Authentication in Socket.io

Question

Authentication in Socket.io

I will try to authenticate the connection on socket.io.

Currently, the user is first authenticated using the REST API, then I send the user a JsonWebToken with the authenticated username. After I open the connection between the client and the server, my plan is to temporarily remove this socket from the list of connected sockets in order to prevent the reception and sending of data between the server when I perform an out.

In this auth, I check the token, and if the token is valid, I again add the socket id to the list of connected sockets. The only problem is that the first part does not work. I cannot remove a socket from the list.

To verify this, I did the following.

 io.on('connection', function(socket){ //temp delete socket delete io.sockets.connected[socket.id]; console.log(io.sockets.connected); socket.emit("test"); });

As you can see, I delete the socket and emit a test event to see if the socket is open. The message was received by the client when it should not be.

Does anyone know why this is happening?

+6

node.js sockets socket.io

Alex catchple Jun 13 '15 at 1:46

source share

2 answers

socket.io also stores sockets in the namespace (by default, if not specified), and where you need to delete it to stop receiving messages.

See this post for a step-by-step explanation of what you are trying to do, and this module that abstracts the whole process.

0

Facundo olano Jul 19 '15 at 18:42

source share

Wilson · Accepted Answer · 2015-06-13T02:28:14+0000

Try using the disconnect method from the socket object, something like this:

 io.on('connection', function(socket){ //temp delete socket socket.disconnect(); console.log(io.sockets.connected); socket.emit("test"); });

UPDATE:

For example, if your HTTP server provides the client with a token:

 app.post('/api/users', function (req, res) { var user = { username: req.body.username }; var token = jwt.sign(user, secret, {expiresInMinutes: 30}); res.json({token: token}); });

then you can reuse this token to authenticate your connections on the network.

The code to send the token from the client (html file) will be:

 socket = io.connect('http://localhost:4000', { query: 'token=' + validToken, forceNew: true });

and the socketio authorization code on the server (socketio) will be:

 // here is being used a socketio middleware to validate // the token that has been sent // and if the token is valid, then the io.on(connection, ..) statement below is executed // thus the socket is connected to the websocket server. io.use(require('socketio-jwt').authorize({ secret: secret, handshake: true })); // but if the token is not valid, an error is triggered to the client // the socket won't be connected to the websocket server. io.on('connection', function (socket) { console.log('socket connected'); });

Please note that the secret used in the expression to generate the token, the same token is also used in the verification market in the socketio middleware.

I created an example where you can see how this validation works, the source code is here: https://gist.github.com/wilsonbalderrama/a2fa66b4d2b6eca05a5d

copy them to the folder and run server.js using node, and then access the html file from the browser at this URL: http: // localhost: 4000

but first install the modules: socket.io, express, socketio-jwt, jsonwebtoken

Authentication in Socket.io

More articles: