socket.io-auth
It provides a hook to authenticate socket.io without using query-strings to send credentials, which is not a good security practice.
It works by preventing access to socket object before authentication, which is
done by given auth function and submitted credentials on authenticate
event.
Installation
npm install socket.io-auth
Usage
Just pass socket.io server and auth
function to socket.io-auth
and add other
events on callback:
var io = 4000 // setup and authentication method { // check for valid credential data if datatoken == 'test' ; else // or any error message }; io auth { // use socket as before to implement other signals socket;};
you can set authentication window with timeout option (default is 1s (1000ms)):
io auth timeout: 2000 { // rest of code ...};
clients just need to authenticate after connection:
var socket = 'http://localhost:4000'; socket;
Contribute
You are always welcome to open an issue or provide a pull-request!
Also checkout the tests:
$ npm test
socket.io-auth
before authentication
✓ marks socket as unauthenticated
✓ dose not sent messages to sockets
✓ disconnects unauthenticated sockets after timeout window
on authentication
with valid credentials
✓ authenticates and emits authenticated signal
with invalid credentials
✓ disconnects the socket
✓ emits unauthenticated with error message
after authentication
✓ handles all signals normally