'How to get passport authenticated user through socket.io in nodejs
I'm using passport to authenticate users on nodejs togheter with express-session. I'm using Firebase realtime database to retrieve information on users after they logged in through passport and see their permissions levels.
Now the problem is that i'm using socket.io for some functionalities and i can't retrieve the req.user doing such action to see if it has the right permissions.
From some other questions online i understood that a possibility is to store the express-session on my own db and in the connection event of the socket retrieve the handshake cookie and check it on the db. However there is not enough documentation on how to do it with custom dbs like firebase one.
Is there a way to implement this storing? or a better best practice to be more safe?
import express from "express";
import dotenv from "dotenv";
import session from 'express-session';
import passport from 'passport';
import {createServer} from 'http';
import {Server} from "socket.io";
import {database} from "./config/firebaseConf.js";
import {ref, set, runTransaction, get } from "firebase/database";
var app = express();
const httpServer = createServer(app);
const io = new Server(httpServer, { cors: { origin: '*' } });
//Load env
dotenv.config({ path: "./config/config.env" });
app.use(session({ secret: process.env.PASSPORT_SECRET, resave: false, saveUninitialized: true }));
app.use(passport.initialize());
app.use(passport.session());
const port = process.env.PORT || 8081;
httpServer.listen(port, () => console.log(`Listening on port ${port}...`));
//socket
io.on("connection", (socket) => {
console.log("Made socket connection");
console.log(socket.request);
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|