[Proposal] Do not require a user session for Echo private channels to work

[arondeparon]

I am working on an application that requires client events to be emitted/subscribed to without the user being logged in.

The problem, however, is that the framework seems to be constructed in such a way that this is not possible:

PusherBroadcaster.php auth method

if (Str::startsWith($request->channel_name, ['private-', 'presence-']) &&
    ! $request->user()) {
    throw new AccessDeniedHttpException;
}

My proposal is to remove this check, for the following reasons:

• The channels.php has been created with the sole purpose of defining "Gates" for channels.
• If my private channel name is defined in the channels.php, the broadcaster should evaluate it.
• If $user is null, I should still be able to perform return true or false based on my own logic.

This would be a great improvement in scenarios where users are "authenticated" through a unique URL. In the application I am working on right now, the only thing I want to evaluate is whether this unique URL is valid. It has nothing to do with a "User" model, so limiting the whisper feature to authenticated users is something that should be implemented in the application, not the framework.

Would love to hear your thoughts on this.

If anyone has ideas to work around this limitation, I'm open to suggestions as well.

[rocramer]

Could you find a workaround for this problem? I do not understand why the framework ties private channels to user sessions because that's what the channels.php is for.