Authorizing another socket's session

chiguireitor

Hi all, i'm currently developing a plugin and i need to authorize another session from an express route i setup for a callback an externall app calls. From the call i'm getting i'm doing this:

			let fakeReq = {
				sessionID: sessionId,
				ip: sock.remoteAddress,
				useragent: useragent.parse(sock.request.headers['user-agent']),
				session: {}
			}
			authenticationController.onSuccessfulLogin(fakeReq, data.uid, 
                            function (err) {
				if (err) {
					console.log('ERROR', err)
				} else {
					console.log('YAY')
				}
			    })

Now, i'm getting the ["checkSession", 2] message on the remote websocket and a YAY on my dev console, but NodeBB goes nuclear into it giving a message about session not matching and reloading the page.

What should i do to "fake" the login in this case?

EDIT: The sock gets identified by the app callback and i extract it from the server eio client list.

PitaJ

What is the purpose of doing this? Maybe there's a better way.

chiguireitor

Trustless login.

Basically, using an app that sends a pubkey signed message to NodeBB out of band.

PitaJ

Have you looked into how nodebb-plugin-session-sharing works?

chiguireitor

Will check, thanks for the pointer

chiguireitor

It seems require('socket.io').reqFromSocket(socket) doesn't returns a valid req for AuthController.doLogin.... i want to authenticate via websocket but maybe i will have to do it the old POST way, am i correct?