Passport-jwt extractor fromUrlQueryParameter don't handle handshake requests (websocket)

[HugoTrick]

Hi! 👋

Firstly, thanks for your work on this project! 🙂

Today I used patch-package to patch passport-jwt@4.0.0 for the project I'm working on.

Passport-jwt extractor fromUrlQueryParameter don't handle handshake requests (websocket). Here how i fixed it !

Here is the diff that solved my problem:

diff --git a/node_modules/passport-jwt/lib/extract_jwt.js b/node_modules/passport-jwt/lib/extract_jwt.js
index 7f112ab..31b3fc7 100644
--- a/node_modules/passport-jwt/lib/extract_jwt.js
+++ b/node_modules/passport-jwt/lib/extract_jwt.js
@@ -39,10 +39,17 @@ extractors.fromBodyField = function (field_name) {

 extractors.fromUrlQueryParameter = function (param_name) {
     return function (request) {
-        var token = null,
-            parsed_url = url.parse(request.url, true);
-        if (parsed_url.query && Object.prototype.hasOwnProperty.call(parsed_url.query, param_name)) {
-            token = parsed_url.query[param_name];
+        if (request.handshake) {
+            var token = null;
+            if (request.handshake.query && request.handshake.query.token) {
+                token = request.handshake.query.token;
+            }
+        } else {
+            var token = null,
+                parsed_url = url.parse(request.url, true);
+            if (parsed_url.query && Object.prototype.hasOwnProperty.call(parsed_url.query, param_name)) {
+                token = parsed_url.query[param_name];
+            }
         }
         return token;
     };

This issue body was partially generated by patch-package.

[Outternet]

the library expects an http req object. the rewrite avoids these depencies by adding more validation. Again this could have been implemented with a custom extractor instead of a patch, please consult the documentation on how to do this.