I am building a php/javascript application which allows each individual user to connect to their private channel, e.g., private-channel.userID
The user is authenticated through the following authentication endpoints, see the code below.
However, after user is authenticated, it appears that they can also subscribe to other private-channel and send/receive messages.
For example, assume userID 100 should subscribe to private-channel.100. After it authenticates through the endpoints, he can also send messages to private-channel.200 or whatever the other private-channel.userID!!!
Anyway to allow user 100 to authenticate only to the private-channel.100 and not able to subscribe to other private-channels
I think something is wrong with the authentication endpoints, but could not figure out what.
Thanks much!
public function pusherAuth(Request $request){
$pusher = new Pusher(
config('broadcasting.connections.pusher.key'),
config('broadcasting.connections.pusher.secret'),
config('broadcasting.connections.pusher.app_id'),
config('broadcasting.connections.pusher.options')
);
$request->headers->set('Accept', 'application/json');
// return $pusher->socket_auth($request->channel_name, $request->socket_id);
//$channel = $request->channel_name;response()->json(
// $request->headers->set('Accept', 'application/json');
$auth = $pusher->socket_auth($request->channel_name, $request->socket_id);
$jsn = json_decode($auth,true);
// return response($auth)->header('Content-Type',"application/json");
return response()->json($jsn);
// re\turn ['auth' => $jsn->auth];
}
The php client code:
connectToPusher() {
this.pusher = new Pusher(window.Config.pusherKey, {
authEndpoint: '/broadcasting/auth',
cluster: window.Config.pusherCluster,
auth: {
headers: {
'X-CSRF-Token': window.Config.csrfToken
}
}
});
