search

techpines / express.io

Realtime Micro Framework for Nodejs
express-io.org
1.59k stars 235 forks source link

Suggest demo using passport.socketio #10

Open faceleg opened 11 years ago

faceleg commented 11 years ago

I was able to get express.io & passport working well together: 

var express = require('express.io'),
    config = require('express-config'),
    passport = require('passport');

var app = express();
app.http().io();

// Broadcast the new visitor event on ready route.
app.io.route('ready', function(req) {
    console.log(req.handshake.user);
});

var passportSocketIo = require("passport.socketio");
var sessionStore = new MongoStore({
    db: config.mongo.database
});

app.io.set('authorization', passportSocketIo.authorize({
    key:    'connect.sid',       //the cookie where express (or connect) stores its session id.
    secret: config.cookie_secret, //the session secret to parse the cookie
    store:   sessionStore,     //the session store that express uses
    fail: function(data, accept) {     // *optional* callbacks on success or fail
      accept(null, false);             // second param takes boolean on whether or not to allow handshake
    },
    success: function(data, accept) {
      accept(null, true);
    }
}));

app.use(express.cookieParser());
app.use(express.session({
    secret: config.cookie_secret,
    store: sessionStore
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(express.cookieParser());

The user object is extended onto the req.handshake object, which works well enough for me.

If I have time I'll fork & create working example, but until then I wanted to make it known that express.io + passport is easy!

jfromaniello commented 11 years ago

nice, few notes:

  1. In version 1.0.1 we dont longer need the key if it is the default
  2. the fail and success could be omitted here, since they are doing the default behavior.
  3. The object you pass to passportSocketIo could be the same than you pass to express.session, so:
var sessionConfig = {
    key:    'connect.sid',       //the cookie where express (or connect) stores its session id.
    secret: config.cookie_secret, //the session secret to parse the cookie
    store:   sessionStore
}

//...

app.io.set('authorization', passportSocketIo.authorize(sessionConfig));

//...
app.use(express.session(sessionConfig));
techpines commented 11 years ago

Sounds cool.

Give me a link to some code, and I'll put it up there.

johntom commented 11 years ago

Was this demo ever placed, I'm having issues using firebird sql in a similar setup and would love to see a working example. TIA John

littlehaker commented 11 years ago

It seems we cannot just use

app.io.set('authorization', passportSocketIo.authorize(sessionConfig));

Because this will overide the default authorization function of expree.io which provide session support. We shall call the origin authorization function in the success function of passport.socketio like below:

old_auth = app.io.get 'authorization'
app.io.set "authorization", passportSocketIo.authorize {
  passport: passport
  cookieParser: express.cookieParser
  key: config.session.key
  secret: config.session.secret
  store: config.session.store
  success: (data, accept) ->
    old_auth data, accept
}
johntom commented 11 years ago

Hi, Thanks for response, much appreciated but my code breaks on cookieParser: express.cookieParser and from console I get a 403 (Forbidden) http://localhost:8000/socket.io/1/?t=1372702235794 which displays a handshake unauthorized if i place http://localhost:8000/socket.io/1/?t=137270223594 in browser. The application is at on https://github.com/johntom/Angular-Passport-Auth-SIO as I've tried so many different things all without success. Please note before undertaking passport I did have a version working although not nealy as functional nor elegant. TIA John

littlehaker commented 11 years ago

Hi, John I don't know if this is the problem, but I didn't use express.cookieSession

app.use(express.cookieSession(
    {
        secret: process.env.COOKIE_SECRET || "Superdupersecret"
    }));

Instead, I use express.session

app.use(express.session({
  key: config.session.key,
  secret: config.session.secret,
  store: config.session.store
}));
johntom commented 11 years ago

Thanks, this has proven to be the problem. When in NYC first round on me!

John

From: Young [mailto:notifications@github.com] Sent: Monday, July 01, 2013 10:24 PM To: techpines/express.io Cc: John R. Tomaselli Subject: Re: [express.io] Suggest demo using passport.socketio (#10)

Hi, John I don't know if this is the problem, but I didn't use express.cookieSession

app.use(express.cookieSession( { secret: process.env.COOKIE_SECRET || "Superdupersecret" }));

Instead, I use express.session

app.use(express.session({ key: config.session.key, secret: config.session.secret, store: config.session.store }));

— Reply to this email directly or view it on GitHub https://github.com/techpines/express.io/issues/10#issuecomment-20322871 . https://github.com/notifications/beacon/j9yi2VKYyNfuAJMDa9D7nCix4KeYNGzPw4OUbswJxcoTZBhG7R2g86O2RUJv2nwv.gif

No virus found in this message. Checked by AVG - www.avg.com Version: 2013.0.3345 / Virus Database: 3204/6445 - Release Date: 06/27/13

JimtotheB commented 11 years ago

Isnt the user object already available to the socket in req.session.passport? Whats the difference between that and req.handshake.user?