I’m looking for a way to handle authentication on a websocket/express server with realm-web. What I’m thinking is using JWT authentication in a piece of middleware, but not sure if that is the best way to handle it. I could use stateless auth and create an app instance for each request, but that seems a bit heavy.
I’m not very experienced with handling user authentication on a server like this, so any guidance is very much appreciated.
Here’s my tentative code
const auth: RequestHandler = async function(req, res, next) {
const authorization = req.headers.authorization;
if (!authorization) {
return res.status(401).json({ message: "No authorization header" });
}
const app = new Realm.App({ id: process.env.REALM_APP_ID as string });
const credentials = Realm.Credentials.jwt(authorization);
try {
const user = await app.logIn(credentials);
req.user = user;
} catch (err: any) {
return res.status(401).json({ message: err.message });
}
next();
};