Socket.io authentication

[X]

Hey guys...is there a suggested way of approaching accepting only authenticated sessions? I saw a module: https://github.com/jfromaniello/passport.socketio that does something like:

// initialize our modules
var io               = require("socket.io")(server),
    sessionStore     = require('awesomeSessionStore'), // find a working session store (have a look at the readme)
    passportSocketIo = require("passport.socketio");


// set authorization for socket.io
io.set('authorization', passportSocketIo.authorize({
  cookieParser: express.cookieParser,
  key:         'express.sid',       // the name of the cookie where express/connect stores its session_id
  secret:      'session_secret',    // the session_secret to parse the cookie
  store:       sessionStore,        // we NEED to use a sessionstore. no memorystore please
  success:     onAuthorizeSuccess,  // *optional* callback on success - read more below
  fail:        onAuthorizeFail,     // *optional* callback on fail/error - read more below
}));


function onAuthorizeSuccess(data, accept){
  console.log('successful connection to socket.io');


  // The accept-callback still allows us to decide whether to
  // accept the connection or not.
  accept(null, true);
}


function onAuthorizeFail(data, message, error, accept){
  if(error)
    throw new Error(message);
  console.log('failed connection to socket.io:', message);


  // We use this callback to log all of our failed connections.
  accept(null, false);
}

Is there a way to use this with Geddy? Thoughts?

Help is much appreciated! Thanks!

[X]

I found this as well: http://howtonode.org/socket-io-auth but, can someone help me figure out what would the equivalent of the following in GeddyJS+Passprt be:

io = io.listen(server);


io.set('authorization', function (handshakeData, accept) {


  if (handshakeData.headers.cookie) {


    handshakeData.cookie = cookie.parse(handshakeData.headers.cookie);


    handshakeData.sessionID = connect.utils.parseSignedCookie(handshakeData.cookie['express.sid'], 'secret');


    if (handshakeData.cookie['express.sid'] == handshakeData.sessionID) {
      return accept('Cookie is invalid.', false);
    }


  } else {
    return accept('No cookie transmitted.', false);
  }


  accept(null, true);
});

Thanks!

[Matthew Eernisse]

There's really not a built-in way to do this. The problem isn't the application code -- it's the lack of any sort of secure system for doing individual subscriptions. This is something we plan to work on, but it's going to take some time and effort.

--
The official community discussion group.
website: geddyjs.org, source: https://github.com/mde/geddy, group: https://groups.google.com/d/forum/geddyjs?hl=en
---
You received this message because you are subscribed to the Google Groups "GeddyJS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to geddyjs+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[elce...@gmail.com]

I posted a gist elsewhere in this group for the way I did it without geddy mods.  Hope it helps...

https://groups.google.com/forum/#!topic/geddyjs/BJuktbq_4UI

[Matthew Eernisse]

Thank you so much for sharing this!