Open jamesrusso opened 1 year ago
@benjamin-tang-pusher @samuelyallop-pusher @benw-pusher Same question here. Not sure what's the state with the new authentication flow in the client and our python server should be. Thanks
I'll raise this internally, this may have been an oversight.
@benw-pusher Can I know when user authentication will be supported? Was there an internal roadmap or meeting?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you'd like this issue to stay open please leave a comment indicating how this issue is affecting you. Thank you.
I created a PR with some "user" functions:
@benw-pusher do I need to do anything else regarding the opened PR?
Thx
@benjamin-tang-pusher @samuelyallop-pusher @benw-pusher any news about the opened PR?
Thanks so far.
Hey, I will test your PR and see if its good enough to be merged.
was this merged?
was this merged?
Not yet. I'm waiting too.
:cricket: :cricket:
edit:
Since this library seems a bit outdated, and Pusher documentation is not enough clear, I did this based on the work of @andersonrocha0 in https://github.com/pusher/pusher-http-python/pull/207
I did this to use it with DRF. You need to call generate_pusher_response
method and pass socket_id
param with ::user::
for authentication or :chanel_name
to authorize the channel. Then, return that result as JSON
hope it helps someone
import json
from django.conf import settings
from pusher import sign
from rest_framework import status
from rest_framework.response import Response
def generate_pusher_response(socket_id, prefix, user_data_encoded=None):
response = {
'auth': generate_auth_string(socket_id, prefix, user_data_encoded),
}
if user_data_encoded:
response['user_data'] = user_data_encoded
return response
def generate_auth_string(socket_id, prefix, user_data_encoded=None):
string_to_sign = f'{socket_id}{prefix}{user_data_encoded or ""}'
signature = sign(settings.PUSHER_APP_SECRET, string_to_sign)
return f"{settings.PUSHER_APP_KEY}:{signature}"
class PusherAuthentication(APIView):
def post(self, request, *args, **kwargs):
socket_id = request.data.get('socket_id')
response_data = {}
response_status = status.HTTP_403_FORBIDDEN
try:
user_data = {'id': str(request.user.id)}
user_data_encoded = json.dumps(user_data)
response_data = generate_pusher_response(socket_id, '::user::', user_data_encoded)
response_status = status.HTTP_200_OK
except Exception as e: # noqa
pass
return Response(response_data, status=response_status)
class PusherChannelAuthorization(APIView):
def post(self, request, *args, **kwargs):
socket_id = request.data.get('socket_id')
channel = request.data.get('channel_name')
room_id = channel.removeprefix('private-channel-')
response_data = {}
response_status = status.HTTP_403_FORBIDDEN
if request.user.rooms.filter(id=room_id).exists():
try:
response_data = generate_pusher_response(socket_id, f':{channel}')
response_status = status.HTTP_200_OK
except Exception as e: # noqa
pass
return Response(response_data, status=response_status)
Bump
Is the lack of user authentication intentional for this library? Seems like the preferred method is now to use signin() method which would cause a POST to the user-auth endpoint (compared with just joining a private channel).