docs: only execute the passport middleware once

Before this change, the session and user context were retrieved once per HTTP request and not once per session.
2026-01-09 06:58:02 -05:00 · 2024-01-13 17:56:17 +01:00
parent 914a8bd2b9
commit 0bbe8aec77
4 changed files with 80 additions and 19 deletions
--- a/examples/passport-example/README.md
+++ b/examples/passport-example/README.md
@@ -14,3 +14,33 @@ $ npm ci && npm start
 ```

 And point your browser to `http://localhost:3000`. Optionally, specify a port by supplying the `PORT` env variable.
+
+## How it works
+
+The Socket.IO server retrieves the user context from the session:
+
+```js
+function onlyForHandshake(middleware) {
+  return (req, res, next) => {
+    const isHandshake = req._query.sid === undefined;
+    if (isHandshake) {
+      middleware(req, res, next);
+    } else {
+      next();
+    }
+  };
+}
+
+io.engine.use(onlyForHandshake(sessionMiddleware));
+io.engine.use(onlyForHandshake(passport.session()));
+io.engine.use(
+  onlyForHandshake((req, res, next) => {
+    if (req.user) {
+      next();
+    } else {
+      res.writeHead(401);
+      res.end();
+    }
+  }),
+);
+```
--- a/examples/passport-example/cjs/index.js
+++ b/examples/passport-example/cjs/index.js
@@ -20,7 +20,6 @@ const sessionMiddleware = session({

 app.use(sessionMiddleware);
 app.use(bodyParser.urlencoded({ extended: false }));
-app.use(passport.initialize());
 app.use(passport.session());

 app.get("/", (req, res) => {
@@ -78,19 +77,28 @@ passport.deserializeUser((user, cb) => {

 const io = new Server(httpServer);

-io.engine.use(sessionMiddleware);
-io.engine.use(passport.initialize());
-io.engine.use(passport.session());
+function onlyForHandshake(middleware) {
+  return (req, res, next) => {
+    const isHandshake = req._query.sid === undefined;
+    if (isHandshake) {
+      middleware(req, res, next);
+    } else {
+      next();
+    }
+  };
+}

+io.engine.use(onlyForHandshake(sessionMiddleware));
+io.engine.use(onlyForHandshake(passport.session()));
 io.engine.use(
-  (req, res, next) => {
+  onlyForHandshake((req, res, next) => {
    if (req.user) {
      next();
    } else {
      res.writeHead(401);
      res.end();
    }
-  },
+  }),
 );

 io.on("connection", (socket) => {
--- a/examples/passport-example/esm/index.js
+++ b/examples/passport-example/esm/index.js
@@ -21,7 +21,6 @@ const sessionMiddleware = session({

 app.use(sessionMiddleware);
 app.use(bodyParser.urlencoded({ extended: false }));
-app.use(passport.initialize());
 app.use(passport.session());

 const __dirname = dirname(fileURLToPath(import.meta.url));
@@ -81,19 +80,28 @@ passport.deserializeUser((user, cb) => {

 const io = new Server(httpServer);

-io.engine.use(sessionMiddleware);
-io.engine.use(passport.initialize());
-io.engine.use(passport.session());
+function onlyForHandshake(middleware) {
+  return (req, res, next) => {
+    const isHandshake = req._query.sid === undefined;
+    if (isHandshake) {
+      middleware(req, res, next);
+    } else {
+      next();
+    }
+  };
+}

+io.engine.use(onlyForHandshake(sessionMiddleware));
+io.engine.use(onlyForHandshake(passport.session()));
 io.engine.use(
-  (req, res, next) => {
+  onlyForHandshake((req, res, next) => {
    if (req.user) {
      next();
    } else {
      res.writeHead(401);
      res.end();
    }
-  },
+  }),
 );

 io.on("connection", (socket) => {
--- a/examples/passport-example/ts/index.ts
+++ b/examples/passport-example/ts/index.ts
@@ -1,8 +1,8 @@
 import express = require("express");
-import { createServer, ServerResponse } from "http";
+import { createServer } from "http";
 import { Server } from "socket.io";
 import session from "express-session";
-import { type Request } from "express";
+import { type Request, type Response } from "express";
 import bodyParser = require("body-parser");
 import passport = require("passport");
 import { Strategy as LocalStrategy } from "passport-local";
@@ -91,19 +91,34 @@ passport.deserializeUser((user: Express.User, cb) => {

 const io = new Server(httpServer);

-io.engine.use(sessionMiddleware);
-io.engine.use(passport.initialize());
-io.engine.use(passport.session());
+function onlyForHandshake(
+  middleware: (req: Request, res: Response, next: any) => void,
+) {
+  return (
+    req: Request & { _query: Record<string, string> },
+    res: Response,
+    next: (err?: Error) => void,
+  ) => {
+    const isHandshake = req._query.sid === undefined;
+    if (isHandshake) {
+      middleware(req, res, next);
+    } else {
+      next();
+    }
+  };
+}

+io.engine.use(onlyForHandshake(sessionMiddleware));
+io.engine.use(onlyForHandshake(passport.session()));
 io.engine.use(
-  (req: { user: Express.User }, res: ServerResponse, next: Function) => {
+  onlyForHandshake((req, res, next) => {
    if (req.user) {
      next();
    } else {
      res.writeHead(401);
      res.end();
    }
-  },
+  }),
 );

 io.on("connection", (socket) => {