In fact, I want to restrict users from connecting to the Socket before logging into the Web.
For api calls, I can use passport.js(session) and do the following to restrict them from using the api before logging in
app.get('/login', checkAuth, (req, res) => {
res.status(200).send('done');
})
function checkAuth(req, res, next) {
if (req.isAuthenticated()) {
return res.redirect('/')
}
next()
}
But how can I restrict socket.io connections before logging in, or perform an (auth) operation similar to the above?
io.sockets.on('connection', function (socket) {
socket.on('hi', async data => {
await socket.join('XP');
});
});