I understand the midleware...

[joinfok]

I sorry, if is a stupid question!

Client connecting to server -> Check authorization -> set session.isAuthorized -> setMidlewareSubscribe to room.
Client side is send unauthorized session or unauthorized room, can receive midleware denied.

I see github and socketcluster.io samples.... don't understand what is a client and server side code, where is a function entry point in workflow... on exaples use scServer, wsServer...

I use now simple session auth set/check and try expanding this from midleware preparsing.

Pleas write a simple, completly example howto use midleware handshake, subscribe...etc.

[jondubois]

You can add middleware to intercept (or authorize) publish, subscribe and emit actions.
Middleware functions are useful to filter inbound communications.
I.e. Client => server

You can read up on the different kinds of middleware lines here: http://socketcluster.io/#!/docs/middleware-and-authorization

For example, for subscribe (to control who can see what channels), the client-side code might look like this:

// Client

socket.subscribe('foo');

The middleware might be:

// Server (worker.js)

wsServer.addMiddleware(wsServer.MIDDLEWARE_SUBSCRIBE,
  function (socket, channel, next) {
   // Get the list of channels which this session/socket is allowed to access
   // Alternatively, this could come from a database instead of socket.session
   socket.session.get('allowedChannels', function (err, channelPermissions) {
     if (channelPermissions[channel]) {
       // Allow the socket to subscribe to this channel - After calling next(), you don't need to
       // do anything else - SC will handle the rest
       next();
     } else {
       // Here we block every other channel which is not in that session's channelPermissions object
       // By passing an error to next(err), we are blocking the subscription
       next(socket.id + ' is not allowed to subscribe to event ' + event);
    }
   });
  }
);

[joinfok]

I try this:

scServer.addMiddleware(scServer.MIDDLEWARE_HANDSHAKE, function (req, next) {
req.session.get('isUserAuthorized', function (err, value) {
if (value) {
next();
} else {
next('Session ' + req.session.id + ' was not authorized');
}
});
});

scServer.on('connection', function (socket) {
// Emit a 'greet' event on the current socket with value 'hello world'
socket.emit('greet', 'hello world');

    /*
        Store that socket's session for later use.
        We will emit events on it later - Those events will 
        affect all sockets which belong to that session.
    */
    activeSessions[socket.session.id] = socket.session;
    socket.session.set('isUserAuthorized', true, callback);

});

req.session is always undefined.

The handshake called before socket.connected. If req.session is set and true, client is authorize the previous connection method, not require authorization again.

req.session is unavailable always and I don't understand why.

[jondubois]

@joinfok You found a bug in socketcluster-server (the session object wasn't being added to the request). It's been fixed in v0.9.43 (https://www.npmjs.org/package/socketcluster-server). Thanks!

One way to fix it is by reinstalling socketcluster using npm.

npm remove -g socketcluster

Then make sure you run:

npm cache clean

before you install again. This should fetch the latest version of socketcluster-server which has the fix.