docs: only execute the passport middleware once

Before this change, the session and user context were retrieved once
per HTTP request and not once per session.

examples/passport-example/README.md

@@ -14,3 +14,33 @@ $ npm ci && npm start
 ```
 
 And point your browser to `http://localhost:3000`. Optionally, specify a port by supplying the `PORT` env variable.
+
+## How it works
+
+The Socket.IO server retrieves the user context from the session:
+
+```js
+function onlyForHandshake(middleware) {
+  return (req, res, next) => {
+    const isHandshake = req._query.sid === undefined;
+    if (isHandshake) {
+      middleware(req, res, next);
+    } else {
+      next();
+    }
+  };
+}
+
+io.engine.use(onlyForHandshake(sessionMiddleware));
+io.engine.use(onlyForHandshake(passport.session()));
+io.engine.use(
+  onlyForHandshake((req, res, next) => {
+    if (req.user) {
+      next();
+    } else {
+      res.writeHead(401);
+      res.end();
+    }
+  }),
+);
+```

examples/passport-example/cjs/index.js

@@ -20,7 +20,6 @@ const sessionMiddleware = session({
 
 app.use(sessionMiddleware);
 app.use(bodyParser.urlencoded({ extended: false }));
-app.use(passport.initialize());
 app.use(passport.session());
 
 app.get("/", (req, res) => {
@@ -78,19 +77,28 @@ passport.deserializeUser((user, cb) => {
 
 const io = new Server(httpServer);
 
-io.engine.use(sessionMiddleware);
-io.engine.use(passport.initialize());
-io.engine.use(passport.session());
+function onlyForHandshake(middleware) {
+  return (req, res, next) => {
+    const isHandshake = req._query.sid === undefined;
+    if (isHandshake) {
+      middleware(req, res, next);
+    } else {
+      next();
+    }
+  };
+}
 
+io.engine.use(onlyForHandshake(sessionMiddleware));
+io.engine.use(onlyForHandshake(passport.session()));
 io.engine.use(
-  (req, res, next) => {
+  onlyForHandshake((req, res, next) => {
     if (req.user) {
       next();
     } else {
       res.writeHead(401);
       res.end();
     }
-  },
+  }),
 );
 
 io.on("connection", (socket) => {

examples/passport-example/esm/index.js

@@ -21,7 +21,6 @@ const sessionMiddleware = session({
 
 app.use(sessionMiddleware);
 app.use(bodyParser.urlencoded({ extended: false }));
-app.use(passport.initialize());
 app.use(passport.session());
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
@@ -81,19 +80,28 @@ passport.deserializeUser((user, cb) => {
 
 const io = new Server(httpServer);
 
-io.engine.use(sessionMiddleware);
-io.engine.use(passport.initialize());
-io.engine.use(passport.session());
+function onlyForHandshake(middleware) {
+  return (req, res, next) => {
+    const isHandshake = req._query.sid === undefined;
+    if (isHandshake) {
+      middleware(req, res, next);
+    } else {
+      next();
+    }
+  };
+}
 
+io.engine.use(onlyForHandshake(sessionMiddleware));
+io.engine.use(onlyForHandshake(passport.session()));
 io.engine.use(
-  (req, res, next) => {
+  onlyForHandshake((req, res, next) => {
     if (req.user) {
       next();
     } else {
       res.writeHead(401);
       res.end();
     }
-  },
+  }),
 );
 
 io.on("connection", (socket) => {

examples/passport-example/ts/index.ts

@@ -1,8 +1,8 @@
 import express = require("express");
-import { createServer, ServerResponse } from "http";
+import { createServer } from "http";
 import { Server } from "socket.io";
 import session from "express-session";
-import { type Request } from "express";
+import { type Request, type Response } from "express";
 import bodyParser = require("body-parser");
 import passport = require("passport");
 import { Strategy as LocalStrategy } from "passport-local";
@@ -91,19 +91,34 @@ passport.deserializeUser((user: Express.User, cb) => {
 
 const io = new Server(httpServer);
 
-io.engine.use(sessionMiddleware);
-io.engine.use(passport.initialize());
-io.engine.use(passport.session());
+function onlyForHandshake(
+  middleware: (req: Request, res: Response, next: any) => void,
+) {
+  return (
+    req: Request & { _query: Record<string, string> },
+    res: Response,
+    next: (err?: Error) => void,
+  ) => {
+    const isHandshake = req._query.sid === undefined;
+    if (isHandshake) {
+      middleware(req, res, next);
+    } else {
+      next();
+    }
+  };
+}
 
+io.engine.use(onlyForHandshake(sessionMiddleware));
+io.engine.use(onlyForHandshake(passport.session()));
 io.engine.use(
-  (req: { user: Express.User }, res: ServerResponse, next: Function) => {
+  onlyForHandshake((req, res, next) => {
     if (req.user) {
       next();
     } else {
       res.writeHead(401);
       res.end();
     }
-  },
+  }),
 );
 
 io.on("connection", (socket) => {