Authorizing another socket's session

  • Hi all, i'm currently developing a plugin and i need to authorize another session from an express route i setup for a callback an externall app calls. From the call i'm getting i'm doing this:

    			let fakeReq = {
    				sessionID: sessionId,
    				ip: sock.remoteAddress,
    				useragent: useragent.parse(sock.request.headers['user-agent']),
    				session: {}
    			authenticationController.onSuccessfulLogin(fakeReq, data.uid, 
                                function (err) {
    				if (err) {
    					console.log('ERROR', err)
    				} else {

    Now, i'm getting the ["checkSession", 2] message on the remote websocket and a YAY on my dev console, but NodeBB goes nuclear into it giving a message about session not matching and reloading the page.

    What should i do to "fake" the login in this case?

    EDIT: The sock gets identified by the app callback and i extract it from the server eio client list.

  • Global Moderator

    What is the purpose of doing this? Maybe there's a better way.

  • Trustless login.

    Basically, using an app that sends a pubkey signed message to NodeBB out of band.

  • Global Moderator

    Have you looked into how nodebb-plugin-session-sharing works?

  • Will check, thanks for the pointer

  • It seems require('').reqFromSocket(socket) doesn't returns a valid req for AuthController.doLogin.... i want to authenticate via websocket but maybe i will have to do it the old POST way, am i correct?



Looks like your connection to NodeBB was lost, please wait while we try to reconnect.