const express = require("express"); const { createServer } = require("node:http"); const { join } = require("node:path"); const passport = require("passport"); const passportJwt = require("passport-jwt"); const JwtStrategy = passportJwt.Strategy; const ExtractJwt = passportJwt.ExtractJwt; const bodyParser = require("body-parser"); const { Server } = require("socket.io"); const jwt = require("jsonwebtoken"); const port = process.env.PORT || 3000; const jwtSecret = "Mys3cr3t"; const app = express(); const httpServer = createServer(app); app.use(bodyParser.json()); app.get("/", (req, res) => { res.sendFile(join(__dirname, "index.html")); }); app.get( "/self", passport.authenticate("jwt", { session: false }), (req, res) => { if (req.user) { res.send(req.user); } else { res.status(401).end(); } }, ); app.post("/login", (req, res) => { if (req.body.username === "john" && req.body.password === "changeit") { console.log("authentication OK"); const user = { id: 1, username: "john", }; const token = jwt.sign( { data: user, }, jwtSecret, { issuer: "accounts.examplesoft.com", audience: "yoursite.net", expiresIn: "1h", }, ); res.json({ token }); } else { console.log("wrong credentials"); res.status(401).end(); } }); const jwtDecodeOptions = { jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(), secretOrKey: jwtSecret, issuer: "accounts.examplesoft.com", audience: "yoursite.net", }; passport.use( new JwtStrategy(jwtDecodeOptions, (payload, done) => { return done(null, payload.data); }), ); const io = new Server(httpServer); io.engine.use((req, res, next) => { const isHandshake = req._query.sid === undefined; if (isHandshake) { passport.authenticate("jwt", { session: false })(req, res, next); } else { next(); } }); io.on("connection", (socket) => { const req = socket.request; socket.join(`user:${req.user.id}`); socket.on("whoami", (cb) => { cb(req.user.username); }); }); httpServer.listen(port, () => { console.log(`application is running at: http://localhost:${port}`); });