Using Passport.SocketIO cookie parser error

StackOverflow https://stackoverflow.com/questions/23302542

Question

I am using the following:

"dependencies": {
    "express": "^4.0.0",
    "socket.io": "0.9.16",
    "mongoose": "^3.8.8",
    "passport": "^0.2.0",
    "passport-local": "^1.0.0",
    "express-session": "^1.0.3",
    "cookie-parser": "^1.0.1",
    "body-parser": "^1.0.2",
    "session-mongoose": "git://github.com/danpe/session-mongoose.git#master",
    "passport.socketio": "^3.0.1"
  }

Setting my socket.io authorization:

io.set("authorization", passportSocketIo.authorize({
    passport : passport,
    cookieParser: cookieParser(),
    key:    settings.sessionKey,  //the cookie where express (or connect) stores its session id.
    secret: settings.sessionSecret,       //the session secret to parse the cookie
    store:  sessionStore,  //the session store that express uses
    fail: function(data, accept) {
        console.log("failed");
        // console.log(data);// *optional* callbacks on success or fail
        accept(null, false);             // second param takes boolean on whether or not to allow handshake
    },
    success: function(data, accept) {
        console.log("success socket.io auth");
        // console.log(data);
        accept(null, true);
    }
}));

When I'm trying to connect with my client:

var socket = io.connect('http://127.0.0.1:3000/');
socket.on('connect', function () {
    // socket connected
    console.log("Socket Connected!");
});

Server crashes with the following:

S:\Server\node_modules\cookie-parser\index.js:27
    var cookies = req.headers.cookie;
                             ^
TypeError: Cannot read property 'cookie' of undefined 
    at Object.cookieParser(S:\Server\node_modules\cookie-parser\index.js:27:30)
    at parseCookie (S:\Server\node_modules\passport.socketio\lib\index.js:4:27)
    at Manager.<anonymous> (S:\Server\node_modules\passport.socketio\lib\index.js:37:19)
    at Manager.authorize (S:\Server\node_modules\socket.io\lib\manager.js:910:31)
    at Manager.handleHandshake (S:\Server\node_modules\socket.io\lib\manager.js:786:8)
    at Manager.handleRequest (S:\Server\node_modules\socket.io\lib\manager.js:593:12)
    at Server.<anonymous> (S:\Server\node_modules\socket.io\lib\manager.js:119:10)
    at Server.EventEmitter.emit (events.js:98:17)
    at HTTPParser.parser.onIncoming (http.js:2108:12)
    at HTTPParser.parserOnHeadersComplete [as onHeadersComplete] (http.js:121:23)

Any ideas how this can happen ?

Was it helpful?

Solution

It was a stupid mistake, I should pass the cookieParser as a library instead of a instantiated object:

var cookieParser= require('cookie-parser');

io.set("authorization", passportSocketIo.authorize({
    passport : passport,
    cookieParser: cookieParser,
    key:    settings.sessionKey,  //the cookie where express (or connect) stores its session id.
    secret: settings.sessionSecret,       //the session secret to parse the cookie
    store:  sessionStore,  //the session store that express uses
    fail: function(data, accept) {
        console.log("failed");
        // console.log(data);// *optional* callbacks on success or fail
        accept(null, false);             // second param takes boolean on whether or not to allow handshake
    },
    success: function(data, accept) {
        console.log("success socket.io auth");
        // console.log(data);
        accept(null, true);
    }
}));

OTHER TIPS

Hi I got the same problem.

It's quite logic because you are passing a socket instead of a request to the cookie parser. Just pass socket.request to the cookie parser and it should be fixed.

Solution can be found here: https://github.com/expressjs/cookie-parser/issues/3#issuecomment-41443866

var cookieParser = require('cookie-parser')(SESSION_SECRET);    

// ### Cookie parser

// Wrapper arround Express cookie parser, so we can use the same cookie parser for socket.io.
// Parse Cookie header and populate `socket.request.cookies` with an object keyed by the cookie names.
// Uses signed cookies by passing a secret string, which assigns `socket.request.secret` so it may be used by other middleware.

function cookieParserWrapper (socket, next) {
  // request, response and callback
  cookieParser(socket.request, {}, next);
}

Edit:

Found an interesting module socket.io-bundle: https://github.com/nkzawa/socket.io-bundle/blob/master/lib/cookieParser.js

Besides a cookie-parser wrapper it also has a wrapper for the express-session and csurf module.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top