Thream/socketio-jwt
Archived
2
1
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: Thream:v3.0.1
Branches Tags
Thream:develop Thream:master
Thream:v3.1.3 Thream:v3.1.2 Thream:v3.1.1 Thream:v3.1.0 Thream:v3.0.4 Thream:v3.0.3 Thream:v3.0.2 Thream:v3.0.1 Thream:v3.0.0 Thream:v2.2.1 Thream:v2.2.0 Thream:v2.1.1 Thream:v2.1.0 Thream:v2.0.0 Thream:v1.1.1 Thream:v1.1.0 Thream:v1.0.1 Thream:v1.0.0
...
compare: Thream:v3.1.2
Branches Tags
Thream:develop Thream:master
Thream:v3.1.3 Thream:v3.1.2 Thream:v3.1.1 Thream:v3.1.0 Thream:v3.0.4 Thream:v3.0.3 Thream:v3.0.2 Thream:v3.0.1 Thream:v3.0.0 Thream:v2.2.1 Thream:v2.2.0 Thream:v2.1.1 Thream:v2.1.0 Thream:v2.0.0 Thream:v1.1.1 Thream:v1.1.0 Thream:v1.0.1 Thream:v1.0.0

13 Commits
v3.0.1 ... v3.1.2

Author SHA1 Message Date
Théo LUDWIG
6a28554b00 fix: update jsonwebtoken from v9.0.0 to v9.0.1 2023-07-22 12:20:18 +02:00
Théo LUDWIG
50c236ca4d refactor: usage of node:test instead of tap 2023-07-22 12:18:28 +02:00
Théo LUDWIG
b708d66586 chore: sync package-lock.json 2023-07-02 18:14:09 +02:00
Théo LUDWIG
d1145e5f63 perf: ignore test files in published package (reduce package size) 2023-07-02 18:12:07 +02:00
Théo LUDWIG
487965b9aa chore: clean up 2023-07-02 18:10:38 +02:00
Théo LUDWIG
108ae8f6fc fix: update author - Théo LUDWIG 2023-07-02 18:08:35 +02:00
Théo LUDWIG
7d0df02299 build(deps): update latest 2023-07-02 18:05:47 +02:00
Divlo
26bbc075cf feat: add npm package provenance 
Ref: https://github.blog/2023-04-19-introducing-npm-package-provenance/
 2023-05-13 19:34:01 +02:00
Divlo
41d9424940 build(deps): update latest 2023-05-13 19:25:45 +02:00
Divlo
41a0f1839f fix: safer (and correct) isUnauthorizedError 2023-04-02 23:32:28 +02:00
Divlo
71e0d82655 fix: safer isUnauthorizedError type guard 2023-04-02 23:04:41 +02:00
Divlo
03e8d51f9a fix: bump jsonwebtoken to v9.0.0 
fixes #342

It introduces several security fixes to follow best practices.
 2023-01-10 20:57:23 +01:00
Divlo
bf234bd7b8 docs: client side usage, specify build in import 2022-09-09 12:10:12 +02:00
22 changed files with 6048 additions and 16455 deletions
Expand all files Collapse all files

1
.eslintrc.json
View File

@ -1,6 +1,7 @@
{ {
"extends": ["conventions", "prettier"], "extends": ["conventions", "prettier"],
"plugins": ["prettier", "import", "unicorn"], "plugins": ["prettier", "import", "unicorn"],
"parser": "@typescript-eslint/parser",
"parserOptions": { "parserOptions": {
"project": "./tsconfig.json" "project": "./tsconfig.json"
}, },

2
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -1,6 +1,6 @@
<!-- Please first discuss the change you wish to make via issue before making a change. It might avoid a waste of your time. --> <!-- Please first discuss the change you wish to make via issue before making a change. It might avoid a waste of your time. -->
## What changes this PR introduce? # What changes this PR introduce?
## List any relevant issue numbers ## List any relevant issue numbers

14
.github/workflows/build.yml vendored
View File

@ -10,16 +10,18 @@ jobs:
build: build:
runs-on: 'ubuntu-latest' runs-on: 'ubuntu-latest'
steps: steps:
- uses: 'actions/checkout@v3.0.0' - uses: 'actions/checkout@v3.5.3'
- name: 'Use Node.js' - name: 'Setup Node.js'
uses: 'actions/setup-node@v3.1.0' uses: 'actions/setup-node@v3.6.0'
with: with:
node-version: 'lts/*' node-version: '20.x'
cache: 'npm' cache: 'npm'
- name: 'Install' - name: 'Install dependencies'
run: 'npm install' run: 'npm clean-install'
- name: 'Build' - name: 'Build'
run: 'npm run build' run: 'npm run build'
- run: 'npm run build:typescript'

14
.github/workflows/lint.yml vendored
View File

@ -10,19 +10,19 @@ jobs:
lint: lint:
runs-on: 'ubuntu-latest' runs-on: 'ubuntu-latest'
steps: steps:
- uses: 'actions/checkout@v3.0.0' - uses: 'actions/checkout@v3.5.3'
- name: 'Use Node.js' - name: 'Setup Node.js'
uses: 'actions/setup-node@v3.1.0' uses: 'actions/setup-node@v3.6.0'
with: with:
node-version: 'lts/*' node-version: '20.x'
cache: 'npm' cache: 'npm'
- name: 'Install' - name: 'Install dependencies'
run: 'npm install' run: 'npm clean-install'
- run: 'npm run lint:commit -- --to "${{ github.sha }}"' - run: 'npm run lint:commit -- --to "${{ github.sha }}"'
- run: 'npm run lint:editorconfig' - run: 'npm run lint:editorconfig'
- run: 'npm run lint:markdown' - run: 'npm run lint:markdown'
- run: 'npm run lint:typescript' - run: 'npm run lint:eslint'
- run: 'npm run lint:prettier' - run: 'npm run lint:prettier'

22
.github/workflows/release.yml vendored
View File

@ -7,21 +7,31 @@ on:
jobs: jobs:
release: release:
runs-on: 'ubuntu-latest' runs-on: 'ubuntu-latest'
permissions:
contents: 'write'
issues: 'write'
pull-requests: 'write'
id-token: 'write'
steps: steps:
- uses: 'actions/checkout@v3.0.0' - uses: 'actions/checkout@v3.5.3'
- name: 'Use Node.js' - name: 'Setup Node.js'
uses: 'actions/setup-node@v3.1.0' uses: 'actions/setup-node@v3.6.0'
with: with:
node-version: 'lts/*' node-version: '20.x'
cache: 'npm' cache: 'npm'
- name: 'Install' - name: 'Install dependencies'
run: 'npm install' run: 'npm clean-install'
- name: 'Build Package' - name: 'Build Package'
run: 'npm run build' run: 'npm run build'
- run: 'npm run build:typescript'
- name: 'Verify the integrity of provenance attestations and registry signatures for installed dependencies'
run: 'npm audit signatures'
- name: 'Release' - name: 'Release'
run: 'npm run release' run: 'npm run release'
env: env:

12
.github/workflows/test.yml vendored
View File

@ -10,16 +10,16 @@ jobs:
test: test:
runs-on: 'ubuntu-latest' runs-on: 'ubuntu-latest'
steps: steps:
- uses: 'actions/checkout@v3.0.0' - uses: 'actions/checkout@v3.5.3'
- name: 'Use Node.js' - name: 'Setup Node.js'
uses: 'actions/setup-node@v3.1.0' uses: 'actions/setup-node@v3.6.0'
with: with:
node-version: 'lts/*' node-version: '20.x'
cache: 'npm' cache: 'npm'
- name: 'Install' - name: 'Install dependencies'
run: 'npm install' run: 'npm clean-install'
- name: 'Build' - name: 'Build'
run: 'npm run build' run: 'npm run build'

1
.husky/pre-commit
View File

@ -3,3 +3,4 @@
npm run lint:staged npm run lint:staged
npm run build npm run build
npm run build:typescript

9
.markdownlint-cli2.jsonc
View File

@ -1,10 +1,11 @@
{ {
"config": { "config": {
"extends": "markdownlint/style/prettier",
"relative-links": true,
"default": true, "default": true,
"MD013": false, "MD033": false
"MD033": false,
"MD041": false
}, },
"globs": ["**/*.{md,mdx}"], "globs": ["**/*.{md,mdx}"],
"ignores": ["**/node_modules"] "ignores": ["**/node_modules"],
"customRules": ["markdownlint-rule-relative-links"]
} }

1
.npmrc
View File

@ -1 +1,2 @@
save-exact=true save-exact=true
provenance=true

5
.nycrc.json
View File

@ -1,5 +0,0 @@
{
"reporter": ["text", "cobertura"],
"src": "./build",
"all": true
}

1
.swcrc
View File

@ -1,4 +1,5 @@
{ {
"sourceMaps": true,
"jsc": { "jsc": {
"parser": { "parser": {
"syntax": "typescript", "syntax": "typescript",

9
.taprc
View File

@ -1,9 +0,0 @@
ts: false
jsx: false
flow: false
check-coverage: false
coverage: false
timeout: 10000
files:
- 'build/**/*.test.js'

2
CODE_OF_CONDUCT.md
View File

@ -60,7 +60,7 @@ representative at an online or offline event.
Instances of abusive, harassing, or otherwise unacceptable behavior may be Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported to the community leaders responsible for enforcement at reported to the community leaders responsible for enforcement at
contact@divlo.fr. <contact@theoludwig.fr>.
All complaints will be reviewed and investigated promptly and fairly. All complaints will be reviewed and investigated promptly and fairly.
All community leaders are obligated to respect the privacy and security of the All community leaders are obligated to respect the privacy and security of the

24
CONTRIBUTING.md
View File

@ -29,26 +29,4 @@ If you're adding new features to **Thream/socketio-jwt**, please include tests.
## Commits ## Commits
The commit message guidelines respect [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/master/%40commitlint/config-conventional) and [Semantic Versioning](https://semver.org/) for releases. The commit message guidelines adheres to [Conventional Commits](https://www.conventionalcommits.org/) and [Semantic Versioning](https://semver.org/) for releases.
### Types
Types define which kind of changes you made to the project.
| Types | Description |
| -------- | ------------------------------------------------------------------------------------------------------------ |
| feat | A new feature. |
| fix | A bug fix. |
| docs | Documentation only changes. |
| style | Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc). |
| refactor | A code change that neither fixes a bug nor adds a feature. |
| perf | A code change that improves performance. |
| test | Adding missing tests or correcting existing tests. |
| build | Changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm). |
| ci | Changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs). |
| chore | Other changes that don't modify src or test files. |
| revert | Reverts a previous commit. |
### Scopes
Scopes define what part of the code changed.

2
LICENSE
View File

@ -1,6 +1,6 @@
MIT License MIT License
Copyright (c) Auth0, Inc. <support@auth0.com> (http://auth0.com) and Thream contributors Copyright (c) Auth0, Inc. <support@auth0.com> (<https://auth0.com/>) and Thream contributors
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal

2
README.md
View File

@ -132,7 +132,7 @@ io.on('connection', async (socket) => {
```ts ```ts
import { io } from 'socket.io-client' import { io } from 'socket.io-client'
import { isUnauthorizedError } from '@thream/socketio-jwt/UnauthorizedError.js' import { isUnauthorizedError } from '@thream/socketio-jwt/build/UnauthorizedError.js'
// Require Bearer Token // Require Bearer Token
const socket = io('http://localhost:9000', { const socket = io('http://localhost:9000', {

22085
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

84
package.json
View File

@ -8,20 +8,25 @@
"main": "build/index.js", "main": "build/index.js",
"types": "build/index.d.ts", "types": "build/index.d.ts",
"files": [ "files": [
"build" "build",
"!**/*.test.js",
"!**/*.test.d.ts",
"!**/*.map"
], ],
"engines": { "engines": {
"node": ">=16.0.0" "node": ">=16.0.0",
"npm": ">=9.0.0"
}, },
"publishConfig": { "publishConfig": {
"access": "public" "access": "public",
"provenance": true
}, },
"keywords": [ "keywords": [
"socket", "socket",
"socket.io", "socket.io",
"jwt" "jwt"
], ],
"author": "Divlo <contact@divlo.fr>", "author": "Théo LUDWIG <contact@theoludwig.fr>",
"repository": { "repository": {
"type": "git", "type": "git",
"url": "https://github.com/Thream/socketio-jwt" "url": "https://github.com/Thream/socketio-jwt"
@ -31,15 +36,16 @@
}, },
"homepage": "https://github.com/Thream/socketio-jwt#readme", "homepage": "https://github.com/Thream/socketio-jwt#readme",
"scripts": { "scripts": {
"build": "rimraf ./build && swc ./src --out-dir ./build && tsc", "build": "rimraf ./build && swc ./src --out-dir ./build",
"build:dev": "swc ./src --out-dir ./build --watch", "build:dev": "swc ./src --out-dir ./build --watch",
"build:typescript": "tsc",
"lint:commit": "commitlint", "lint:commit": "commitlint",
"lint:editorconfig": "editorconfig-checker", "lint:editorconfig": "editorconfig-checker",
"lint:markdown": "markdownlint-cli2", "lint:markdown": "markdownlint-cli2",
"lint:typescript": "eslint \"**/*.{js,jsx,ts,tsx}\" --ignore-path \".gitignore\"", "lint:eslint": "eslint . --max-warnings 0 --report-unused-disable-directives --ignore-path .gitignore",
"lint:prettier": "prettier \".\" --check --ignore-path \".gitignore\"", "lint:prettier": "prettier . --check",
"lint:staged": "lint-staged", "lint:staged": "lint-staged",
"test": "c8 tap", "test": "cross-env NODE_ENV=test node --enable-source-maps --test build/",
"release": "semantic-release", "release": "semantic-release",
"postinstall": "husky install", "postinstall": "husky install",
"prepublishOnly": "pinst --disable", "prepublishOnly": "pinst --disable",
@ -49,39 +55,39 @@
"socket.io": ">=3.0.0" "socket.io": ">=3.0.0"
}, },
"dependencies": { "dependencies": {
"jsonwebtoken": "8.5.1" "jsonwebtoken": "9.0.1"
}, },
"devDependencies": { "devDependencies": {
"@commitlint/cli": "17.1.2", "@commitlint/cli": "17.6.7",
"@commitlint/config-conventional": "17.1.0", "@commitlint/config-conventional": "17.6.7",
"@swc/cli": "0.1.57", "@swc/cli": "0.1.62",
"@swc/core": "1.2.249", "@swc/core": "1.3.70",
"@types/jsonwebtoken": "8.5.9", "@tsconfig/strictest": "2.0.1",
"@types/node": "18.7.16", "@types/jsonwebtoken": "9.0.2",
"@types/tap": "15.0.7", "@types/node": "20.4.3",
"@typescript-eslint/eslint-plugin": "5.36.2", "@typescript-eslint/eslint-plugin": "6.1.0",
"@typescript-eslint/parser": "5.36.2", "@typescript-eslint/parser": "6.1.0",
"axios": "0.27.2", "axios": "1.4.0",
"c8": "7.12.0", "cross-env": "7.0.3",
"editorconfig-checker": "4.0.2", "editorconfig-checker": "5.1.1",
"eslint": "8.23.0", "eslint": "8.45.0",
"eslint-config-conventions": "4.0.0", "eslint-config-conventions": "11.0.1",
"eslint-config-prettier": "8.5.0", "eslint-config-prettier": "8.8.0",
"eslint-plugin-import": "2.26.0", "eslint-plugin-import": "2.27.5",
"eslint-plugin-prettier": "4.2.1", "eslint-plugin-prettier": "5.0.0",
"eslint-plugin-promise": "6.0.1", "eslint-plugin-promise": "6.1.1",
"eslint-plugin-unicorn": "43.0.2", "eslint-plugin-unicorn": "48.0.0",
"fastify": "4.5.3", "fastify": "4.20.0",
"husky": "8.0.1", "husky": "8.0.3",
"lint-staged": "13.0.3", "lint-staged": "13.2.3",
"markdownlint-cli2": "0.5.1", "markdownlint-cli2": "0.8.1",
"markdownlint-rule-relative-links": "2.1.0",
"pinst": "3.0.0", "pinst": "3.0.0",
"prettier": "2.7.1", "prettier": "3.0.0",
"rimraf": "3.0.2", "rimraf": "5.0.1",
"semantic-release": "19.0.5", "semantic-release": "21.0.7",
"socket.io": "4.5.2", "socket.io": "4.7.1",
"socket.io-client": "4.5.2", "socket.io-client": "4.7.1",
"tap": "16.3.0", "typescript": "5.1.6"
"typescript": "4.8.3"
} }
} }

14
src/UnauthorizedError.ts
View File

@ -15,6 +15,16 @@ export class UnauthorizedError extends Error {
} }
} }
export const isUnauthorizedError = (error: any): error is UnauthorizedError => { export const isUnauthorizedError = (
return error.data.type === 'UnauthorizedError' error: unknown
): error is UnauthorizedError => {
return (
typeof error === 'object' &&
error != null &&
'data' in error &&
typeof error.data === 'object' &&
error.data != null &&
'type' in error.data &&
error.data.type === 'UnauthorizedError'
)
} }

191
src/__test__/authorize.test.ts
View File

@ -1,4 +1,6 @@
import tap from 'tap' import test from 'node:test'
import assert from 'node:assert/strict'
import axios from 'axios' import axios from 'axios'
import type { Socket } from 'socket.io-client' import type { Socket } from 'socket.io-client'
import { io } from 'socket.io-client' import { io } from 'socket.io-client'
@ -24,7 +26,7 @@ const secretCallback = async (): Promise<string> => {
return 'somesecret' return 'somesecret'
} }
await tap.test('authorize', async (t) => { await test('authorize', async (t) => {
await t.test('with secret as string in options', async (t) => { await t.test('with secret as string in options', async (t) => {
let token = '' let token = ''
let socket: Socket | null = null let socket: Socket | null = null
@ -40,71 +42,76 @@ await tap.test('authorize', async (t) => {
await fixtureStop() await fixtureStop()
}) })
await t.test('should emit error with no token provided', (t) => { await t.test('should emit error with no token provided', () => {
t.plan(4)
socket = io(API_URL) socket = io(API_URL)
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true) assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) { if (isUnauthorizedError(error)) {
t.equal(error.data.message, 'no token provided') assert.strictEqual(error.data.message, 'no token provided')
t.equal(error.data.code, 'credentials_required') assert.strictEqual(error.data.code, 'credentials_required')
assert.ok(true)
} else {
assert.fail('should be unauthorized error')
} }
t.pass()
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
await t.test('should emit error with bad token format', (t) => { await t.test('should emit error with bad token format', () => {
t.plan(4)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: 'testing' } auth: { token: 'testing' }
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true) assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) { if (isUnauthorizedError(error)) {
t.equal(error.data.message, 'Format is Authorization: Bearer [token]') assert.strictEqual(
t.equal(error.data.code, 'credentials_bad_format') error.data.message,
'Format is Authorization: Bearer [token]'
)
assert.strictEqual(error.data.code, 'credentials_bad_format')
assert.ok(true)
} else {
assert.fail('should be unauthorized error')
} }
t.pass()
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
await t.test('should emit error with unauthorized handshake', (t) => { await t.test('should emit error with unauthorized handshake', () => {
t.plan(4)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: 'Bearer testing' } auth: { token: 'Bearer testing' }
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true) assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) { if (isUnauthorizedError(error)) {
t.equal( assert.strictEqual(
error.data.message, error.data.message,
'Unauthorized: Token is missing or invalid Bearer' 'Unauthorized: Token is missing or invalid Bearer'
) )
t.equal(error.data.code, 'invalid_token') assert.strictEqual(error.data.code, 'invalid_token')
assert.ok(true)
} else {
assert.fail('should be unauthorized error')
} }
t.pass()
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
await t.test('should connect the user', (t) => { await t.test('should connect the user', () => {
t.plan(1)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: `Bearer ${token}` } auth: { token: `Bearer ${token}` }
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.pass() assert.ok(true)
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.fail(error.message) assert.fail(error.message)
}) })
}) })
}) })
@ -124,71 +131,76 @@ await tap.test('authorize', async (t) => {
await fixtureStop() await fixtureStop()
}) })
await t.test('should emit error with no token provided', (t) => { await t.test('should emit error with no token provided', () => {
t.plan(4)
socket = io(API_URL) socket = io(API_URL)
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true) assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) { if (isUnauthorizedError(error)) {
t.equal(error.data.message, 'no token provided') assert.strictEqual(error.data.message, 'no token provided')
t.equal(error.data.code, 'credentials_required') assert.strictEqual(error.data.code, 'credentials_required')
assert.ok(true)
} else {
assert.fail('should be unauthorized error')
} }
t.pass()
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
await t.test('should emit error with bad token format', (t) => { await t.test('should emit error with bad token format', () => {
t.plan(4)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: 'testing' } auth: { token: 'testing' }
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true) assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) { if (isUnauthorizedError(error)) {
t.equal(error.data.message, 'Format is Authorization: Bearer [token]') assert.strictEqual(
t.equal(error.data.code, 'credentials_bad_format') error.data.message,
'Format is Authorization: Bearer [token]'
)
assert.strictEqual(error.data.code, 'credentials_bad_format')
assert.ok(true)
} else {
assert.fail('should be unauthorized error')
} }
t.pass()
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
await t.test('should emit error with unauthorized handshake', (t) => { await t.test('should emit error with unauthorized handshake', () => {
t.plan(4)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: 'Bearer testing' } auth: { token: 'Bearer testing' }
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true) assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) { if (isUnauthorizedError(error)) {
t.equal( assert.strictEqual(
error.data.message, error.data.message,
'Unauthorized: Token is missing or invalid Bearer' 'Unauthorized: Token is missing or invalid Bearer'
) )
t.equal(error.data.code, 'invalid_token') assert.strictEqual(error.data.code, 'invalid_token')
assert.ok(true)
} else {
assert.fail('should be unauthorized error')
} }
t.pass()
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
await t.test('should connect the user', (t) => { await t.test('should connect the user', () => {
t.plan(1)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: `Bearer ${token}` } auth: { token: `Bearer ${token}` }
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.pass() assert.ok(true)
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.fail(error.message) assert.fail(error.message)
}) })
}) })
}) })
@ -221,104 +233,107 @@ await tap.test('authorize', async (t) => {
await fixtureStop() await fixtureStop()
}) })
await t.test('should emit error with no token provided', (t) => { await t.test('should emit error with no token provided', () => {
t.plan(4)
socket = io(API_URL) socket = io(API_URL)
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true) assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) { if (isUnauthorizedError(error)) {
t.equal(error.data.message, 'no token provided') assert.strictEqual(error.data.message, 'no token provided')
t.equal(error.data.code, 'credentials_required') assert.strictEqual(error.data.code, 'credentials_required')
assert.ok(true)
} else {
assert.fail('should be unauthorized error')
} }
t.pass()
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
await t.test('should emit error with bad token format', (t) => { await t.test('should emit error with bad token format', () => {
t.plan(4)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: 'testing' } auth: { token: 'testing' }
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true) assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) { if (isUnauthorizedError(error)) {
t.equal(error.data.message, 'Format is Authorization: Bearer [token]') assert.strictEqual(
t.equal(error.data.code, 'credentials_bad_format') error.data.message,
'Format is Authorization: Bearer [token]'
)
assert.strictEqual(error.data.code, 'credentials_bad_format')
assert.ok(true)
} else {
assert.fail('should be unauthorized error')
} }
t.pass()
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
await t.test('should emit error with unauthorized handshake', (t) => { await t.test('should emit error with unauthorized handshake', () => {
t.plan(4)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: 'Bearer testing' } auth: { token: 'Bearer testing' }
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true) assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) { if (isUnauthorizedError(error)) {
t.equal( assert.strictEqual(
error.data.message, error.data.message,
'Unauthorized: Token is missing or invalid Bearer' 'Unauthorized: Token is missing or invalid Bearer'
) )
t.equal(error.data.code, 'invalid_token') assert.strictEqual(error.data.code, 'invalid_token')
assert.ok(true)
} else {
assert.fail('should be unauthorized error')
} }
t.pass()
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
await t.test('should connect the user', (t) => { await t.test('should connect the user', () => {
t.plan(1)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: `Bearer ${token}` } auth: { token: `Bearer ${token}` }
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.pass() assert.ok(true)
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.fail(error.message) assert.fail(error.message)
}) })
}) })
await t.test('should contains user properties', (t) => { await t.test('should contains user properties', () => {
t.plan(2)
const socketServer = getSocket() const socketServer = getSocket()
socketServer?.on('connection', (client: any) => { socketServer?.on('connection', (client: any) => {
t.equal(client.user.email, basicProfile.email) assert.strictEqual(client.user.email, basicProfile.email)
t.pass() assert.ok(true)
}) })
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: `Bearer ${token}` } auth: { token: `Bearer ${token}` }
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.fail(error.message) assert.fail(error.message)
}) })
}) })
await t.test('should emit error when user validation fails', (t) => { await t.test('should emit error when user validation fails', () => {
t.plan(2)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: `Bearer ${wrongToken}` } auth: { token: `Bearer ${wrongToken}` }
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
try { try {
t.equal(error.message, 'Check Field validation failed') assert.strictEqual(error.message, 'Check Field validation failed')
t.pass() assert.ok(true)
} catch { } catch {
t.fail() assert.fail(error.message)
} }
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
}) })

2
src/authorize.ts
View File

@ -62,7 +62,7 @@ export const authorize = (options: AuthorizeOptions): SocketIOMiddleware => {
} }
socket.encodedToken = encodedToken socket.encodedToken = encodedToken
let keySecret: string | null = null let keySecret: string | null = null
let decodedToken: any let decodedToken: any = null
if (typeof secret === 'string') { if (typeof secret === 'string') {
keySecret = secret keySecret = secret
} else { } else {

6
tsconfig.json
View File

@ -1,4 +1,5 @@
{ {
"extends": "@tsconfig/strictest/tsconfig.json",
"compilerOptions": { "compilerOptions": {
"target": "ESNext", "target": "ESNext",
"module": "ESNext", "module": "ESNext",
@ -7,9 +8,6 @@
"outDir": "./build", "outDir": "./build",
"rootDir": "./src", "rootDir": "./src",
"emitDeclarationOnly": true, "emitDeclarationOnly": true,
"declaration": true, "declaration": true
"strict": true,
"skipLibCheck": true,
"esModuleInterop": true
} }
} }