sia

socket.io-auth

Authenticate socket.io connections without using querystrings

Showing:

Popularity

Downloads/wk

72

GitHub Stars

1

Maintenance

Last Commit

7yrs ago

Contributors

0

Package

Dependencies

0

Size (min+gzip)

0.4KB

License

ISC

Type Definitions

Tree-Shakeable

No?

Categories

Readme

socket.io-auth

Build Status

It provides a hook to authenticate socket.io without using query-strings to send credentials, which is not a good security practice.

It works by preventing access to socket object before authentication, which is done by given auth function and submitted credentials on authenticate event.

Installation

npm install socket.io-auth

Usage

Just pass socket.io server and auth function to socket.io-auth and add other events on callback:

var io = require('socket.io')(4000)

// setup and authentication method
auth = function(data, done) {
  // check for valid credential data
  if (data.token == 'test') {
    done();
  } else {
    done(new Error('bad credentials')) // or any error message
  }
};

require('socket.io-auth')(io, auth, function(socket){
  // use socket as before to implement other signals
  socket.on('ping', function(data){
    socket.emit('pong', data);
  });
});

you can set authentication window with timeout option (default is 1s (1000ms)):

require('socket.io-auth')(io, auth, {timeout: 2000}, function(socket){
  // rest of code ...
});

clients just need to authenticate after connection:

var socket = require('socket.io-client')('http://localhost:4000');

socket.on('connect', function(){
  socket.emit('authenticate', {token: 'some token'});
  socket.on('authenticated', function(){
    // now it is an authenticated socket and works as before
  });
});

Contribute

You are always welcome to open an issue or provide a pull-request!

Also checkout the tests:

$ npm test

  socket.io-auth
    before authentication
      ✓ marks socket as unauthenticated
      ✓ dose not sent messages to sockets
      ✓ disconnects unauthenticated sockets after timeout window
    on authentication
      with valid credentials
        ✓ authenticates and emits authenticated signal
      with invalid credentials
        ✓ disconnects the socket
        ✓ emits unauthenticated with error message
    after authentication
      ✓ handles all signals normally

Rate & Review

Great Documentation0
Easy to Use0
Performant0
Highly Customizable0
Bleeding Edge0
Responsive Maintainers0
Poor Documentation0
Hard to Use0
Slow0
Buggy0
Abandoned0
Unwelcoming Community0
100
No reviews found
Be the first to rate

Alternatives

No alternatives found

Tutorials

No tutorials found
Add a tutorial