Open mrbrdo opened 12 years ago
Also, would there be a security issue if I allowed users to publish to a channel with the same key that is used to "sign" into a channel (that hash)? By modifying https://github.com/ryanb/private_pub/blob/master/lib/private_pub/faye_extension.rb
I don't care about sanitization of what is sent, only that "unauthorized" people cannot publish/listen to the channel.
PrivatePub.fayeClient is the legacy Faye client, but there is no way to specify the required "ext" chunk with Faye's current API, so nope, you gotta POST to the Faye server with the private_pub_token. Here's a POST using curl just to show what the payload looks like:
curl http://localhost:9292/faye -d 'message={"channel":"/test", "data":"hello", "ext":{"private_pub_token":"secret"}}'
An AJAX request with this kind of payload will do. Maybe PrivatePub (the JS object) could benefit from a publish_to function?
Thank you for the idea! The correct url should be without "message": curl -H 'Content-Type: application/json' -X POST http://localhost:9292/faye -d '{"channel": "/test", "data": {"channel": "/test", "data": {}}, "ext": {"private_pub_token": "secret"}}'
Is there a good way to enable JS clients to publish directly to faye (like you can do with FayeClient.publish("/channel", message))? I don't like the idea that I need 2 HTTP requests to send a message if I can do it with only 1, instead of going through Rails to send.