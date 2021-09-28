This module is currently deprecated and unmaintained. Please check #148 which explain how to do this with modern versions of socket.io and using passport directly.

Access passport.js user information from a socket.io connection.

Installation

npm install passport .socketio

Example usage

var io = require ( "socket.io" )(server), sessionStore = require ( 'awesomeSessionStore' ), passportSocketIo = require ( "passport.socketio" ); io.set( 'authorization' , passportSocketIo.authorize({ cookieParser : express.cookieParser, key : 'express.sid' , secret : 'session_secret' , store : sessionStore, success : onAuthorizeSuccess, fail : onAuthorizeFail, })); io.use(passportSocketIo.authorize({ cookieParser : cookieParser, key : 'express.sid' , secret : 'session_secret' , store : sessionStore, success : onAuthorizeSuccess, fail : onAuthorizeFail, })); function onAuthorizeSuccess ( data, accept ) { console .log( 'successful connection to socket.io' ); accept( null , true ); accept(); } function onAuthorizeFail ( data, message, error, accept ) { if (error) throw new Error (message); console .log( 'failed connection to socket.io:' , message); accept( null , false ); if (error) accept( new Error (message)); }

passport.socketio - Options

store [function] required:

Always provide one. If you don't know what sessionStore to use, have a look at this list. Also be sure to use the same sessionStore or at least a connection to the same collection/table/whatever. And don't forget your express.session() middleware: app.use(express.session({ store: awesomeSessionStore })); For further info about this middleware see the official documentation.

You can also check the simple example below using a redis store.

var sessionStore = new redisStore(); app.use(session({ key : 'express.sid' , store : sessionStore, secret : 'keyboard cat' })); io.use(passportSocketIo.authorize({ cookieParser : require ( 'cookie-parser' ), key : 'express.sid' , secret : 'keyboard cat' , store : sessionStore, success : onAuthorizeSuccess, fail : onAuthorizeFail, }));

cookieParser [function] optional:

Optional cookieParser from express. Express 3 is express.cookieParser in Express 4 require('cookie-parser') .

Defaults to require('cookie-parser') .

key [string] optional:

Defaults to 'connect.sid' . But you're always better of to be sure and set your own key. Don't forget to also change it in your express.session() : app.use(express.session({ key: 'your.sid-key' }));

secret [string] optional:

As with key , also the secret you provide is optional. But: be sure to have one. That's always safer. You can set it like the key: app.use(express.session({ secret: 'pinkie ate my cupcakes!' }));

passport [function] optional:

Defaults to require('passport') . If you want, you can provide your own instance of passport for whatever reason.

success [function] optional:

Callback which will be called everytime a authorized user successfuly connects to your socket.io instance. Always be sure to accept/reject the connection. For that, there are two parameters: function(data[object], accept[function]) . data contains all the user-information from passport. The second parameter is for accepting/rejecting connections. Use it like this if you use socket.io under 1.0:

accept( null , true ); accept( null , false );

And like this if you use the newest version of socket.io@1.X

accept(); accept( new Error ( 'optional reason' ));

fail [function] optional:

The name of this callback may be a little confusing. While it is called when a not-authorized-user connects, it is also called when there's a error. For debugging reasons you are provided with two additional parameters function(data[object], message[string], error[bool], accept[function]) : (socket.io @ < 1.X)

function onAuthorizeFail ( data, message, error, accept ) { if (error){ throw new Error (message); } else { console .log(message); accept( null , false ); } } function onAuthorizeFail ( data, message, error, accept ) { console .log(message); accept( null , !error); }

Socket.io@1.X:

function onAuthorizeFail ( data, message, error, accept ) { if (error) throw new Error (message); return accept( new Error (message)); } function onAuthorizeFail ( data, message, error, accept ) { if (error) throw new Error (message); return accept(); }

You can use the message parameter for debugging/logging/etc uses.

socket.handshake.user (prior to v1)

This property was removed in v1. See socket.request.user

socket.request.user (as of v1)

This property is always available from inside a io.on('connection') handler. If the user is authorized via passport, you can access all the properties from there. Plus you have the socket.request.user.logged_in property which tells you whether the user is currently authorized or not.

Note: This property was named socket.handshake.user prior to v1

Additional methods

This function gives you the ability to filter all connected sockets via a user property. Needs two parameters function(io, function(user)) . Example:

passportSocketIo.filterSocketsByUser(io, function ( user ) { return user.gender === 'female' ; }).forEach( function ( socket ) { socket.emit( 'messsage' , 'hello, woman!' ); });

If you happen to have to work with Cross-Origin-Requests (marked by socket.io v0.9 as handshake.xdomain and by socket.io v1.0 as request.xdomain ) then here's a workaround:

You have to provide the session-cookie. If you haven't set a name yet, do it like this: app.use(express.session({ key: 'your.sid-key' }));

socket = io.connect( '//' + window .location.host, { query : 'session_id=' + readCookie( 'your.sid-key' ) });

Nope, there's nothing to do on the server side. Just be sure that the cookies names match.

Does NOT support cookie-based sessions. eg: express.cookieSession

support cookie-based sessions. eg: If the connection fails, check if you are requesting from a client via CORS. Check socket.handshake.xdomain === true ( socket.request.xdomain === true with socket.io v1) as there are no cookies sent. For a workaround look at the code above.

Contribute

You are always welcome to open an issue or provide a pull-request! Also check out the unit tests:

npm test

License

Licensed under the MIT-License. 2012-2013 José F. Romaniello.