Merge pull request #386 from HeyPuter/eric/socket-auth

fix(security): Move token for socket.io to request body

packages/backend/src/helpers.js

@@ -1146,8 +1146,8 @@ async function jwt_auth(req){
     else if(req.query && req.query.auth_token)
         token = req.query.auth_token;
     // Socket
-    else if(req.handshake && req.handshake.query && req.handshake.query.auth_token)
-        token = req.handshake.query.auth_token;
+    else if(req.handshake && req.handshake.auth && req.handshake.auth.auth_token)
+        token = req.handshake.auth.auth_token;
 
     if(!token || token === 'null')
         throw('No auth token found');

packages/backend/src/services/WebServerService.js

@@ -158,7 +158,7 @@ class WebServerService extends BaseService {
 
         // Socket.io middleware for authentication
         socketio.use(async (socket, next) => {
-            if (socket.handshake.query.auth_token) {
+            if (socket.handshake.auth.auth_token) {
                 try {
                     let auth_res = await jwt_auth(socket);
                     // successful auth
@@ -168,7 +168,7 @@ class WebServerService extends BaseService {
                     socket.join(socket.user.id);
                     next();
                 } catch (e) {
-                    console.log('socket auth err');
+                    console.log('socket auth err', e);
                 }
             }
         });

packages/puter-js/src/modules/FileSystem/index.js

@@ -65,7 +65,7 @@ class FileSystem{
         }
 
         this.socket = io(this.APIOrigin, {
-            query: {
+            auth: {
                 auth_token: this.authToken,
             }
         });

src/UI/UIDesktop.js

@@ -43,7 +43,7 @@ async function UIDesktop(options){
 
     // connect socket.
     window.socket = io(window.gui_origin + '/', {
-        query: {
+        auth: {
             auth_token: window.auth_token
         }
     });