Private Channels

[mrrooijen]

Hey Ryan,

The Faye screencast you did was sweet and it's something I've been looking for for quite a while ever since I tried out PusherApp. Though I like the idea of hosting the pubsub server myself with Faye since it's a lot less expensive that way.

I was wondering whether private_pub also supports "Private Channels". For example: say you have a channel like /chat_sessions/512 and you are able to invite people over to chat, but you don't want random people just signing in to that chat session. Is there a way to "authenticate" who can and cannot access that particular channel?

PusherApp has a way to handle that, and is described here: http://pusherapp.com/docs/private_channels

I used it before, wasn't too hard to set up. Might be a nice addition (if you haven't added it already) to private_pub.

Does private_pub support it, or are there any plans to support this kind of functionality?

Thanks!

[ryanb]

Private channels was the primary motivation behind private_pub (hence the name). Every channel is private automatically, so you don't have to explicitly make channels private. I should probably make this more clear in the docs.

[mrrooijen]

Oh, that's cool. So that means you can basically allow (authorize) certain users to subscribe to a particular channel, while disallowing (denying) other users from doing so?

I actually got the impression from the README that this was more to keep users from sending curl commands to the web app with harmful data.

[ryanb]

It covers both cases. It can be used for authorization because one can only listen on a channel if they have a signature for it, so you can grant that to whomever you choose using subscribe_to. Signatures auto-expire after an hour but you can customize this time.

It also adds security on the publishing end so only the Rails app is allowed to send messages (or whatever has the secret token).

[mrrooijen]

Oh! That makes sense. That's awesome. Looking forward to using this! Thanks :)