socketio-jwt - npm Package Compare versions

Comparing version 4.4.1 to 4.5.0

example/socketsio-auth0-sample/index.js

@@ -14,2 +14,3 @@ var express = require('express');
 };
+var port = process.env.PORT || 3001;
 
@@ -38,4 +39,5 @@ app.set('views', __dirname + '/views');
 
-http.listen(3001, function(){
-	console.log('listening on *:3001');
+http.listen(port, function(){
+  console.log('listening on *:' + port);
 });
+

example/socketsio-auth0-sample/package.json

 {
-  "name": "socket-Auth0-chat-example",
+  "name": "socket-auth0-chat-example",
   "version": "1.0.0",
   "description": "Auth0 + Socket.io seed",
-  "repository": "git://github.com/auth0/socketio-jwt",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/auth0/socketio-jwt.git"
+  },
   "author": "Auth0",
@@ -13,4 +16,14 @@ "license": "MIT",
     "socket.io": "^1.4.6",
-    "socketio-jwt": "^4.3.3"
+    "socketio-jwt": "^4.3.4"
+  },
+  "bugs": {
+    "url": "https://github.com/auth0/socketio-jwt/issues"
+  },
+  "homepage": "https://github.com/auth0/socketio-jwt#readme",
+  "devDependencies": {},
+  "scripts": {
+    "start": "node index.js",
+    "test": "echo \"Error: no test specified\" && exit 1"
   }
+
 }

lib/index.js

@@ -37,3 +37,19 @@ var xtend = require('xtend');
             });
+            var callback_timeout;
+            // If callback explicitely set to false, start timeout to disconnect socket 
+            if (options.callback === false || typeof options.callback === "number") {
+              if (typeof options.callback === "number") {
+                if (options.callback < 0) {
+                  // If callback is negative(invalid value), make it positive
+                  options.callback = Math.abs(options.callback);
+                }
+              }
+              callback_timeout = setTimeout(function () {
+                socket.disconnect('unauthorized');
+              }, (options.callback === false ? 0 : options.callback));
+            }
             socket.emit('unauthorized', error, function() {
+              if (typeof options.callback === "number") {
+                clearTimeout(callback_timeout);
+              }
               socket.disconnect('unauthorized');
@@ -40,0 +56,0 @@ });

package.json

 {
   "name": "socketio-jwt",
-  "version": "4.4.1",
+  "version": "4.5.0",
   "description": "authenticate socket.io connections using JWTs",
@@ -5,0 +5,0 @@ "main": "lib/index.js",

README.md

@@ -105,2 +105,67 @@ [![Build Status](https://travis-ci.org/auth0/socketio-jwt.svg)](https://travis-ci.org/auth0/socketio-jwt)
 ```
+
+## Handling invalid token
+
+Token sent by client is invalid.
+
+__Server side__:
+
+No further configuration needed.
+
+__Client side__:
+
+Add a callback client-side to execute socket disconnect server-side.
+
+```javascript
+socket.on("unauthorized", function(error, callback) {
+  if (error.data.type == "UnauthorizedError" || error.data.code == "invalid_token") {
+    // redirect user to login page perhaps or execute callback:
+    callback();
+    console.log("User's token has expired");
+  }
+});
+```
+
+__Server side__:
+
+To disconnect socket server-side without client-side callback:
+
+```javascript
+io.sockets.on('connection', socketioJwt.authorize({
+  secret: 'secret goes here',
+  // No client-side callback, terminate connection server-side
+  callback: false 
+}))
+```
+
+__Client side__:
+
+Nothing needs to be changed client-side if callback is false.
+
+__Server side__:
+
+To disconnect socket server-side while giving client-side 15 seconds to execute callback:
+
+```javascript
+io.sockets.on('connection', socketioJwt.authorize({
+  secret: 'secret goes here',
+  // Delay server-side socket disconnect to wait for client-side callback
+  callback: 15000 
+}))
+```
+
+Your client-side code should handle it as below.
+
+__Client side__:
+
+```javascript
+socket.on("unauthorized", function(error, callback) {
+  if (error.data.type == "UnauthorizedError" || error.data.code == "invalid_token") {
+    // redirect user to login page perhaps or execute callback:
+    callback();
+    console.log("User's token has expired");
+  }
+});
+```
+
 ## Getting the secret dynamically
@@ -107,0 +172,0 @@ You can pass a function instead of an string when configuring secret.

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

38789

increased by8.19%

Lines of code

706

increased by2.47%

Number of lines in readme file

216

increased by43.05%

Worsened metrics

Number of low supply chain risk alerts

4

increased by33.33%

No dependency changes