Add ability to generate secret dynamically
This allow you to pass a function instead of an string in order to generate secret based on the new connection features.
This commit is contained in:
Damian Fortuna
66
lib/index.js
66
lib/index.js
@ -40,19 +40,19 @@ function noQsMethod(options) {
|
||||
return; // stop logic, socket will be close on next tick
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
if(typeof data.token !== "string") {
|
||||
return onError({message: 'invalid token datatype'}, 'invalid_token');
|
||||
}
|
||||
|
||||
jwt.verify(data.token, options.secret, options, function(err, decoded) {
|
||||
|
||||
var onJwtVerificationReady = function(err, decoded) {
|
||||
|
||||
if (err) {
|
||||
return onError(err, 'invalid_token');
|
||||
}
|
||||
|
||||
// success handler
|
||||
var onSuccess = function(){
|
||||
var onSuccess = function() {
|
||||
socket.decoded_token = decoded;
|
||||
socket.emit('authenticated');
|
||||
if (server.$emit) {
|
||||
@ -73,9 +73,18 @@ function noQsMethod(options) {
|
||||
} else {
|
||||
onSuccess();
|
||||
}
|
||||
});
|
||||
});
|
||||
};
|
||||
|
||||
var onSecretReady = function(err, secret) {
|
||||
if (err || !secret) {
|
||||
return onError(err, 'invalid_secret');
|
||||
}
|
||||
|
||||
jwt.verify(data.token, secret, options, onJwtVerificationReady);
|
||||
};
|
||||
|
||||
getSecret(socket.request, options.secret, data.token, onSecretReady);
|
||||
});
|
||||
};
|
||||
}
|
||||
|
||||
@ -140,18 +149,57 @@ function authorize(options, onConnection) {
|
||||
return auth.fail(error, data, accept);
|
||||
}
|
||||
|
||||
jwt.verify(token, options.secret, options, function(err, decoded) {
|
||||
var onJwtVerificationReady = function(err, decoded) {
|
||||
|
||||
if (err) {
|
||||
error = new UnauthorizedError('invalid_token', err);
|
||||
error = new UnauthorizedError(err.code || 'invalid_token', err);
|
||||
return auth.fail(error, data, accept);
|
||||
}
|
||||
|
||||
data.decoded_token = decoded;
|
||||
|
||||
return auth.success(data, accept);
|
||||
});
|
||||
};
|
||||
|
||||
var onSecretReady = function(err, secret) {
|
||||
if (err) {
|
||||
error = new UnauthorizedError(err.code || 'invalid_secret', err);
|
||||
return auth.fail(error, data, accept);
|
||||
}
|
||||
|
||||
jwt.verify(token, secret, options, onJwtVerificationReady);
|
||||
};
|
||||
|
||||
getSecret(req, options.secret, token, onSecretReady);
|
||||
};
|
||||
}
|
||||
|
||||
function getSecret(request, secret, token, callback) {
|
||||
if (typeof secret === 'function') {
|
||||
if (!token) {
|
||||
return callback({ code: 'invalid_token', message: 'jwt must be provided' });
|
||||
}
|
||||
|
||||
var parts = token.split('.');
|
||||
|
||||
if (parts.length < 3) {
|
||||
return callback({ code: 'invalid_token', message: 'jwt malformed' });
|
||||
}
|
||||
|
||||
if (parts[2].trim() === '') {
|
||||
return callback({ code: 'invalid_token', message: 'jwt signature is required' });
|
||||
}
|
||||
|
||||
var decodedToken = jwt.decode(token);
|
||||
|
||||
if (!decodedToken) {
|
||||
return callback({ code: 'invalid_token', message: 'jwt malformed' });
|
||||
}
|
||||
|
||||
secret(request, decodedToken, callback);
|
||||
} else {
|
||||
callback(null, secret);
|
||||
}
|
||||
};
|
||||
|
||||
exports.authorize = authorize;
|
||||
|
||||
Reference in New Issue
Block a user