Authorizing another socket's session



  • Hi all, i'm currently developing a plugin and i need to authorize another session from an express route i setup for a callback an externall app calls. From the call i'm getting i'm doing this:

    			let fakeReq = {
    				sessionID: sessionId,
    				ip: sock.remoteAddress,
    				useragent: useragent.parse(sock.request.headers['user-agent']),
    				session: {}
    			}
    			authenticationController.onSuccessfulLogin(fakeReq, data.uid, 
                                function (err) {
    				if (err) {
    					console.log('ERROR', err)
    				} else {
    					console.log('YAY')
    				}
    			    })
    

    Now, i'm getting the ["checkSession", 2] message on the remote websocket and a YAY on my dev console, but NodeBB goes nuclear into it giving a message about session not matching and reloading the page.

    What should i do to "fake" the login in this case?

    EDIT: The sock gets identified by the app callback and i extract it from the server eio client list.


  • Global Moderator

    What is the purpose of doing this? Maybe there's a better way.



  • Trustless login.

    Basically, using an app that sends a pubkey signed message to NodeBB out of band.


  • Global Moderator

    Have you looked into how nodebb-plugin-session-sharing works?



  • Will check, thanks for the pointer



  • It seems require('socket.io').reqFromSocket(socket) doesn't returns a valid req for AuthController.doLogin.... i want to authenticate via websocket but maybe i will have to do it the old POST way, am i correct?


 

| |