将 Websocket 与 Passport 结合使用

Question

How do I access the passport login for the current session when someone opens a WebSocket connection?

I've found a nice project express-ws which seems to work beautifully

app.ws('/', function(ws, req) {
    ws.on('message', function(msg) {
        console.log('express-ws --- ', msg);
    });
    console.log('socket', req.user); //current user == req.user
});

But how would I go about getting this same information with a plain Websocket connection?

var WebSocketServer = require('ws').Server,
    wss = new WebSocketServer({ port: 3001 });

wss.on('connection', function(socket){
    //Where is the current user????
    console.log('connection');

    socket.on('message', function(message){
        console.log('message received', message);
    });
});

(this second connection does work just fine - but I can't for the life of me find any way to get the logged in info from Passport)

Answer 1

When you're creating your WS server, add a "verifyClient" parameter as follows to grab the session information:

  const wss = new (require('ws').Server)({
    server,
    verifyClient: (info, done) => {
      sessionParser(info.req, {}, () => {
        done(info.req.session)
      })
    }
  })

Where sessionParser is your express-session configured object. This then allows you to access it within the websocket via req.session . If you're using passport, you might want req.session.passport.user ..

Answer 2

Instead of using req.session.passport.user to access authenticated user id, one can use ws.upgradeReq.session.passport.user .

app.ws('/', function(ws, req) {
    ws.on('message', function(msg) {
        console.log('express-ws --- ', msg);
    });
    console.log(ws.upgradeReq.session.passport.user);
    /* keys can be found like
    for(var key in ws.upgradeReq.session.passport){
        console.log(key);
    }
    */
});

Answer 3

Maybe not the best solution, but we can drop the WS connection with the following code:

const wss = new webSocket.Server({ server, port: 9999})

wss.on('connection', (ws, req) => {

  // get token from url:  ..url..?token=your_JWT_TOKEN
  const params = require('url').parse(req.url, true).query
  const { token } = params

  // add token to headers (could be done on frontend)
  req.headers.authorization = `Bearer ${token}`

  // look for the user with token
  passport.authenticate(
    'jwt',
    {
      session: false
    },
    (err, user, info) => {
      // If no user close websocket
      if (!user) {
        console.log('Websocket disconnected due to invalid token')
        ws.close()
      }
    }
  )(req)