Socket.io namespaces and server don't share middleware?

Question

I'm created some passport authentication middleware for my socket.io/express app. It looks like:

io.use(function (socket, next) {
    var data = cookie.parse(socket.handshake.headers.cookie);
    var sessionID = cookieParser.signedCookie(data['connect.sid'], 'my balonga has a first name');
    sessionStore.get(sessionID, function (err, data) {
        if (err) next(err);
        socket.handshake.passport = data.passport;
        next();
    });
});

It works great, but I have a namespace and it appears uses a different socket. Does this mean that I must reuse my middleware for each namespace?

I noticed that I connect to my namespace it calls the middleware for the base server and then the namespace, this means if I include the middleware in both places, I'm doing 2x the operations I need. Can I prevent this without removing the middleware at the base layer? None of these are app breakers, but it will change my architecture a bit and I'm concerned I'll have auth gaps at some point.

Summary:

Must I reuse my middleware for each namespace?
Can I prevent the default namespace middleware from being called without removing the middleware at the base layer, when it is a namespace being connected to?

I believe, Express don't have namespaces, it has routes. Socket.io has namespaces. — Chris Anderson, Sep 06 '16 at 23:13
Thought so... I use featherjs to manage the sharing between sockets and express if that helps... — malix, Sep 07 '16 at 14:28
Yeah, since I posted this, there are actually lots of things that help manage this, including a package I wrote - https://www.npmjs.com/package/express-session-socket.io — Chris Anderson, Sep 07 '16 at 18:12
There's a couple out there, but I like redis. TJ's redis plugin is the classic, I think. - https://github.com/tj/connect-redis — Chris Anderson, Sep 15 '17 at 18:23

nickanna_42 · Answer 1 · 2018-07-18T00:57:21.573

Must I reuse my middleware for each namespace?

No. If you plan on using the middleware, as written, for all namespaces, you can utilize io.use() like you are currently doing. This places the middleware on the default / namespace. As you have already noted, the middleware on all sub-namespaces fire off in order, starting with the default, on a new socket.io connection.

Can I prevent the default namespace middleware from being called without removing the middleware at the base layer, when it is a namespace being connected to?

No. All namespaces are a subspace of the default namespace and any middleware defined on the default namespace, will fire for all connections. If you wanted to only fire your middleware off on certain namespaces, you could refrain from using io.use() and do the following.

const myMiddleware = function(socket, next) {
    // Do stuff here
};
io.of('/nsp_1').use(myMiddleware);
io.of('/nsp_2').use(myMiddleware);

A More Modular Approach

A more modular way to do this is to put the handlers for different namespaces in different different files, and define middleware specific for those namespaces in those files, while using io.use() for the default namespace.

main_app.js

const everthingMiddleware = require('./middleware/everything.js');
io.use(everythingMiddleware);
require('./nsp_1.js')(io.of('/nsp_1'));

nsp_1.js

module.exports = function(io) {
    const onePlaceMiddleware = require('./middleware/oneplace.js');
    io.use(onePlaceMiddleware);
};

From Socket.io v3, `io.use` fires only when client connects through the 'main' namespace (`/`). The change was made on update v2 → v3. [official docs reference](https://socket.io/docs/v3/migrating-from-2-x-to-3-0/#no-more-implicit-connection-to-the-default-namespace) / [related Github issue](https://github.com/socketio/socket.io/issues/3089) — goldenriver4422, Feb 21 '22 at 07:26

Socket.io namespaces and server don't share middleware?

1 Answers1

Must I reuse my middleware for each namespace?

Can I prevent the default namespace middleware from being called without removing the middleware at the base layer, when it is a namespace being connected to?

A More Modular Approach