Socket.io: how to set status code for socket io Authentication error

Created on 18 Dec 2014 · 11Comments · Source: socketio/socket.io

i use socket.io to Authentication.
if error, i throw next(new Error('Authentication error'));
but response status code is 200 not 403.
how to set it to 403?

thks.

Source

lonso

Most helpful comment

Not sure if anyone would see this, but I would love this feature. We are trying reject clients per certain authorization logic.

  socket.disconnect();
  next(new Error());

works for us, but the problem is it causes our reverse proxy that points to our websocket app to log a 502 because the disconnect just drops the connection. This is not a valid 502 and is causing false positives in the logs/monitoring. We'd like to return with a 400 or 401 to avoid this "false" 502 upstream from the node server. Thanks.

Right now FYI to get this it looks like i'm going to have to respond by intercepting all http requests that are bad with a 400 before we get to socket.io, which is messier then using this middleware.

purpleD17 on 21 Mar 2016

👍4

All 11 comments

There is no way to do that for now.
Why do you need that?

nkzawa on 23 Dec 2014

@nkzawa i want to auth on connection. if i response status code of 200,
the client will be not know which is wrong
so i need to response error status code

lonso on 24 Dec 2014

You can listen error event to know the socket is unauthorized instead of http status code. Isn't it enough for you?

// server
io.use(function(socket, next) {
  next(new Error('Authentication error'));
});

// client
socket.on('error', function(err) {
  console.log(err);
});

nkzawa on 24 Dec 2014

@nkzawa
I know this.
There is no way to set response status code ?

lonso on 24 Dec 2014

No, there is no way. And I think we can't support that because it may happen in websocket connection.
Could you explain why you have to know it as http status code?

nkzawa on 24 Dec 2014

Something like this. If someone client by 'Authentication error',I don't want it create connection, I want it can break out,so I don't want it create a connection and then listen error event and then destroy connection.

lonso on 24 Dec 2014

@lonso I'm pretty sure once your socket.io middleware rejects the authentication then the connection doesn't stay open. Are you finding that it does stay open?

yads on 24 Dec 2014

👍1

@lonso @yads as far as I tested, engine.io connection keeps open, but you can disconnect it too by disconnect method.

io.use(function(socket, next) {
  socket.disconnect();
  next(new Error());
});

nkzawa on 24 Dec 2014

👍3

@nkzawa ok,thks.

lonso on 25 Dec 2014

Not sure if anyone would see this, but I would love this feature. We are trying reject clients per certain authorization logic.

  socket.disconnect();
  next(new Error());

Right now FYI to get this it looks like i'm going to have to respond by intercepting all http requests that are bad with a 400 before we get to socket.io, which is messier then using this middleware.

purpleD17 on 21 Mar 2016

👍4

Bump.

@purpleD17 You could send a special termination message like next(new Error('authentication_failed')) and then do setTimeout(()=>{ socket.disconnect(true); }, 3000); to avoid packet overlap which might be causing your connections to drop.

On the client side, have your client disconnect as you get the error message. The reason you close the connection on the server as well is to guarantee that the connection does really get disconnected as soon as possible.