v10.0.0

• Renamed MIDDLEWARE_HANDSHAKE property to MIDDLEWARE_HANDSHAKE_WS to make it clear that it is executed as part of the low-level WebSocket protocol handshake (before the SocketCluster socket has been instantiated on the server side). This middleware line offers the earliest possible opportunity to block connections before they are made - The downside is that due to security restrictions in the WebSocket protocol, it is not possible to pass back custom errors to the client during this phase of the connection.
• Added a new MIDDLEWARE_HANDSHAKE_SC middleware type which lets you control the flow at the SocketCluster protocol handshake level (this runs after the MIDDLEWARE_HANDSHAKE_WS middleware). Unlike with MIDDLEWARE_HANDSHAKE_WS, with MIDDLEWARE_HANDSHAKE_SC, you can pass back custom status codes to the client when blocking requests; the client can use this status code to determine its behaviour. This middleware line can be used to authenticate sockets using HTTP query strings instead of JWT tokens.

Example:

  var scServer = worker.scServer;

  scServer.addMiddleware(scServer.MIDDLEWARE_HANDSHAKE_SC, (req, next) => {
    setTimeout(() => {
      var err = new Error('Failed MIDDLEWARE_HANDSHAKE_SC');
      err.name = 'SCHandshakeError';
      // Block connection with custom 4501 status code.
      // The client will receive this code as the first argument
      // to the 'disconnect' event handler.
      next(err, 4501);
    }, 200);
  });

Breaking change

• Renamed MIDDLEWARE_HANDSHAKE property to MIDDLEWARE_HANDSHAKE_WS - The corresponding string value was also renamed from handshake to handskakeWS.