From 0fa2cc2590dbd8707520ffd9f9deb43a0b470f26 Mon Sep 17 00:00:00 2001 From: Daedalus11069 Date: Fri, 25 Dec 2015 19:48:58 -0800 Subject: [PATCH 1/2] Make async call of .disconnect() optional --- lib/index.js | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/lib/index.js b/lib/index.js index 41d951b..160360c 100644 --- a/lib/index.js +++ b/lib/index.js @@ -34,7 +34,23 @@ function noQsMethod(options) { var error = new UnauthorizedError(code, { message: (Object.prototype.toString.call(err) === '[object Object]' && err.message) ? err.message : err }); + var callback_timeout; + // If callback explicitely set to false, start timeout to disconnect socket + if (options.callback === false || typeof options.callback === "number") { + if (typeof options.callback === "number") { + if (options.callback < 0) { + // If callback is negative(invalid value), make it positive + options.callback = Math.abs(options.callback); + } + } + callback_timeout = setTimeout(function () { + socket.disconnect('unauthorized'); + }, (options.callback === false ? 0 : options.callback)); + } socket.emit('unauthorized', error, function() { + if (typeof options.callback === "number") { + clearTimeout(callback_timeout); + } socket.disconnect('unauthorized'); }); return; // stop logic, socket will be close on next tick From 730a83ed6bc92acdfa8cc0134c7625c6e1b86760 Mon Sep 17 00:00:00 2001 From: Daedalus11069 Date: Fri, 25 Dec 2015 20:17:01 -0800 Subject: [PATCH 2/2] doc changes to allow optional async disconnect --- README.md | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/README.md b/README.md index be41081..32d47ba 100644 --- a/README.md +++ b/README.md @@ -102,6 +102,71 @@ socket.on("error", function(error) { } }); ``` + +## Handling invalid token + +Token sent by client is invalid. + +__Server side__: + +No further configuration needed. + +__Client side__: + +Add a callback client-side to execute socket disconnect server-side. + +```javascript +socket.on("unauthorized", function(error, callback) { + if (error.data.type == "UnauthorizedError" || error.data.code == "invalid_token") { + // redirect user to login page perhaps or execute callback: + callback(); + console.log("User's token has expired"); + } +}); +``` + +__Server side__: + +To disconnect socket server-side without client-side callback: + +```javascript +io.sockets.on('connection', socketioJwt.authorize({ + secret: 'secret goes here', + // No client-side callback, terminate connection server-side + callback: false +})) +``` + +__Client side__: + +Nothing needs to be changed client-side if callback is false. + +__Server side__: + +To disconnect socket server-side while giving client-side 15 seconds to execute callback: + +```javascript +io.sockets.on('connection', socketioJwt.authorize({ + secret: 'secret goes here', + // Delay server-side socket disconnect to wait for client-side callback + callback: 15000 +})) +``` + +Your client-side code should handle it as below. + +__Client side__: + +```javascript +socket.on("unauthorized", function(error, callback) { + if (error.data.type == "UnauthorizedError" || error.data.code == "invalid_token") { + // redirect user to login page perhaps or execute callback: + callback(); + console.log("User's token has expired"); + } +}); +``` + ## Getting the secret dynamically You can pass a function instead of an string when configuring secret. This function receives the request, the decoded token and a callback. This