How to pass an authenticated user-object to the subscription / WebSocketServer context using express-session / Passport.js?

[luap2703]

Thank you for the great library!

We are currently completely stuck as we cannot figure out how to pass an authenticated user (using passport) into the WebSocketServer context? It seems that the express middlewares, e.g., passport, are not being applied. How can we authenticate a user / populate the object to the WebSocketServer context?

We especially couldn't find any hints in the docs.

This is our code so far deriving from the ApolloServer docs. Using the ApolloServer (http instance) the context is fairly simple, but we do not find a solution for achieving a same result on the WebSocketServer.

...

app.use(sessionMiddleware);
app.use(passport.initialize());
app.use(passport.session());

passport.serializeUser((user: any, done: any) => {
  done(null, user.user_id);
});
passport.deserializeUser(async (user: any, done: any) => {
  const dbUser = await prisma.user.findUnique({
    where: {
      user_id: user,
    },
    include: {
      company: true,
    },
  });
  done(null, dbUser as typeof dbUser & { name: string });
});
passport.use(localStrategy());
passport.use(googleStrategy());
passport.use(jwtStrategy());

async function main() {
  const typesArray = loadFilesSync(path.join(__dirname, "**/*.graphql"), {
    extensions: ["graphql"],
  });

  const typeDefs = mergeTypeDefs(typesArray);
  const schema = makeExecutableSchema({
    typeDefs: typeDefs,
    resolvers: resolvers,
  });
  const wsServer = new WebSocketServer({
    // This is the `httpServer` we created in a previous step.
    server: httpServer,
    // Pass a different path here if app.use
    // serves expressMiddleware at a different path
    path: "/apollo",
  });

The req object that I could get in the onConnect function does not have a user yet attached, meaning that it didn't go through the deserializer, i.e., no middlewares have been applied, correct?

How do I authenticate the user here and get the user object derived from the deserializer passed to the context? I dont use JWT tokens, but express-session.

  const serverCleanup = useServer(
    {
      schema,
      context: // HERE AND HOW?
      onConnect: // HERE AND HOW?
    },
    wsServer
  );

  // Set up Apollo Server
  const server = new ApolloServer({
    schema,
    status400ForVariableCoercionErrors: true,
    plugins: [
      ApolloServerPluginDrainHttpServer({ httpServer }),
      // Proper shutdown for the WebSocket server.
      {
        async serverWillStart() {
          return {
            async drainServer() {
              await serverCleanup.dispose();
            },
          };
        },
      },
    ],
  });

  await server.start();

  app.use(
    "/apollo",
    expressMiddleware(server, {
/**

Here the context is fairly simple by just passing the user object from the req to the context. The user got populated through the passport deserializer, which can be seen above.

*/
      context: async ({ req, res }: { req: Request; res: Response }) => {
        return {
          req,
          res,
          user: req.user,
          prisma,
        };
      },
    })
  );
}

main();
httpServer.listen(process.env.PORT || 8080);

module.exports = app;