Thream/socketio-jwt
Archived
2
1
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: Thream:v3.1.1
Branches Tags
Thream:develop Thream:master
Thream:v3.1.3 Thream:v3.1.2 Thream:v3.1.1 Thream:v3.1.0 Thream:v3.0.4 Thream:v3.0.3 Thream:v3.0.2 Thream:v3.0.1 Thream:v3.0.0 Thream:v2.2.1 Thream:v2.2.0 Thream:v2.1.1 Thream:v2.1.0 Thream:v2.0.0 Thream:v1.1.1 Thream:v1.1.0 Thream:v1.0.1 Thream:v1.0.0
...
compare: Thream:v3.1.3
Branches Tags
Thream:develop Thream:master
Thream:v3.1.3 Thream:v3.1.2 Thream:v3.1.1 Thream:v3.1.0 Thream:v3.0.4 Thream:v3.0.3 Thream:v3.0.2 Thream:v3.0.1 Thream:v3.0.0 Thream:v2.2.1 Thream:v2.2.0 Thream:v2.1.1 Thream:v2.1.0 Thream:v2.0.0 Thream:v1.1.1 Thream:v1.1.0 Thream:v1.0.1 Thream:v1.0.0

4 Commits
v3.1.1 ... v3.1.3

Author SHA1 Message Date
Théo LUDWIG
2d84d11034 fix: update jsonwebtoken from v9.0.1 to v9.0.2 2023-09-18 21:45:05 +02:00
Théo LUDWIG
4ba9a452ea docs: improve Prerequisites section 2023-08-06 11:45:16 +02:00
Théo LUDWIG
6a28554b00 fix: update jsonwebtoken from v9.0.0 to v9.0.1 2023-07-22 12:20:18 +02:00
Théo LUDWIG
50c236ca4d refactor: usage of node:test instead of tap 2023-07-22 12:18:28 +02:00
13 changed files with 2700 additions and 5971 deletions
Expand all files Collapse all files

1
.eslintrc.json
View File

@ -1,6 +1,7 @@
{ {
"extends": ["conventions", "prettier"], "extends": ["conventions", "prettier"],
"plugins": ["prettier", "import", "unicorn"], "plugins": ["prettier", "import", "unicorn"],
"parser": "@typescript-eslint/parser",
"parserOptions": { "parserOptions": {
"project": "./tsconfig.json" "project": "./tsconfig.json"
}, },

6
.github/workflows/build.yml vendored
View File

@ -10,12 +10,12 @@ jobs:
build: build:
runs-on: 'ubuntu-latest' runs-on: 'ubuntu-latest'
steps: steps:
- uses: 'actions/checkout@v3.5.3' - uses: 'actions/checkout@v4.0.0'
- name: 'Setup Node.js' - name: 'Setup Node.js'
uses: 'actions/setup-node@v3.6.0' uses: 'actions/setup-node@v3.8.1'
with: with:
node-version: 'lts/*' node-version: '20.x'
cache: 'npm' cache: 'npm'
- name: 'Install dependencies' - name: 'Install dependencies'

6
.github/workflows/lint.yml vendored
View File

@ -10,12 +10,12 @@ jobs:
lint: lint:
runs-on: 'ubuntu-latest' runs-on: 'ubuntu-latest'
steps: steps:
- uses: 'actions/checkout@v3.5.3' - uses: 'actions/checkout@v4.0.0'
- name: 'Setup Node.js' - name: 'Setup Node.js'
uses: 'actions/setup-node@v3.6.0' uses: 'actions/setup-node@v3.8.1'
with: with:
node-version: 'lts/*' node-version: '20.x'
cache: 'npm' cache: 'npm'
- name: 'Install dependencies' - name: 'Install dependencies'

6
.github/workflows/release.yml vendored
View File

@ -13,12 +13,12 @@ jobs:
pull-requests: 'write' pull-requests: 'write'
id-token: 'write' id-token: 'write'
steps: steps:
- uses: 'actions/checkout@v3.5.3' - uses: 'actions/checkout@v4.0.0'
- name: 'Setup Node.js' - name: 'Setup Node.js'
uses: 'actions/setup-node@v3.6.0' uses: 'actions/setup-node@v3.8.1'
with: with:
node-version: 'lts/*' node-version: '20.x'
cache: 'npm' cache: 'npm'
- name: 'Install dependencies' - name: 'Install dependencies'

6
.github/workflows/test.yml vendored
View File

@ -10,12 +10,12 @@ jobs:
test: test:
runs-on: 'ubuntu-latest' runs-on: 'ubuntu-latest'
steps: steps:
- uses: 'actions/checkout@v3.5.3' - uses: 'actions/checkout@v4.0.0'
- name: 'Setup Node.js' - name: 'Setup Node.js'
uses: 'actions/setup-node@v3.6.0' uses: 'actions/setup-node@v3.8.1'
with: with:
node-version: 'lts/*' node-version: '20.x'
cache: 'npm' cache: 'npm'
- name: 'Install dependencies' - name: 'Install dependencies'

5
.nycrc.json
View File

@ -1,5 +0,0 @@
{
"reporter": ["text", "cobertura"],
"src": "./build",
"all": true
}

3
.swcrc
View File

@ -1,10 +1,11 @@
{ {
"sourceMaps": true,
"jsc": { "jsc": {
"parser": { "parser": {
"syntax": "typescript", "syntax": "typescript",
"dynamicImport": true "dynamicImport": true
}, },
"target": "es2022" "target": "esnext"
}, },
"module": { "module": {
"type": "es6" "type": "es6"

9
.taprc
View File

@ -1,9 +0,0 @@
ts: false
jsx: false
flow: false
check-coverage: false
coverage: false
timeout: 10000
files:
- 'build/**/*.test.js'

5
README.md
View File

@ -22,13 +22,12 @@
Authenticate socket.io incoming connections with JWTs. Authenticate socket.io incoming connections with JWTs.
Compatible with `socket.io >= 3.0.0`. This repository was originally forked from [auth0-socketio-jwt](https://github.com/auth0-community/auth0-socketio-jwt) and it is not intended to take any credit but to improve the code from now on.
This repository was originally forked from [auth0-socketio-jwt](https://github.com/auth0-community/auth0-socketio-jwt) & it is not intended to take any credit but to improve the code from now on.
## Prerequisites ## Prerequisites
- [Node.js](https://nodejs.org/) >= 16.0.0 - [Node.js](https://nodejs.org/) >= 16.0.0
- [Socket.IO](https://socket.io/) >= 3.0.0
## 💾 Install ## 💾 Install

8364
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

61
package.json
View File

@ -10,7 +10,8 @@
"files": [ "files": [
"build", "build",
"!**/*.test.js", "!**/*.test.js",
"!**/*.test.d.ts" "!**/*.test.d.ts",
"!**/*.map"
], ],
"engines": { "engines": {
"node": ">=16.0.0", "node": ">=16.0.0",
@ -41,10 +42,10 @@
"lint:commit": "commitlint", "lint:commit": "commitlint",
"lint:editorconfig": "editorconfig-checker", "lint:editorconfig": "editorconfig-checker",
"lint:markdown": "markdownlint-cli2", "lint:markdown": "markdownlint-cli2",
"lint:eslint": "eslint . --ignore-path .gitignore", "lint:eslint": "eslint . --max-warnings 0 --report-unused-disable-directives --ignore-path .gitignore",
"lint:prettier": "prettier . --check --ignore-path .gitignore", "lint:prettier": "prettier . --check",
"lint:staged": "lint-staged", "lint:staged": "lint-staged",
"test": "c8 tap", "test": "cross-env NODE_ENV=test node --enable-source-maps --test build/",
"release": "semantic-release", "release": "semantic-release",
"postinstall": "husky install", "postinstall": "husky install",
"prepublishOnly": "pinst --disable", "prepublishOnly": "pinst --disable",
@ -54,41 +55,39 @@
"socket.io": ">=3.0.0" "socket.io": ">=3.0.0"
}, },
"dependencies": { "dependencies": {
"jsonwebtoken": "9.0.0" "jsonwebtoken": "9.0.2"
}, },
"devDependencies": { "devDependencies": {
"@commitlint/cli": "17.6.6", "@commitlint/cli": "17.7.1",
"@commitlint/config-conventional": "17.6.6", "@commitlint/config-conventional": "17.7.0",
"@swc/cli": "0.1.62", "@swc/cli": "0.1.62",
"@swc/core": "1.3.67", "@swc/core": "1.3.85",
"@tsconfig/strictest": "2.0.1", "@tsconfig/strictest": "2.0.2",
"@types/jsonwebtoken": "9.0.2", "@types/jsonwebtoken": "9.0.3",
"@types/node": "20.3.3", "@types/node": "20.6.2",
"@types/tap": "15.0.8", "@typescript-eslint/eslint-plugin": "6.7.2",
"@typescript-eslint/eslint-plugin": "5.60.1", "@typescript-eslint/parser": "6.7.2",
"@typescript-eslint/parser": "5.60.1", "axios": "1.5.0",
"axios": "1.4.0", "cross-env": "7.0.3",
"c8": "8.0.0",
"editorconfig-checker": "5.1.1", "editorconfig-checker": "5.1.1",
"eslint": "8.44.0", "eslint": "8.49.0",
"eslint-config-conventions": "10.0.0", "eslint-config-conventions": "11.0.1",
"eslint-config-prettier": "8.8.0", "eslint-config-prettier": "9.0.0",
"eslint-plugin-import": "2.27.5", "eslint-plugin-import": "2.28.1",
"eslint-plugin-prettier": "4.2.1", "eslint-plugin-prettier": "5.0.0",
"eslint-plugin-promise": "6.1.1", "eslint-plugin-promise": "6.1.1",
"eslint-plugin-unicorn": "47.0.0", "eslint-plugin-unicorn": "48.0.1",
"fastify": "4.19.1", "fastify": "4.23.2",
"husky": "8.0.3", "husky": "8.0.3",
"lint-staged": "13.2.3", "lint-staged": "14.0.1",
"markdownlint-cli2": "0.8.1", "markdownlint-cli2": "0.10.0",
"markdownlint-rule-relative-links": "2.1.0", "markdownlint-rule-relative-links": "2.1.0",
"pinst": "3.0.0", "pinst": "3.0.0",
"prettier": "2.8.8", "prettier": "3.0.3",
"rimraf": "5.0.1", "rimraf": "5.0.1",
"semantic-release": "21.0.6", "semantic-release": "22.0.0",
"socket.io": "4.7.1", "socket.io": "4.7.2",
"socket.io-client": "4.7.1", "socket.io-client": "4.7.2",
"tap": "16.3.7", "typescript": "5.2.2"
"typescript": "5.0.4"
} }
} }

191
src/__test__/authorize.test.ts
View File

@ -1,4 +1,6 @@
import tap from 'tap' import test from 'node:test'
import assert from 'node:assert/strict'
import axios from 'axios' import axios from 'axios'
import type { Socket } from 'socket.io-client' import type { Socket } from 'socket.io-client'
import { io } from 'socket.io-client' import { io } from 'socket.io-client'
@ -24,7 +26,7 @@ const secretCallback = async (): Promise<string> => {
return 'somesecret' return 'somesecret'
} }
await tap.test('authorize', async (t) => { await test('authorize', async (t) => {
await t.test('with secret as string in options', async (t) => { await t.test('with secret as string in options', async (t) => {
let token = '' let token = ''
let socket: Socket | null = null let socket: Socket | null = null
@ -40,71 +42,76 @@ await tap.test('authorize', async (t) => {
await fixtureStop() await fixtureStop()
}) })
await t.test('should emit error with no token provided', (t) => { await t.test('should emit error with no token provided', () => {
t.plan(4)
socket = io(API_URL) socket = io(API_URL)
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true) assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) { if (isUnauthorizedError(error)) {
t.equal(error.data.message, 'no token provided') assert.strictEqual(error.data.message, 'no token provided')
t.equal(error.data.code, 'credentials_required') assert.strictEqual(error.data.code, 'credentials_required')
assert.ok(true)
} else {
assert.fail('should be unauthorized error')
} }
t.pass()
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
await t.test('should emit error with bad token format', (t) => { await t.test('should emit error with bad token format', () => {
t.plan(4)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: 'testing' } auth: { token: 'testing' }
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true) assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) { if (isUnauthorizedError(error)) {
t.equal(error.data.message, 'Format is Authorization: Bearer [token]') assert.strictEqual(
t.equal(error.data.code, 'credentials_bad_format') error.data.message,
'Format is Authorization: Bearer [token]'
)
assert.strictEqual(error.data.code, 'credentials_bad_format')
assert.ok(true)
} else {
assert.fail('should be unauthorized error')
} }
t.pass()
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
await t.test('should emit error with unauthorized handshake', (t) => { await t.test('should emit error with unauthorized handshake', () => {
t.plan(4)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: 'Bearer testing' } auth: { token: 'Bearer testing' }
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true) assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) { if (isUnauthorizedError(error)) {
t.equal( assert.strictEqual(
error.data.message, error.data.message,
'Unauthorized: Token is missing or invalid Bearer' 'Unauthorized: Token is missing or invalid Bearer'
) )
t.equal(error.data.code, 'invalid_token') assert.strictEqual(error.data.code, 'invalid_token')
assert.ok(true)
} else {
assert.fail('should be unauthorized error')
} }
t.pass()
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
await t.test('should connect the user', (t) => { await t.test('should connect the user', () => {
t.plan(1)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: `Bearer ${token}` } auth: { token: `Bearer ${token}` }
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.pass() assert.ok(true)
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.fail(error.message) assert.fail(error.message)
}) })
}) })
}) })
@ -124,71 +131,76 @@ await tap.test('authorize', async (t) => {
await fixtureStop() await fixtureStop()
}) })
await t.test('should emit error with no token provided', (t) => { await t.test('should emit error with no token provided', () => {
t.plan(4)
socket = io(API_URL) socket = io(API_URL)
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true) assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) { if (isUnauthorizedError(error)) {
t.equal(error.data.message, 'no token provided') assert.strictEqual(error.data.message, 'no token provided')
t.equal(error.data.code, 'credentials_required') assert.strictEqual(error.data.code, 'credentials_required')
assert.ok(true)
} else {
assert.fail('should be unauthorized error')
} }
t.pass()
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
await t.test('should emit error with bad token format', (t) => { await t.test('should emit error with bad token format', () => {
t.plan(4)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: 'testing' } auth: { token: 'testing' }
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true) assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) { if (isUnauthorizedError(error)) {
t.equal(error.data.message, 'Format is Authorization: Bearer [token]') assert.strictEqual(
t.equal(error.data.code, 'credentials_bad_format') error.data.message,
'Format is Authorization: Bearer [token]'
)
assert.strictEqual(error.data.code, 'credentials_bad_format')
assert.ok(true)
} else {
assert.fail('should be unauthorized error')
} }
t.pass()
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
await t.test('should emit error with unauthorized handshake', (t) => { await t.test('should emit error with unauthorized handshake', () => {
t.plan(4)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: 'Bearer testing' } auth: { token: 'Bearer testing' }
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true) assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) { if (isUnauthorizedError(error)) {
t.equal( assert.strictEqual(
error.data.message, error.data.message,
'Unauthorized: Token is missing or invalid Bearer' 'Unauthorized: Token is missing or invalid Bearer'
) )
t.equal(error.data.code, 'invalid_token') assert.strictEqual(error.data.code, 'invalid_token')
assert.ok(true)
} else {
assert.fail('should be unauthorized error')
} }
t.pass()
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
await t.test('should connect the user', (t) => { await t.test('should connect the user', () => {
t.plan(1)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: `Bearer ${token}` } auth: { token: `Bearer ${token}` }
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.pass() assert.ok(true)
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.fail(error.message) assert.fail(error.message)
}) })
}) })
}) })
@ -221,104 +233,107 @@ await tap.test('authorize', async (t) => {
await fixtureStop() await fixtureStop()
}) })
await t.test('should emit error with no token provided', (t) => { await t.test('should emit error with no token provided', () => {
t.plan(4)
socket = io(API_URL) socket = io(API_URL)
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true) assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) { if (isUnauthorizedError(error)) {
t.equal(error.data.message, 'no token provided') assert.strictEqual(error.data.message, 'no token provided')
t.equal(error.data.code, 'credentials_required') assert.strictEqual(error.data.code, 'credentials_required')
assert.ok(true)
} else {
assert.fail('should be unauthorized error')
} }
t.pass()
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
await t.test('should emit error with bad token format', (t) => { await t.test('should emit error with bad token format', () => {
t.plan(4)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: 'testing' } auth: { token: 'testing' }
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true) assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) { if (isUnauthorizedError(error)) {
t.equal(error.data.message, 'Format is Authorization: Bearer [token]') assert.strictEqual(
t.equal(error.data.code, 'credentials_bad_format') error.data.message,
'Format is Authorization: Bearer [token]'
)
assert.strictEqual(error.data.code, 'credentials_bad_format')
assert.ok(true)
} else {
assert.fail('should be unauthorized error')
} }
t.pass()
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
await t.test('should emit error with unauthorized handshake', (t) => { await t.test('should emit error with unauthorized handshake', () => {
t.plan(4)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: 'Bearer testing' } auth: { token: 'Bearer testing' }
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.equal(isUnauthorizedError(error), true) assert.strictEqual(isUnauthorizedError(error), true)
if (isUnauthorizedError(error)) { if (isUnauthorizedError(error)) {
t.equal( assert.strictEqual(
error.data.message, error.data.message,
'Unauthorized: Token is missing or invalid Bearer' 'Unauthorized: Token is missing or invalid Bearer'
) )
t.equal(error.data.code, 'invalid_token') assert.strictEqual(error.data.code, 'invalid_token')
assert.ok(true)
} else {
assert.fail('should be unauthorized error')
} }
t.pass()
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
await t.test('should connect the user', (t) => { await t.test('should connect the user', () => {
t.plan(1)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: `Bearer ${token}` } auth: { token: `Bearer ${token}` }
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.pass() assert.ok(true)
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.fail(error.message) assert.fail(error.message)
}) })
}) })
await t.test('should contains user properties', (t) => { await t.test('should contains user properties', () => {
t.plan(2)
const socketServer = getSocket() const socketServer = getSocket()
socketServer?.on('connection', (client: any) => { socketServer?.on('connection', (client: any) => {
t.equal(client.user.email, basicProfile.email) assert.strictEqual(client.user.email, basicProfile.email)
t.pass() assert.ok(true)
}) })
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: `Bearer ${token}` } auth: { token: `Bearer ${token}` }
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
t.fail(error.message) assert.fail(error.message)
}) })
}) })
await t.test('should emit error when user validation fails', (t) => { await t.test('should emit error when user validation fails', () => {
t.plan(2)
socket = io(API_URL, { socket = io(API_URL, {
auth: { token: `Bearer ${wrongToken}` } auth: { token: `Bearer ${wrongToken}` }
}) })
socket.on('connect_error', async (error) => { socket.on('connect_error', async (error) => {
try { try {
t.equal(error.message, 'Check Field validation failed') assert.strictEqual(error.message, 'Check Field validation failed')
t.pass() assert.ok(true)
} catch { } catch {
t.fail() assert.fail(error.message)
} }
}) })
socket.on('connect', async () => { socket.on('connect', async () => {
t.fail() assert.fail('should not connect')
}) })
}) })
}) })

4
tsconfig.json
View File

@ -2,9 +2,9 @@
"extends": "@tsconfig/strictest/tsconfig.json", "extends": "@tsconfig/strictest/tsconfig.json",
"compilerOptions": { "compilerOptions": {
"target": "ESNext", "target": "ESNext",
"module": "ESNext",
"lib": ["ESNext"], "lib": ["ESNext"],
"moduleResolution": "node", "module": "NodeNext",
"moduleResolution": "NodeNext",
"outDir": "./build", "outDir": "./build",
"rootDir": "./src", "rootDir": "./src",
"emitDeclarationOnly": true, "emitDeclarationOnly": true,