Authorizer installed in a hackish manner?

[martindederer]

Why is the authorizer installed by setting the authenticate, authorizeSubscribe and authorizePublish properties on the server instance? This feels kind of hackish to me. Why not inject an authorizer object as part of the settings object that is provided to the "Server" constructor function?

Do you accept PRs for this?

[mcollina]

Assigning properties for things is common throughout the Node.js API, e.g. streams. I would not classify them as hackish.

Send a PR with unit tests if you want to change them. However, most of the active development has been moved to https://github.com/mcollina/aedes, which has the behavior you would like to have.

[martindederer]

Thanks for the pointer. Is aedes the designated successor of mosca?

[mcollina]

Yes

[martindederer]

Ok, then please disregard my initial comment. I will use aedes then. :smile:

Thanks for the effort you put into this. I greatly appreciate it. :+1: