RFC: getServerSession support for Websockets and other non-H3Event requests

[CeebDev]

Describe the feature

It'd be nice if getServerSession could be called with non-H3Event payloads, to allow all standardized req / res sources to get the server session. A prominent example of this are websockets

This is a reopen of #135

I use defineWebSocketHandler and can't authentificate peers

How would you implement this?

No response

Additional information

• Would you be willing to help implement this feature?

Provider

• AuthJS
• Local
• Refresh
• New Provider

[phoenix-ru]

I am not entirely sure what your usecase would be? New authjs can work with web-standard Request and Response, but that means having and exchanging cookies/etc.

The only solution I see that you can implement is to have a regular HTTP endpoint protected by nuxt-auth middleware, which would upgrade the connection to ws(s) protocol. As soon as the connection is upgraded, you exchange messages as usual, without any authentication/etc.
Because getServerSession returns expires, you can check if the Websocket connection has become unauthenticated for example on requests/randomly on interval/however you wish.

I don't see any other way and imho there is no other way.