Preconditions in a service (Socket.IO)

[kwakayama]

Hi,
I implemented the REST authentication mentioned in #43 .
Now I want the same for the Socket.IO communication.
A user can use the find and get service but for create, update and delete he has to be logged in. Is there a way with feathersjs to implement that?

[daffl]

Good timing, we're just discussing filtering SocketIO events in #44 for 0.4.0 that will be released soon. It will probably look like this:

var TodoService = {
    remove: function(id, params, callback) {

    },

    update: function(id, data, params, callback) {

    },

    create: function(data, params, callback) {

    },

    removed: function(data, params, callback) {
        // e.g. restrict by data company id
        if(params.user.companyId !== data.companyId) {
            return callback(null, false);
        }

        callback(null, data);
    },

    updated: function(data, params, callback) {
        // restrict by data company id
        if(params.user.companyId !== data.companyId) {
            return callback(null, false);
        }

        // This will also allow to convert the data sent
        callback(null, { converted: data });
    },

    created: function(data, params, callback) {
        // TODO implement
    }
}

Where the created, updated and removed params will be the handshake data set during SocketIO authorization. The trickier part I think is a plugin that does shared authorization between Express and SocketIO also existing methods like this one should already work.

[lock]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue with a link to this issue for related bugs.