update socket auth middlewareto use httpOnly cookie from header

huytran17 · May 28, 2024 · 382ae07 · 382ae07
1 parent 1bb5ec3
commit 382ae07
Showing 1 changed file with 9 additions and 12 deletions.
diff --git a/core/server/src/config/socket.io/middlewares/verify-client.ts b/core/server/src/config/socket.io/middlewares/verify-client.ts
@@ -1,24 +1,21 @@
-import { NextFunction, Request, Response } from "express";
+import { NextFunction } from "express";
+import { Socket } from "socket.io";
 import { VerifyAccessToken } from "../../accessTokenManager/verify-access-token";
 
 export default function makeVerifyClient({
   verifyAccessToken,
 }: {
   verifyAccessToken: VerifyAccessToken;
 }) {
-  return async function verifyClient(
-    req: Request & { _query: { sid: string | undefined } },
-    res: Response,
-    next: NextFunction
-  ) {
+  return async function verifyClient(socket: Socket, next: NextFunction) {
     try {
-      const isHandshake = req._query.sid === undefined;
-      if (!isHandshake) {
-        return next();
-      }
+      const cookies = socket.handshake?.headers?.cookie?.split(";") || [];
+      const access_token = cookies
+        .filter((cookie) => cookie.includes("access_token"))
+        ?.join()
+        ?.replace("access_token=", "");
 
-      const access_token = req.cookies?.access_token;
-      verifyAccessToken(access_token);
+      verifyAccessToken(access_token.trim());
 
       next();
     } catch (error) {