diff --git a/README.md b/README.md index a245849..1868cbc 100644 --- a/README.md +++ b/README.md @@ -41,11 +41,19 @@ The previous approach uses a second roundtrip to send the jwt, there is a way yo var io = require("socket.io")(server); var socketioJwt = require("socketio-jwt"); -// set authorization for socket.io +//// With socket.io < 1.0 //// io.set('authorization', socketioJwt.authorize({ secret: 'your secret or public key', handshake: true })); +////////////////////////////// + +//// With socket.io >= 1.0 //// +io.use(socketioJwt.authorize({ + secret: 'your secret or public key', + handshake: true +})); +/////////////////////////////// io.on('connection', function (socket) { console.log('hello! ', socket.handshake.decoded_token.name); diff --git a/lib/index.js b/lib/index.js index 2a7c425..e2a23c3 100644 --- a/lib/index.js +++ b/lib/index.js @@ -29,10 +29,18 @@ function noQsMethod(options) { function authorize(options, onConnection) { var defaults = { success: function(data, accept){ - accept(null, true); + if (data.request) { + accept(); + } else { + accept(null, true); + } }, fail: function(error, data, accept){ - accept(null, false); + if (data.request) { + accept(); + } else { + accept(null, false); + } } }; @@ -45,8 +53,10 @@ function authorize(options, onConnection) { return function(data, accept){ var token, error; - if (data.headers && data.headers.authorization) { - var parts = data.headers.authorization.split(' '); + var authorization_header = ((data.request || data).headers || {}).authorization; + + if (authorization_header) { + var parts = authorization_header.split(' '); if (parts.length == 2) { var scheme = parts[0], credentials = parts[1]; @@ -62,9 +72,8 @@ function authorize(options, onConnection) { } } - if (data.query.token) { - token = data.query.token; - } + //get the token from query string + token = (data.request || data).query.token; if (!token) { error = new UnauthorizedError('credentials_required', {