I am working on an application that requires client events to be emitted/subscribed to without the user being logged in.
The problem, however, is that the framework seems to be constructed in such a way that this is not possible:
PusherBroadcaster.php auth method
if (Str::startsWith($request->channel_name, ['private-', 'presence-']) &&
! $request->user()) {
throw new AccessDeniedHttpException;
}
My proposal is to remove this check, for the following reasons:
The channels.php has been created with the sole purpose of defining "Gates" for channels.
If my private channel name is defined in the channels.php, the broadcaster should evaluate it.
If $user is null, I should still be able to perform return true or false based on my own logic.
This would be a great improvement in scenarios where users are "authenticated" through a unique URL. In the application I am working on right now, the only thing I want to evaluate is whether this unique URL is valid. It has nothing to do with a "User" model, so limiting the whisper feature to authenticated users is something that should be implemented in the application, not the framework.
Would love to hear your thoughts on this.
If anyone has ideas to work around this limitation, I'm open to suggestions as well.
Could you find a workaround for this problem? I do not understand why the framework ties private channels to user sessions because that's what the channels.php is for.
I am working on an application that requires client events to be emitted/subscribed to without the user being logged in.
The problem, however, is that the framework seems to be constructed in such a way that this is not possible:
PusherBroadcaster.php auth method
My proposal is to remove this check, for the following reasons:
channels.php
has been created with the sole purpose of defining "Gates" for channels.channels.php
, the broadcaster should evaluate it.$user
is null, I should still be able to perform return true or false based on my own logic.This would be a great improvement in scenarios where users are "authenticated" through a unique URL. In the application I am working on right now, the only thing I want to evaluate is whether this unique URL is valid. It has nothing to do with a "User" model, so limiting the whisper feature to authenticated users is something that should be implemented in the application, not the framework.
Would love to hear your thoughts on this.
If anyone has ideas to work around this limitation, I'm open to suggestions as well.