pusher / pusher-http-python

Pusher Channels HTTP API library for Python
https://pusher.com/docs/server_api_guide
MIT License
376 stars 113 forks source link

Lack of user-authentication methods? #193

Open jamesrusso opened 1 year ago

jamesrusso commented 1 year ago

Is the lack of user authentication intentional for this library? Seems like the preferred method is now to use signin() method which would cause a POST to the user-auth endpoint (compared with just joining a private channel).

ronlut commented 1 year ago

@benjamin-tang-pusher @samuelyallop-pusher @benw-pusher Same question here. Not sure what's the state with the new authentication flow in the client and our python server should be. Thanks

benw-pusher commented 1 year ago

I'll raise this internally, this may have been an oversight.

hhhroot commented 1 year ago

@benw-pusher Can I know when user authentication will be supported? Was there an internal roadmap or meeting?

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you'd like this issue to stay open please leave a comment indicating how this issue is affecting you. Thank you.

andersonrocha0 commented 1 year ago

I created a PR with some "user" functions:

https://github.com/pusher/pusher-http-python/pull/207

andersonrocha0 commented 1 year ago

@benw-pusher do I need to do anything else regarding the opened PR?

Thx

andersonrocha0 commented 1 year ago

@benjamin-tang-pusher @samuelyallop-pusher @benw-pusher any news about the opened PR?

Thanks so far.

benjamin-tang-pusher commented 1 year ago

Hey, I will test your PR and see if its good enough to be merged.

shakeeb1998 commented 1 year ago

was this merged?

andersonrocha0 commented 1 year ago

was this merged?

Not yet. I'm waiting too.

urkh commented 8 months ago

:cricket: :cricket:

edit:

Since this library seems a bit outdated, and Pusher documentation is not enough clear, I did this based on the work of @andersonrocha0 in https://github.com/pusher/pusher-http-python/pull/207

I did this to use it with DRF. You need to call generate_pusher_response method and pass socket_id param with ::user:: for authentication or :chanel_name to authorize the channel. Then, return that result as JSON

hope it helps someone

import json

from django.conf import settings
from pusher import sign
from rest_framework import status
from rest_framework.response import Response

def generate_pusher_response(socket_id, prefix, user_data_encoded=None):
    response = {
        'auth': generate_auth_string(socket_id, prefix, user_data_encoded),
    }
    if user_data_encoded:
        response['user_data'] = user_data_encoded
    return response

def generate_auth_string(socket_id, prefix, user_data_encoded=None):
    string_to_sign = f'{socket_id}{prefix}{user_data_encoded or ""}'
    signature = sign(settings.PUSHER_APP_SECRET, string_to_sign)
    return f"{settings.PUSHER_APP_KEY}:{signature}"

class PusherAuthentication(APIView):
    def post(self, request, *args, **kwargs):
        socket_id = request.data.get('socket_id')

        response_data = {}
        response_status = status.HTTP_403_FORBIDDEN
        try:
            user_data = {'id': str(request.user.id)}
            user_data_encoded = json.dumps(user_data)
            response_data = generate_pusher_response(socket_id, '::user::', user_data_encoded)
            response_status = status.HTTP_200_OK
        except Exception as e:  # noqa
            pass

        return Response(response_data, status=response_status)

class PusherChannelAuthorization(APIView):
    def post(self, request, *args, **kwargs):
        socket_id = request.data.get('socket_id')
        channel = request.data.get('channel_name')
        room_id = channel.removeprefix('private-channel-')

        response_data = {}
        response_status = status.HTTP_403_FORBIDDEN

        if request.user.rooms.filter(id=room_id).exists():
            try:
                response_data = generate_pusher_response(socket_id, f':{channel}')
                response_status = status.HTTP_200_OK
            except Exception as e:  # noqa
                pass

        return Response(response_data, status=response_status)
ctwillie commented 2 months ago

Bump