Root nsp middleware always called before sub nsp middleware authorization

[peteruithoven]

It's now possible to define middleware per namespace, but when this is used for authorization there is an issue. The issue is that the root namespace authorization is always called first, when this fails the namespace specific authorization isn't called. This makes it "impossible" to send the client an error from the namespace it was connecting to.
Not sure what would be the best solution here...

var express = require('express');
var app = express();
var http = require('http').Server(app);
var io = require('socket.io')(http);
var socketClient = require('socket.io-client');
var debug = require('debug')('nspAuthorization');
var port = 5000;

// SERVER
http.listen(port, function(){
  debug('server listening on *:'+port);
});
var rootNSP = io.of('/');
var subNSP = io.of('/namespace');
rootNSP.use(authorization); // when enabled, the user won't get a error
subNSP.use(authorization);
function authorization(socket, next) {
  debug('authorization: to nsp: ',socket.nsp.name);
  var query = socket.handshake.query;
  if (query.secret === 'abc') {
    debug("  valid secret");
    next();
  } else{
    debug("  invalid secret");
    next(new Error('invalid secret'));
  }
}

// CLIENT
var url = 'http://localhost:'+port;
debug('namespace: connecting');
var socket = socketClient.connect(url+'/namespace?secret=fake');
socket.on('error',function(err) { // not received when root authorization middleware is enabled
  debug('namespace: error: ',arguments);
});
socket.on('connection',function() { 
  debug('namespace: connected');
});

[peteruithoven]

Currently when a client connects it always (also) joins the root namespace. This is convenient in some cases, but it shouldn't be able to block connecting to the target namespace right?

[darrachequesne]

That issue was closed automatically. Please check if your issue is fixed with the latest release, and reopen if needed (with a fiddle reproducing the issue if possible).

[murrayju]

This is still very much an issue in v2.1. Just like @peteruithoven, I need to have authentication on the default namespace as well as custom namespaces. When the client connects to a custom namespace with invalid credentials, they never get the error event (or any event for that matter, it just hangs).

Can we reopen this?

[darrachequesne]

@murrayju thanks for bringing that to my attention! Could you please give a look at socketio/socket.io-client#1202?

[softawarriors]

@darrachequesne There i faced a similar issue. I am using Socket Manager at client side for creating a namespace socket connection. On server side i used namespace middleware for authentication. It works fine for the first time, when close the socket(in my case single socket open at client side, closing that close the manager as well), connecting the manager and socket again, keeps the manager in 'opening' state.

If I remove the namespace middleware and apply it to the default namespace, all works fine, manager and socket reconnects back with authentication.

Any idea?

[darrachequesne]

For future readers: this was fixed in Socket.IO v3

Documentation:

• https://socket.io/docs/v3/migrating-from-2-x-to-3-0/#No-more-implicit-connection-to-the-default-namespace
• https://socket.io/docs/v3/middlewares/