How to get authenticated user details in socket.io with passport.js ? Why user is undefined in socket.request.user ?

[rigan-dev]

My goal is to access the authenticated user details, who are connected with the socket server. I am using passport.js for authentication. and using google strategy. and using express-session for managing sessions. I used socket middleware to merge passport.js and socket.io sessions. by doing this I can get the session id when any user establishes a connection with the socket server. but the problem is when I am trying to access user details I am getting user is undefined. But I am getting user details through the rest APIs in the HTTP request from the browser.
I am using the latest version of socket.io and passport.js

const app = require("express")();
const server = require("http").createServer(app);
const port = process.env.PORT || 5000;
const cors = require("cors");
const session = require("express-session");
const mongoose = require("mongoose");
const MongoStore = require("connect-mongo");
const bodyParser = require("body-parser");
const passport = require("passport");

require("dotenv").config();
require("./Auth/PassportSetup");

//Database Connection
mongoose
  .connect(process.env.DATABASE)
  .then(console.log("Database is connected with server 👌"))
  .catch((error) => {
    console.log(error);
  });

// Cors
app.use(cors({ origin: "http://localhost:3000", credentials: true }));

const sessionMiddleware = session({
  secret: "changeit",
  resave: false,
  saveUninitialized: false,
  store: MongoStore.create({
    mongoUrl: process.env.DATABASE,
  }),
});
app.use(sessionMiddleware);
app.use(bodyParser.urlencoded({ extended: false }));
app.use(passport.initialize());
app.use(passport.session());

// Routes
const AuthRoute = require("./Routes/AuthRoute");
app.use(AuthRoute);

const io = require("socket.io")(server, {
  cors: { origin: "http://localhost:3000" },
});

// convert a connect middleware to a Socket.IO middleware
const wrap = (middleware) => (socket, next) =>
  middleware(socket.request, {}, next);

io.use(wrap(sessionMiddleware));
io.use(wrap(passport.initialize()));
io.use(wrap(passport.session()));

io.use((socket, next) => {
  if (socket.request.user) {
    next();
  } else {
    next(new Error("unauthorized"));
  }
});

io.on("connect", (socket) => {
  console.log(`new connection ${socket.id}`);
  // User is undefined
  console.log(socket.request.user);
  socket.on("whoami", (cb) => {
    cb(socket.request.user ? socket.request.user.username : "");
  });

  const session = socket.request.session;
//if I remove socket middleware then I can access socket. id and session id from here.
  console.log(`saving sid ${socket.id} in session ${session.id}`);
  session.socketId = socket.id;
  session.save();
});

server.listen(port, () => {
  console.log(`application is running at: http://localhost:${port}`);
});

[darrachequesne]

Hi! Did you set withCredentials to true on the client-side, in order to include the cookies in the cross-site requests?

import { io } from "socket.io-client";

const socket = io("https://my-backend.com", {
  withCredentials: true
});

Reference: https://socket.io/docs/v4/client-options/#withcredentials

You can also check:

• https://github.com/socketio/socket.io/tree/main/examples/passport-example
• https://socket.io/how-to/use-with-express-session

[TheSamDickey]

This is a life saver! Thank you so much!

[MOUTAIROU]

thank you @darrachequesne is working

[Kvngstar]

please is there any documentation which can help me achieve that using jwt BEARER tokens instead of express-sessions? i need help.

[darrachequesne]

@Kvngstar please check our guide: https://socket.io/how-to/use-with-jwt

[Kvngstar]

Thanks so much for the article

…

On Tue, 11 Jun 2024, 11:28 am Damien Arrachequesne, < ***@***.***> wrote: @Kvngstar <https://github.com/Kvngstar> please check our guide: https://socket.io/how-to/use-with-jwt — Reply to this email directly, view it on GitHub <#4470 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AV6QD5LVEINTFNTNYRPZCRDZG3GNJAVCNFSM6AAAAAAQNSVGAGVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4TOMZXGQ4DI> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[Kvngstar]

Thanks alot, this is exactly what i needed

…

On Tue, Jun 11, 2024 at 11:28 AM Damien Arrachequesne < ***@***.***> wrote: @Kvngstar <https://github.com/Kvngstar> please check our guide: https://socket.io/how-to/use-with-jwt — Reply to this email directly, view it on GitHub <#4470 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AV6QD5LVEINTFNTNYRPZCRDZG3GNJAVCNFSM6AAAAAAQNSVGAGVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4TOMZXGQ4DI> . You are receiving this because you were mentioned.Message ID: ***@***.***>