Is uWebSockets.js compatible with Passport.js?

[Doumor]

https://www.passportjs.org/

[hst-m]

not compatible, passport.js is express middleware but you don't need it

[Doumor]

not compatible, passport.js is express middleware but you don't need it

How do I authorize users then?

[Doumor]

https://github.com/fastify/fastify-passport

Fastify has a port to work with passport.js.

Anyway, the problem is actually that I'm migrating from Express. I need something +/- secure and VERY fast. If you can't use passport.js in uWebSockets, I'll migrate to fastify. Even simply very fast ws:// is already cool.

[hst-m]

normally this involves looking at and setting secure http Cookies

[Doumor]

look at the headers of the request, authorize users as needed, if you are not capable of doing something simple like this this library is not for you

Well... That's not the problem. The problem is that I have more than one authorization strategy. Describing them all would be quite difficult.

[Doumor]

normally this involves looking at and setting secure http Cookies

The last time I did this was when I was writing PHP. It was fun and exciting, until I wanted to write something huge and scary...

[hst-m]

If you want to see simple example authorizing websocket request with cookies and jsonwebtoken I did that in other discussion: #112 (comment)

app.ws('/',{
   upgrade:(res,req,context)=>{
      try{req.user=decodeJwtCookie(req,'user')}
      catch{return res.writeStatus('401').end()}
      res.upgrade({uid:req.user._id},req.getHeader('sec-websocket-key'),req.getHeader('sec-websocket-protocol'),req.getHeader('sec-websocket-extensions'),context)
   },
   open:ws=>console.log('open-ws',ws.uid)
})

const getCookie=(req,name)=>(req.cookies??=req.getHeader('cookie')).match(getCookie[name]??=new RegExp(`(^|;)\\s*${name}\\s*=\\s*([^;]+)`))?.[2]
const decodeJwtCookie=(req,name)=>require('jsonwebtoken').verify(getCookie(req,name),jwtSecret)

// set auth cookie
res.writeHeader('Set-Cookie',`user=${require('jsonwebtoken').sign(user,jwtSecret)}; HttpOnly; Secure; SameSite=Lax; Max-Age=315360000;`)

for middleware type patterns see #464 (comment)

[hst-m]

app.get('/',(res,req)=>{
   try{req.user=decodeJwtCookie(req,'user')}
   catch{return res.writeStatus('401').end()}
   res.end('authed')
})

[Doumor]

It's just that I need Passport.js anyway. I could do normal authorization, too, if I didn't need to do it for a lot of services.

[hst-m]

All these other services are just as easy, I do auth for Google and Twitter it's like a couple lines of code

[Doumor]

The problem is that they are not two, or three, or four.

[hst-m]

5 different functions not that difficult

[ghost]

You should go to passport and ask them to port their library to uWS, just like they ported their library to fastify. This has nothing to do with uWS, authentication is an application level protocol atop uWS. We cannot change fundamental base functionality to seamlessly support high level libraries written for something else

[Doumor]

https://github.com/fastify/fastify-passport

This is the fastify repository. Not the passport.js repository.

[ghost]

Okay, we have no intention to support or port any third-party NPM module to uWS - we do one thing and we do one thing better than others. If you need Lego-like productivity where everything is pre-fabricated only waiting for a little bit of duct tape then uWS is not for you.

[dalisoft]

@Doumor You should do this yourself as uWebSockets.js is fastest because does not bundle any unnecessary things.
You can try this [Self-ad] if you need urgent solution, but you should migrate to uWebSockets.js as this step makes your application faster than you expected

[Doumor]

I audited the modules of the application. The problem is that I can only implement fastify for https://, but I can tell you that most of the requests in the application go through ws://, so if I move ws:// to uWebSockets, that would be the biggest step, and fastify -> uWebSockets would yield little. If there are a lot of users, I'll do that, but for now there's not much point.

[endel]

I have not yet tried but Passport.js potentially works with the Express compatibility layer I've built recently: https://github.com/endel/uWebSockets-express

(Thread about the compatibility layer here: #565)

[Doumor]

Oh... If so, you make my life a hundred times easier. Thank you!