All geek questions in one place

SailsJS - using sails.io.js with JWT

I have implemented an AngularJS application, communicate with the Sails backend via websockets using sails.io.js.

Since the backend is basically a pure API and will be connected to other applications, I am trying to completely disconnect sessions and use JWT.

I installed express-jwt and I can use normal HTTP requests pretty well, but when I send the request through sails.io.js nothing happens at all - the websocket request remains on the client, and nothing happens on the server (with "stupid" log level).

I tried the sails.io.js patch to support the parameter, and when I connect, I send a token from Angular, but in the best case, I get a response with an error message coming from express-jwt saying that there are no credentials ...

I also noticed some hints that socket.js in sails needs to be changed using beforeConnect, I saw socketio-jwt , but I have no idea where and how to connect it in Sails.

Has anyone implemented this and is using JWT with Sails and sockets? I would appreciate any hint in which direction to go :)

+6
source share
1 answer

I realized that the policy that I applied and that used express-jwt was too distracted from me, so I did not understand what exactly was happening. After looking at other examples, I realized that I only need to check what is different from websocket requests than usual, and I quickly found a way to solve this problem.

So:

  • configure token subscription and sending at login
  • Angular takes a token and stores it in local storage
  • Create an interceptor for HTTP requests to add the header and authorization token
  • Fix sails.io.js to forward request parameters provided through parameters (as indicated in the question).
  • When connecting using sails.io.js, send the token as a request parameter, i.e. url + '? token = '+ token

  • In the sails policy, check all combinations for the token, including req.socket.handshake.query, as shown below:

    module.exports = function (req, res, next) { var token; if (req.headers && req.headers.authorization) { var parts = req.headers.authorization.split(' '); if (parts.length == 2) { var scheme = parts[0], credentials = parts[1]; if (/^Bearer$/i.test(scheme)) { token = credentials; } } else { return res.json(401, {err: 'Format is Authorization: Bearer [token]'}); } } else if (req.param('token')) { token = req.param('token'); // We delete the token from param to not mess with blueprints delete req.query.token; } // If connection from socket else if (req.socket && req.socket.handshake && req.socket.handshake.query && req.socket.handshake.query.token) { token = req.socket.handshake.query.token; } else { sails.log(req.socket.handshake); return res.json(401, {err: 'No Authorization header was found'}); } JWTService.verifyToken(token, function (err, token) { if (err) { return res.json(401, {err: 'The token is not valid'}); } sails.log('Token valid'); req.token = token; return next(); }); };

It works well! :)

+7
source

Source: https://habr.com/ru/post/986757/

More articles:


All Articles