bterkuile/mozo-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Secure faye publishing

Browse Source
This commit is contained in:
Benjamin ter Kuile
2014-08-29 16:37:15 +02:00
parent ee603bdf28
commit afc604bb69
4 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/models/user.rb
+1 -1
View File
@@ -22,7 +22,7 @@ class User
validates_uniqueness_of :email validates_uniqueness_of :email
before_save :ensure_authentication_token before_save :ensure_authentication_token
has_many :error_logs has_many :error_logs
view :by_authentication_token, key: :authentication_token view :by_authentication_token, key: :authentication_token
config/initializers/mozo_settings.rb
+1 -1
View File
@@ -1,4 +1,4 @@
Qwaiter.event_host = "http://#{Rails.env.development? ? 'localhost' : 'events.mozo.bar'}:9296/faye" Qwaiter.event_host = "http://#{Rails.env.development? or Rails.env.test? ? 'localhost' : 'events.mozo.bar'}:9296/faye"
Qwaiter.broadcaster = Qwaiter::Broadcaster::Faye.new Qwaiter.broadcaster = Qwaiter::Broadcaster::Faye.new
# use the connection from couchbase-structures/documents # use the connection from couchbase-structures/documents
faye/config.ru
+3 -3
View File
@@ -1,12 +1,12 @@
require 'faye' require 'faye'
require 'pry'
#require File.expand_path('../config/initializers/faye_token.rb', __FILE__) #require File.expand_path('../config/initializers/faye_token.rb', __FILE__)
setproctitle('mozo_faye') if respond_to?(:setproctitle) setproctitle('mozo_faye') if respond_to?(:setproctitle)
VALID_TOKENS = ['6be65f9b5e7d21b8ca8de4ccfad5ba24cf40d440b370af79']
class ServerAuth class ServerAuth
def incoming(message, callback) def incoming(message, callback)
if message['channel'] !~ %r{^/meta/} if message['channel'] !~ %r{^/meta/}
if false && message['ext']['auth_token'] != FAYE_TOKEN message['error'] = 'Invalid authentication token' unless message['ext'] && VALID_TOKENS.include?(message['ext']['auth_token'])
message['error'] = 'Invalid authentication token'
end
end end
callback.call(message) callback.call(message)
end end
lib/qwaiter/broadcaster/faye.rb
+1 -1
View File
@@ -3,7 +3,7 @@ module Qwaiter
class Faye class Faye
def broadcast(message) def broadcast(message)
@uri ||= URI.parse(Qwaiter.event_host) @uri ||= URI.parse(Qwaiter.event_host)
Net::HTTP.post_form(@uri, :message => message.to_json) Net::HTTP.post_form(@uri, message: message.merge(ext: {auth_token: '6be65f9b5e7d21b8ca8de4ccfad5ba24cf40d440b370af79'}).to_json)
end end
end end
end end