I build Rails API that interacts with various platform clients. On the server side there is implemented faye server something like:
Faye::RackAdapter.new(:mount => '/faye', :timeout => 25)
On the server side I would like to add autentication via token. I use faye extension:
class ServerAuth
def incoming(message, callback)
# Let non-subscribe messages throughs
unless message['channel'] == '/meta/subscribe'
return callback.call(message)
end
# Get subscribed channel and auth token
msg_token = message['ext'] && message['ext']['authToken']
# Add an error if the tokens don't match
if msg_token != '12345'
message['error'] = 'Invalid subscription auth token'
end
# Call the server back now we're done
callback.call(message)
end
end
Actually It doesn't work as I except. When client passes correct token everything seems be all right but when he passes invalid token then he still is able to push messages even that he gets back error message from server. How should I block such messages that clients won't recive them (on the server side obviously).
I found solution for my issue. It happend that becuase I validated only '/meta/subscribe' instead of other chanells where clients publish their messages. Now the second extension method for pulished messages should looks like:
def incoming(message, callback)
return callback.call(message) if message['channel'].start_with? '/meta/'
<here all logic>
end