mirror of https://github.com/Thream/socketio-jwt.git synced 2024-07-21 09:38:31 +02:00

Authenticate socket.io incoming connections with JWTs. https://www.npmjs.com/package/@thream/socketio-jwt

jsonwebtoken jwt npm-package socket socketio socketio-jwt

Go to file

Screeny 928cd508ff major changes passport.socketio now lets the user decide whether to accept a connection or not. to do so, you have tu provide your own 'fail'-method. this will be called unless the user is successfuly authenticated (still uses the 'success'-method). The method will be called with four parameters: - data: <Object> Handshake Data - message <String> Error-Message - critical <Bool> True if the User is and will be unable to use socket.io because of errors in the authorization-system or somewhere else. False if the user would still be able to use the system (indicates that he's just not logged-in) - accept: <function> plain old accept function. If there's no fail-method given, passport.socketio allows every not-critical-failed connection. Also there is now a 'logged_in' <Bool>-Property inside your User-Key.		2013-11-06 18:19:00 +01:00
lib	major changes	2013-11-06 18:19:00 +01:00
test	remove connect and cookie dependency	2013-06-05 08:38:33 -03:00
.gitignore	initial	2012-09-05 15:14:36 -03:00
package.json	1.2.1	2013-06-30 16:44:51 -03:00
README.md	add note about cors, closes #28	2013-11-03 21:11:52 -02:00

README.md

Access Passport.js user information from socket.io connection.

Installation

npm install passport.socketio

Usage


  //configure passport and express

  var socketIo = require("socket.io"),
    passportSocketIo = require("passport.socketio");

  var sio = socketIo.listen(webServer);


  //except for the optional fail and success the parameter object has the 
  //same attribute than the session middleware http://www.senchalabs.org/connect/middleware-session.html

  sio.set("authorization", passportSocketIo.authorize({
    cookieParser: express.cookieParser, //or connect.cookieParser
    key:          'express.sid',        //the cookie where express (or connect) stores its session id.
    secret:       'my session secret',  //the session secret to parse the cookie
    store:         mySessionStore,      //the session store that express uses
    fail: function(data, accept) {      // *optional* callbacks on success or fail
      accept(null, false);              // second param takes boolean on whether or not to allow handshake
    },
    success: function(data, accept) {
      accept(null, true);
    }
  }));

  sio.sockets.on("connection", function(socket){
    console.log("user connected: ", socket.handshake.user.name);
    
    //filter sockets by user...
    var userGender = socket.handshake.user.gender, 
        opposite = userGender === "male" ? "female" : "male";

    passportSocketIo.filterSocketsByUser(sio, function (user) {
      return user.gender === opposite;
    }).forEach(function(s){
      s.send("a " + userGender + " has arrived!");
    });

  });

Note: in the client-side use io.connect() or io.connect('http://the-same-domain.com') because Socket.io can work with CORS but the browser will not send the cookies.

Develop

npm install
npm test

License

MIT - José F. Romaniello 2012.