-
Notifications
You must be signed in to change notification settings - Fork 1
Authorization
andruby edited this page Dec 5, 2012
·
4 revisions
This is a Work in Progress
- Reuses the session_id cookie of the Application for Authentication
- The Application is responsible for maintaining a whitelist of allowed channel-prefixes in Redis
- When a client attempts to subscribe to a channel, Jugglite checks the user's whitelist
The Application is responsible for keeping a whitelist of allowed channels per user. The convention for the Redis keys of the whitelist is: #{prefix}:auth:#{session_id}. In Rails 3.x you can get the session id with request.session_options[:id].
The whitelist is a Redis LIST of strings. The whitelist items are used as prefix checks.
Given a whitelist ['public:', 'group:55:'] all channels starting with public: and group:55: will be allowed (eg: public:resource:10 and group:55:stream:3 are OK)