From fbaaaf984b134272afd83280c39966d01c98ac5d Mon Sep 17 00:00:00 2001 From: Bryan Tong Date: Tue, 5 Nov 2013 03:32:11 -0700 Subject: [PATCH 1/2] Added note about SocketIO authorization with custom handlers. --- README.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/README.md b/README.md index 8b44679..5f8d792 100644 --- a/README.md +++ b/README.md @@ -81,6 +81,36 @@ Sessions work automatically, just set them up like normal using express. app.use(express.session({secret: 'express.io makes me happy'})); ``` +**Please note** that the SocketIO session support is given by using the SocketIO authorization handler. Thus, if there +is a need to implement your own authorization it needs to populate the session similar to the default authorization +handler provided by Express.IO + +Here is a small example of a custom handler + +```js +//use passport to authenticate our socket.io connections + // NOTICE: to keep this working with express.io we must expose the session ourselves + app.io.set("authorization",function(data,accept){ + var cookieParser = express.cookieParser(app.config.get("session.secret")) + , req = {headers:{cookie:data.headers.cookie}} + , session_id + cookieParser(req,{},function(err){ + if(err) throw err + session_id = req.signedCookies[app.config.get("session.key")] + session_store.get(session_id,function(err,session){ + if(err) throw err + //THIS SETS THE SESSION FOR EXPRESS.IO TO WORK + var connect = require("../node_modules/express.io/node_modules/express/node_modules/connect") + data.sessionID = session_id + data.session = new connect.session.Session(data,session) + //now validate our request + if(!session[passport._key][passport._userProperty] && !data.headers.referer.match(/login/)) accept(null,false) + else accept(null,true) + }) + }) + }) +``` + ## Double Up - Forward Normal Http Routes to Realtime Routes It's easy to forward regular http routes to your realtime routes. From 03a12efcefe2e5e5f7963a9656f61ee7e9236643 Mon Sep 17 00:00:00 2001 From: Bryan Tong Date: Tue, 5 Nov 2013 13:43:59 -0700 Subject: [PATCH 2/2] Implemented better example of how to hook the authorization handler. --- README.md | 34 ++++++++++++---------------------- 1 file changed, 12 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 5f8d792..f90bebd 100644 --- a/README.md +++ b/README.md @@ -81,32 +81,22 @@ Sessions work automatically, just set them up like normal using express. app.use(express.session({secret: 'express.io makes me happy'})); ``` -**Please note** that the SocketIO session support is given by using the SocketIO authorization handler. Thus, if there -is a need to implement your own authorization it needs to populate the session similar to the default authorization -handler provided by Express.IO +**Please note** that the SocketIO session support is given by using the SocketIO +authorization handler. Thus, if there is a need to implement your own authorization +it should use the existing authorization handler and wrap it. -Here is a small example of a custom handler +Here is a small example of a custom handler that uses passport to validate socket +requests except when on the login page. ```js -//use passport to authenticate our socket.io connections - // NOTICE: to keep this working with express.io we must expose the session ourselves + //use passport to authenticate our socket.io connections + var ioAuthorization = app.io.get("authorization") app.io.set("authorization",function(data,accept){ - var cookieParser = express.cookieParser(app.config.get("session.secret")) - , req = {headers:{cookie:data.headers.cookie}} - , session_id - cookieParser(req,{},function(err){ - if(err) throw err - session_id = req.signedCookies[app.config.get("session.key")] - session_store.get(session_id,function(err,session){ - if(err) throw err - //THIS SETS THE SESSION FOR EXPRESS.IO TO WORK - var connect = require("../node_modules/express.io/node_modules/express/node_modules/connect") - data.sessionID = session_id - data.session = new connect.session.Session(data,session) - //now validate our request - if(!session[passport._key][passport._userProperty] && !data.headers.referer.match(/login/)) accept(null,false) - else accept(null,true) - }) + ioAuthorization(data,function(err,res){ + if(null !== err) accept(err,res) + if(!data.session[passport._key][passport._userProperty] && !data.headers.referer.match(/login/)){ + accept(null,false) + } else accept(null,true) }) }) ```