))
+      .on('authenticated', function (socket) {
+        socket.on('echo', function (m) {
+          socket.emit('echo-response', m);
+        });
      });
-    }));
  }

  server.listen(9000, callback);