Secure faye publishing

config/initializers/mozo_settings.rb

@@ -1,4 +1,4 @@
-Qwaiter.event_host = "http://#{Rails.env.development? ? 'localhost' : 'events.mozo.bar'}:9296/faye"
+Qwaiter.event_host = "http://#{Rails.env.development? or Rails.env.test? ? 'localhost' : 'events.mozo.bar'}:9296/faye"
 Qwaiter.broadcaster = Qwaiter::Broadcaster::Faye.new
 
 # use the connection from couchbase-structures/documents

faye/config.ru

@@ -1,12 +1,12 @@
 require 'faye'
+require 'pry'
 #require File.expand_path('../config/initializers/faye_token.rb', __FILE__)
 setproctitle('mozo_faye') if respond_to?(:setproctitle)
+VALID_TOKENS = ['6be65f9b5e7d21b8ca8de4ccfad5ba24cf40d440b370af79']
 class ServerAuth
   def incoming(message, callback)
     if message['channel'] !~ %r{^/meta/}
-      if false && message['ext']['auth_token'] != FAYE_TOKEN
-        message['error'] = 'Invalid authentication token'
-      end
+      message['error'] = 'Invalid authentication token' unless message['ext'] && VALID_TOKENS.include?(message['ext']['auth_token'])
     end
     callback.call(message)
   end

lib/qwaiter/broadcaster/faye.rb

@@ -3,7 +3,7 @@ module Qwaiter
     class Faye
       def broadcast(message)
         @uri ||= URI.parse(Qwaiter.event_host)
-        Net::HTTP.post_form(@uri, :message => message.to_json)
+        Net::HTTP.post_form(@uri, message: message.merge(ext: {auth_token: '6be65f9b5e7d21b8ca8de4ccfad5ba24cf40d440b370af79'}).to_json)
       end
     end
   end