All geek questions in one place

Use token for socket.io authentication

I am working with loopback 2.0 and socket.io 1.0.6.

I would like to use the loopback authentication method for socket.io authentication.

I found a user authentication method in loopback / lib / middleware / token.js. https://github.com/strongloop/loopback/blob/master/lib/middleware/token.js

Then I write as below:

var loopback = require('loopback'); var ioapp = module.exports = socketio; function socketio(server) { var io = require('socket.io')(server); // auth io.use(function(socket, next) { loopback.token()(socket.request, null, next); }); // listeners ... return io; };

But in fact, I will not work and causes such an error.

 /Users/.../project_root/node_modules/loopback/lib/models/access-token.js:201 id = req.param(params[i]); ^ TypeError: Object #<IncomingMessage> has no method 'param' at tokenIdForRequest (/Users/ksuzuki/Projects/appsocially/repo/chat-center/node_modules/loopback/lib/models/access-token.js:201:14) at Function.AccessToken.findForRequest (/Users/ksuzuki/Projects/appsocially/repo/chat-center/node_modules/loopback/lib/models/access-token.js:123:12) at /Users/ksuzuki/Projects/appsocially/repo/chat-center/node_modules/loopback/lib/middleware/token.js:53:16 at Array.0 (/Users/ksuzuki/Projects/appsocially/repo/chat-center/server/socket.js:15:28) at run (/Users/ksuzuki/Projects/appsocially/repo/chat-center/node_modules/socket.io/lib/namespace.js:114:11) at Namespace.run (/Users/ksuzuki/Projects/appsocially/repo/chat-center/node_modules/socket.io/lib/namespace.js:126:3) at Namespace.add (/Users/ksuzuki/Projects/appsocially/repo/chat-center/node_modules/socket.io/lib/namespace.js:155:8) at Client.connect (/Users/ksuzuki/Projects/appsocially/repo/chat-center/node_modules/socket.io/lib/client.js:67:20) at Server.onconnection (/Users/ksuzuki/Projects/appsocially/repo/chat-center/node_modules/socket.io/lib/index.js:309:10) at Server.EventEmitter.emit (events.js:95:17)

I assume this is because I am passing the wrong type of object to the loopback.token () method.

+5
source share
1 answer

Well, I believe that the Loopback token is built for use with the express request object. In the latest version (2.x), you can use it if you override AccessToken.findForRequest and implement it yourself.

But there is another approach to this, which is considered in the official documentation :

Basically, this involves using socketio-auth (which "provides hooks for implementing authentication in socket.io without using requests to send credentials is not a good security practice") and directly uses the AccessToken model.

I put the code here with a little simplification:

On the server side:

 app.io = require('socket.io')(app.start()); require('socketio-auth')(app.io, { authenticate: function (socket, value, callback) { var AccessToken = app.models.AccessToken; //get credentials sent by the client var token = AccessToken.count({ userId: value.userId, id: value.id, }, callback); } });

On the client side:

 socket.on('connect', function() { // You should have retrieved tokenId/userId by calling user.login and // saving it in cookies or localStorage. socket.emit('authentication', {id: tokenId, userId: userId }); });
+1
source

Source: https://habr.com/ru/post/1202303/

More articles:


All Articles