search

nuxt-community / laravel-echo-module

Laravel Echo for Nuxt 2
MIT License
85 stars 32 forks source link

Individual channel authentication not triggered #39

Closed tjaydk closed 3 years ago

tjaydk commented 3 years ago

Hi all.

Im currently working on implementing chat into our application - Im using Laravel-echo together with Pusher. I have SPA and use JWT authentication via API endpoint.

The authentication is working, but when the user is authenticated on the top level, no individual channel authentication is done. So any and every authenticated users can subscribe to every chat channel and recieve their messages šŸ‘Ž 

echo: {
    broadcaster: 'pusher',
    key: process.env.MIX_PUSHER_APP_KEY,
    cluster: process.env.MIX_PUSHER_APP_CLUSTER,
    forceTLS: process.env.NODE_ENV === 'production',
    authModule: true,
    authEndpoint: `${process.env.API_URL}/broadcasting/auth`,
    connectOnLogin: true,
    disconnectOnLogout: true,
    auth: {
      headers: {
        'X-AUTH-TOKEN': process.env.API_AUTH_TOKEN
      }
    }
  },

As you can see i have added a custom endpoint for authentication from my API. This is working and im getting a response from my custom authentication with the h256 string plus some user information as i would want to use presence channels.

How can I set up that further authentication is needed e.g. with BroadcastServiceProvider > Broadcast::routes(['middleware' => 'auth:api']) ? Is it perhaps possible to do custom connection to a channel and specify another auth endpoint ? Because at the moment I am able to completely disable the BroadcastServiceProvider in the Backend and im still authenticated via the api/broadcasting/auth endpoint, and then able to subscribe to all channels as I please.

tjaydk commented 3 years ago

I found the solution for my particular problem - and it was on the server side. If you experience similar issue check out my answer on StackOverflow