ruby-on-rails – 使用Pusherapp的私有频道(使用Rails)

The authorization scheme is based on
the idea that,rather than
implementing custom user
authentication,and adding complexity
and state to pusher,we should trust
the existing level of authentication
offered by your application. We also
wanted to ensure that someone reading
data sent from your application to the
browser would not be able to connect
to a channel as that user,and
therefore couldn’t include any secrets
in the page HTML.

听起来您的应用程序的业务逻辑应该对用户进行身份验证并确定他们应该访问私有通道.

他们的图表显示：

经过身份验证后,应用程序会请求订阅用户. Pusher用socket_id回复.然后他们使用它连接.

以下是他们描述的方式：

As shown in this diagram,a unique
socket id is generated and sent to the
browser by Pusher. This is sent to
your application (1) via an AJAX
request which authorizes the user to
access the channel against your
existing authentication system. If
successful your application returns an
authorization string to the browser
signed with you Pusher secret. This is
sent to Pusher over the WebSocket,
which completes the authorization (2)
if the authorization string matches.

博客文章底部的示例进一步阐明：

假设您有一个名为project-3的频道,用户A和B可以访问该频道,但不能访问C.您希望将此频道设为私有,以便用户C无法收听私人事件.只需将事件发送到private-project-3并在浏览器中订阅即可.只要您使用最新的JavaScript(版本1.3或更高版本),您就会看到对您的应用程序发出POST请求/ pusher / auth.这将失败,因此订阅请求将不会发生在套接字上.

所以,对我来说这听起来像：
1)订阅请求发送给Pusher
2)Pusher POST到您的/ auth方法以确定用户是否可以访问该频道
3)如果您的业务逻辑允许用户访问此通道,则auth方法返回“ok”响应：

auth = Pusher[params[:channel_name]].socket_auth(params[:socket_id])

    content_type 'application/json'
    return JSON.generate({
      :auth => auth
    })

我没有使用过Pusher本身,但它的模型似乎反映了其他基于推送的模型的结构.希望这可以帮助！