Comments (4)
Here's how I did it! First off, thanks so much to @vvo for making a low level library so that we can parse the cookie data.
import ironStore from "iron-store";
...
onConnect: async (cnxnParams, webSocket, cnxnContext) => {
// name of the cookie you used for ironSession
let { userAuth } = cookie.parse(
webSocket.upgradeReq.headers.cookie || ""
);
const store = await ironStore({
// same password from your ironSession
password: process.env.SECRET_COOKIE_PASSWORD as string,
sealed: userAuth,
});
// get the data the same way you are used to
const user = store.get("user");
return {
user,
};
},
Essentially, i send cookies with the websocket upgrade request. When the websocket starts a connection, I can parse out the cookie and manually initialize it.
from iron-session.
Here's how I did it! First off, thanks so much to @vvo for making a low level library so that we can parse the cookie data.
import ironStore from "iron-store"; ... onConnect: async (cnxnParams, webSocket, cnxnContext) => { // name of the cookie you used for ironSession let { userAuth } = cookie.parse( webSocket.upgradeReq.headers.cookie || "" ); const store = await ironStore({ // same password from your ironSession password: process.env.SECRET_COOKIE_PASSWORD as string, sealed: userAuth, }); // get the data the same way you are used to const user = store.get("user"); return { user, }; },Essentially, i send cookies with the websocket upgrade request. When the websocket starts a connection, I can parse out the cookie and manually initialize it.
I'm getting an error when I try it with iron-store
. I have checked if the cookie is there and indeed thats the case. But somehow my store is throwing an error.
Error: Bad hmac value at Object.exports.unseal (/workspace/api/node_modules/@hapi/iron/lib/index.js:311:15)
I am using the same password like in the ironSession
and passing the cookie value as sealed.
Has someone experienced the same and may know a solution for this?
EDIT: I have just found the unsealData(seal, options)
function in the new rewrite which has resolved the session with the underlying data.
import { unsealData } from 'iron-session';
...
onConnect: async (cnxnParams, webSocket, cnxnContext) => {
// name of the cookie you used for ironSession
let { userAuth } = cookie.parse(
webSocket.upgradeReq.headers.cookie || ""
);
// first pass the sealed cookie and the options you have provided to your `ironSession`
const unsealed = await unsealData(userAuth, {
// same password from your ironSession
password: process.env.SECRET_COOKIE_PASSWORD as string,
// you can take a look on the IronSessionOptions interface for more (cookieOptions, ttl, cookieName)
});
// unselead is an object and data can be accessed like that
const user = unsealed.user;
return {
user,
};
},
from iron-session.
I did not reply but truth to be told: I have no idea how to handle cookie auth in a websocket.
Maybe those pages can help: https://coletiv.com/blog/using-websockets-with-cookie-based-authentication/.
from iron-session.
@zackify Would you be so kind and add a small section to the README on how to authenticate other parts of your application using iron-store? Thanks! Actually, any token generated by next-iron-session can be decoded with https://github.com/hapijs/iron (and its ports: https://github.com/hapijs/iron/issues?q=label%3Aport+is%3Aclosed+sort%3Aupdated-desc)
from iron-session.
Related Issues (20)
- Package causing multiple response problem HOT 1
- v8 beta release, last tasks and discussions HOT 6
- session object empty on Apollo Server API Route
- Can i use iron-session with pages routes ? HOT 1
- Implementing iron-session with TRPC HOT 9
- Session cookie not created when static web app is sitting behind azure front door due to domain mismatch HOT 3
- Static maxAge
- v8 - Attaching session to request HOT 1
- Make properties in T for IronSession<T> optional (union with undefined)
- v6 and Next 13 pages middleware HOT 7
- Migration away from `withIronSessionApiRoute` HOT 3
- await session.save() fails to set cookie if cookies.set() is used after HOT 2
- session returned from `getIronSessionFromCookieStore` does not implement full interface HOT 1
- outdated dependency @types/cookie causes type mismatch HOT 1
- why getIronSession not work in middleware like in example (App router + client components, route handlers, and SWR) HOT 3
- Support the `partitioned` attribute in cookie settings HOT 1
- Discrepancy in documentation of password rotation. HOT 5
- Next.js middleware token rotation issue HOT 3
- Unable to create a session cookie HOT 3
- How to access stored sessions of my users?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from iron-session.