1

Ok, so here is the scenario. I have the user log into my app with facebook. When this happens Passport saves it to the Session (req.user). This works all well and good when I am working in a page that has access to the request object, but I find myself in the situation where I don't have access to request, but I need to check the user object.

Case in point. I am using socket.io and when I am working with the sockets and the methods surrounding them, I don't have access to the request object and therefore I can't get user info.

I keep hearing that I need to stay away from globals whenever possible, but I can't see a way around it.

Thoughts?

Below is an example of me working with sockets. This module is called from my server.js file.

function loadSockets(io)
{
    var articleCommand = require('./middleware/ArticleCommand');

    io.sockets.on('connection', function (socket) {
        socket.on('getArticles', function(){
            if (NEED USER INFO HERE !== null){
                articleCommand.getArticlesByUser(NEED USER INFO HERE, function(error, articles){
                    io.sockets.emit('articlesRetrieved', error, articles);
                });
            }
        });
    });
}

exports.loadSockets = loadSockets;

Update

Ok, so based on the commenters advice I have installed this: https://github.com/aviddiviner/Socket.IO-sessions and applied it...but my session is always null in my sockets.

Here is what I have.

var socket = sio.enable({
    socket: io.listen(server, {'log level': 1, 'heartbeat': false}),   
    store:  mystore,                // this is my Redis store
    parser: express.cookieParser()
});

later on...when processing my sockets

socket.sockets.on('connection', function (socket, session) { ...

The session is always null...even though my passport has loaded up my session correctly.

Thoughts?

laggingreflex
  • 32,948
  • 35
  • 141
  • 196
David
  • 2,173
  • 3
  • 25
  • 36
  • http://stackoverflow.com/a/4755045/266795 You should also consider that taking something that is scoped to a session (the user) and making it a global doesn't magically solve your problem. Now you're app will get users crisscrossed across session and have catastrophic misbehavior (show the wrong data to the end user). – Peter Lyons Apr 25 '13 at 03:16
  • @PeterLyons Ok, I completely agree that I need to stay away from globals...but how do I do that? In the scenario I describe above, how do I get the user info? – David Apr 25 '13 at 03:59
  • Did you read the answer I linked to? You can get the session cookie from the socket.io request headers and use that to lookup up the corresponding session object and get access to the user that way. – Peter Lyons Apr 25 '13 at 04:29
  • @PeterLyons Yes, I did read that and followed the instructions...see my update. – David Apr 27 '13 at 20:00

1 Answers1

0

Ok, so for posterity's sake, here is what I did to fix this issue.

You can see from my update above that I tried to use the SocketIO-sessions module, but that didn't work.

After more research I found that I needed to make sure I got the passport session since that is what is doing my authentication.

I found this little gem: https://github.com/jfromaniello/passport.socketio

This worked like a charm. The only thing that took some figuring out is getting the key setup correctly (they assume you know how to do that in the example).

sio.set("authorization", passportSocketIo.authorize({
    key:    'MYKEY',       
    secret: 'SECRET',
    store:   mySessionStore
}));

Out of the box, your key is not set. To do that simply set it up with your app like so:

app.use(express.session({
    secret: "SECRET",
    store: mySessionStore,
    key: 'MYKEY',
    cookie: { secure: false, maxAge:86400000 }
}));

Hope this helps someone.

David

David
  • 2,173
  • 3
  • 25
  • 36