All geek questions in one place

Private channels with Pusherapp (using Rails)

I just went through a hello world for Pusherapp. Now I want to create private channels so that users only read the messages they need to read.

The Pusher docs only provide some information on how to do this, and I lost.

From docs :

... The JS Pusher socket_id library is returned when it connects to the Pusher.

When he tries to subscribe to a private channel, he sends an AJAX request back to your server using channel_name and socket_id as parameters.

The default URL for this is http://yourserver.com/pusher/auth ....

class PusherController < ApplicationController def auth if current_user response = Pusher[params[:channel_name]].authenticate(params[:socket_id]) render :json => response else render :text => "Not authorized", :status => '403' end end end

Given the user's unique identifier (current_user.id), how can I authenticate this user and then subscribe to the corresponding channel?

thanks

+4
source share
1 answer

This implementation blog post seems to explain things a bit more: https://pusher.com/docs/client_api_guide/client_private_channels

The authorization scheme is based on the idea that instead of introducing a user user authentication and the difficulty of adding and declaring to the pusher, we must trust the existing level of authentication offered by your application. We also wanted someone to read the data sent from your application to the browser, not be able to connect to the channel as this user, and therefore could not contain any secrets on the HTML page.

It seems that your business logic of your application should authenticate the user and decide that he should gain access to the private channel.

Their chart shows:

enter image description here

After authentication, the application requests a subscription to the user. Pusher responds with socket_id. Then they are associated with it.

Here's how they describe it:

As shown in this diagram, a Socket ID is generated and sent to the browser from Pusher. This is sent to your application (1) through an AJAX request, which allows the user to access the channel against the existing authentication system. If your application successfully returns the authorization string in the browser, Pusher’s secret has been signed with you. This is sent to Pusher via WebSocket, which completes authorization (2) if the authorization string matches.

The following blog post explains the following:

Suppose you have a channel called project-3 that users A and B have access to, but not C. You would like to make this channel private so that user C cannot listen to private events. Just send events to private-project-3 and subscribe to it in the browser. While you are using the latest javascript (version 1.3 or higher), you will see that the POST request has been added to your application in / pusher / auth. This is not currently running, and so the subscription request will not be sent to the socket.

So, for me it sounds like this: 1) A subscription request is sent to Pusher 2) Pusher POST messages to your / auth method to determine if the user can access the channel 3) If your business logic allows the user to access to this channel, the auth method returns an "ok" response:

 auth = Pusher[params[:channel_name]].socket_auth(params[:socket_id]) content_type 'application/json' return JSON.generate({ :auth => auth })

I did not use Pusher itself, but its model seems to reflect the structure of other push-based models. Hope this helps!

+10
source

Source: https://habr.com/ru/post/1341020/

More articles:


All Articles