Feature request - callback for authentication

Question

Feature request - callback for authentication

Thomas-1985 opened this issue 2 years ago · comments

Thomas-1985 commented 2 years ago

Hi

I have embedded the ui in my app which features a role-based authentication (roles "user" and "admin"). As there are more then one user which should have the ability to connect to the ui, is there a callback or similar i can use for authentication?

I thought about connecting the ui to my userRole so that only users with userRole.admin can connect (if they authenticate correctly).

Best,
Thomas

Damien Arrachequesne · Answer 1 · Sat Jun 25 2022 05:07:20 GMT+0800 (China Standard Time)

Hi! I think you should be able to use a classic middleware:

io.of("/admin").use((socket, next) => {
  const userRole = fetchRole(socket);

  if (userRole.admin) {
    next();
  } else {
    next(new Error("forbidden"));
  }
});

Reference: https://socket.io/docs/v4/middlewares/

Thomas-1985 · Answer 2 · Sat Jun 25 2022 15:51:21 GMT+0800 (China Standard Time)

Ok an what do i have to do to the instrument method then? Currently what i use for initialization is

    instrument(this.socketServer, {
      auth: {
        type: "basic",
        username: "admin",
        password: "$2a$10...."
      },
      readonly: true,
      namespaceName: "/socketui"
    });

and then for the socket namespace for the ui

io.of("/socketui").use((socket, next) => {
  const userRole = fetchRole(socket);

  if (userRole.admin) {
    next();
  } else {
    next(new Error("forbidden"));
  }
});

Correct?

Damien Arrachequesne · Answer 3 · Sat Jun 25 2022 16:24:34 GMT+0800 (China Standard Time)

@Thomas-1985 yes, that should work. And if you don't want the user/password authentication, you can use auth: false:

instrument(this.socketServer, {
  auth: false,
  readonly: true,
  namespaceName: "/socketui"
});

Thomas-1985 · Answer 4 · Wed Jun 29 2022 02:44:07 GMT+0800 (China Standard Time)

Yes it works fine, thanks a lot! :)