fix(api-server): allow no authorization on socketio endpoints

authorizeSocket middleware will be installed only if AuthorizationProtocol different than NONE was provided. Closes: hyperledger-cacti#1925 Signed-off-by: Michal Bajer <michal.bajer@fujitsu.com>
outSH · Mar 21, 2022 · 310ce6a · 310ce6a
1 parent 80a8e0a
commit 310ce6a
Showing 1 changed file with 9 additions and 8 deletions.
diff --git a/packages/cactus-cmd-api-server/src/main/typescript/api-server.ts b/packages/cactus-cmd-api-server/src/main/typescript/api-server.ts
@@ -732,14 +732,15 @@ export class ApiServer {
 
     this.wsApi.attach(this.httpServerApi, wsOptions);
 
-    const socketIoAuthorizer = authorizeSocket({
-      ...authzConf.socketIoJwtOptions,
-      onAuthentication: (decodedToken) => {
-        this.log.debug("Socket authorized OK: %o", decodedToken);
-      },
-    });
-
-    this.wsApi.use(socketIoAuthorizer as never);
+    if (authorizerO.isPresent()) {
+      const socketIoAuthorizer = authorizeSocket({
+        ...authzConf.socketIoJwtOptions,
+        onAuthentication: (decodedToken) => {
+          this.log.debug("Socket authorized OK: %o", decodedToken);
+        },
+      });
+      this.wsApi.use(socketIoAuthorizer as never);
+    }
 
     return addressInfo;
   }