diff options
author | Pratik Naik <pratiknaik@gmail.com> | 2015-03-05 17:38:36 -0600 |
---|---|---|
committer | Pratik Naik <pratiknaik@gmail.com> | 2015-03-05 17:38:36 -0600 |
commit | 07269ba550ac0aa043412cb0fbe255a7ac3b826a (patch) | |
tree | 8e63e6a8b20876ecefed6163ba5096bb1c58a11c /lib/action_cable/channel/base.rb | |
parent | 6451fe14084563412cf0d52b4f6b895ee9b53bfe (diff) | |
download | rails-07269ba550ac0aa043412cb0fbe255a7ac3b826a.tar.gz rails-07269ba550ac0aa043412cb0fbe255a7ac3b826a.tar.bz2 rails-07269ba550ac0aa043412cb0fbe255a7ac3b826a.zip |
Authorize before sending and receiving data
Diffstat (limited to 'lib/action_cable/channel/base.rb')
-rw-r--r-- | lib/action_cable/channel/base.rb | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/lib/action_cable/channel/base.rb b/lib/action_cable/channel/base.rb index 9cfeb4b73a..8ee99649f4 100644 --- a/lib/action_cable/channel/base.rb +++ b/lib/action_cable/channel/base.rb @@ -35,8 +35,16 @@ module ActionCable subscribe end - def receive(data) - raise "Not implemented" + def receive_data(data) + if authorized? + if respond_to?(:receive) + receive(data) + else + logger.error "[ActionCable] #{self.class.name} received data (#{data}) but #{self.class.name}#receive callback is not defined" + end + else + unauthorized + end end def subscribe @@ -52,6 +60,15 @@ module ActionCable end protected + # Override in subclasses + def authorized? + true + end + + def unauthorized + logger.error "[ActionCable] Unauthorized access to #{self.class.name}" + end + def connect # Override in subclasses end @@ -61,7 +78,11 @@ module ActionCable end def broadcast(data) - connection.broadcast({ identifier: @channel_identifier, message: data }.to_json) + if authorized? + connection.broadcast({ identifier: @channel_identifier, message: data }.to_json) + else + unauthorized + end end def start_periodic_timers @@ -80,6 +101,10 @@ module ActionCable connection.worker_pool end + def logger + connection.logger + end + end end |