A ticket store designed to allow an application to use an express app to do auth for a socket.io app. compatible with Express 4
npm install scalper
authenticate- Function that checks if current request is authenticated. It is passed the request object, and should return the value that will be stored in the ticket. (default checksreq.user._idandreq.user.id)genTicket- Function that returns the ticket. (default uses thenode-uuidv4method)route- String that represents the GET route that will serve tickets. (default is '/socket-ticket')store- an instance of a ticket store. (default is a memory-store instance)
Note: The default memory store should not be used in production.
A store should expose a get and a set method.
set should take three arguments. A key, a value, and a callback. The store implementation should ensure the uniqueness of tickets
get should take two arguments. A key and a callback.
Important get should delete the ticket as soon as its retrieved, so that tickets can not be used twice.
Look at redis-ticket for an example implementation with mongodb.
There are many advantages for token based authentication when using websockets. Heroku docs have a nice article outlining some of the details of securing websockets. authO.com has a blog post that also goes over the details of token based auth with socket.io