Sails.js + Passport.js authentication through websockets

Alternatively, you can hijack the 'router:request' event to plug in passport for socket requests. I do this in 'config/bootstrap.js':

module.exports.bootstrap = function (cb) {  var passport = require('passport'),    initialize = passport.initialize(),    session = passport.session(),    http = require('http'),    methods = ['login', 'logIn', 'logout', 'logOut', 'isAuthenticated', 'isUnauthenticated'];  sails.removeAllListeners('router:request');  sails.on('router:request', function(req, res) {    initialize(req, res, function () {      session(req, res, function (err) {        if (err) {          return sails.config[500](500, req, res);        }        for (var i = 0; i < methods.length; i++) {          req[methods[i]] = http.IncomingMessage.prototype[methods[i]].bind(req);        }        sails.router.route(req, res);      });    });  });  cb();};

With this approach you don't need special handling for checking socket request authentication in policies. You do still need to hook up passport for non socket requests by way of express middleware.

Please try to check for req.session.passport.user. It will contain user info when logged in, and will be undefined otherwise. Works for me with any type of request.

I think this happens because in case of WebSocket request, "req" is actually fake request object. It created and passed directly to Express' router, bypassing all Express' middleware, including Passport's one

@ataman is exactly right. Express middleware that you install using the express.customMiddleware config is only applied to Express HTTP requests.

To get passport to work for all requests, use it in your policies:

// e.g. // config/policies.jsmodule.exports = {  SomeController: {    someaction: function somePassportMiddlewareFn() {}  }};