Add client authentication

Author: Ray6602

.env

@@ -1,2 +1,2 @@
 APP_VERSION=dev-local
-AUTH_PROVIDERS=credentials,keycloak,livekit
+APP_SECRET=789123678912345789678912345145623456

middleware/auth.js

@@ -1,21 +1,47 @@
 import "dotenv/config";
+import jwt from 'jsonwebtoken';
 
-export function authMiddleware(socket, next) {
-    const token = socket.handshake.query.appToken;
-    const provider = socket.handshake.query.provider;
+export function auth(backendToken) {
+    console.log("Backend Token", backendToken);
 
-    if (!token || !provider) {
-        // return next(new Error("Unauthorized"));
+    if (!backendToken) {
+        return false;
     }
 
-    if ("credentials" === provider) {
-        return next();
-    } else if ("keycloak" === provider) {
-        return next();
-    } else if ("livekit" === provider) {
-        return next();
+    try {
+        const data = jwt.verify(backendToken, process.env.APP_SECRET);
+        console.log("Auth data", data);
+        return data;
+    } catch (err) {
+        console.log(err);
+        return false;
     }
 
-    return next();
-    // next(new Error("Unauthorized"));
+    return true;
+
+    // if ("credentials" === provider) {
+    //     return true;
+    // } else if ("keycloak" === provider) {
+    //     return true;
+    // } else if ("livekit" === provider) {
+    //     return true;
+    // }
+    //
+    // return false;
+}
+
+export function httpAuthMiddleware(req, res, next) {
+    if (!auth(req.query.backendToken)) {
+        return res.status(401).json({ error: "Unauthorized" });
+    }
+    next();
+}
+
+export function socketAuthMiddleware(socket, next) {
+    const userData = auth(socket.handshake.query.backendToken);
+    if (!userData) {
+        return next(new Error("Unauthorized"));
+    }
+    socket.user = userData;
+    next();
 }

package-lock.json

@@ -21,6 +21,7 @@
     "cors": "^2.8.5",
     "dotenv": "^16.4.7",
     "express": "^4.18.2",
+    "jsonwebtoken": "^9.0.2",
     "socket.io": "^4.8.1"
   },
   "devDependencies": {

package.json

@@ -6,7 +6,7 @@ import fs from "fs/promises";
 import { Server } from "socket.io";
 import cors from "cors";
 import "dotenv/config";
-import { authMiddleware } from "./middleware/auth.js";
+import { httpAuthMiddleware, socketAuthMiddleware } from './middleware/auth.js';
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
@@ -39,6 +39,8 @@ app.get("/health/check", async (req, res) => {
     res.json('OK');
 });
 
+app.use(httpAuthMiddleware);
+
 app.get("/download/:docId", async (req, res) => {
     const { docId } = req.params;
     const filePath = join(__dirname, UPLOAD_DIR, `${docId}.bin`);
@@ -102,16 +104,16 @@ function handleJoin(socket, docId) {
     console.log(`Client ${socket.id} joined channel ${docId}`);
 }
 
-io.use(authMiddleware);
+io.use(socketAuthMiddleware);
 
 io.on("connection", (socket) => {
     console.log(`Client ${socket.id} connected!`);
     const channelName = socket.handshake.query.channel ?? "default";
     if (!channels.has(channelName)) {
-        channels.set(channelName, { subscribers: new Set(), publishers: new Map(), docIds: new Set() });
+        channels.set(channelName, { subscribers: new Map(), publishers: new Map(), docIds: new Set() });
     }
     const channel = channels.get(channelName);
-    channel.subscribers.add(socket.id);
+    channel.subscribers.set(socket.id, socket.user);
 
     if (channel.docIds.size > 0) {
         for (const docId of channel.docIds) handleJoin(socket, docId);