diff options
| author | Pratik Naik <pratiknaik@gmail.com> | 2015-03-05 17:38:36 -0600 |
|---|---|---|
| committer | Pratik Naik <pratiknaik@gmail.com> | 2015-03-05 17:38:36 -0600 |
| commit | 07269ba550ac0aa043412cb0fbe255a7ac3b826a (patch) | |
| tree | 8e63e6a8b20876ecefed6163ba5096bb1c58a11c /lib/action_cable | |
| parent | 6451fe14084563412cf0d52b4f6b895ee9b53bfe (diff) | |
| download | rails-07269ba550ac0aa043412cb0fbe255a7ac3b826a.tar.gz rails-07269ba550ac0aa043412cb0fbe255a7ac3b826a.tar.bz2 rails-07269ba550ac0aa043412cb0fbe255a7ac3b826a.zip | |
Authorize before sending and receiving data
Diffstat (limited to 'lib/action_cable')
| -rw-r--r-- | lib/action_cable/channel/base.rb | 31 | ||||
| -rw-r--r-- | lib/action_cable/server.rb | 2 |
2 files changed, 29 insertions, 4 deletions
diff --git a/lib/action_cable/channel/base.rb b/lib/action_cable/channel/base.rb index 9cfeb4b73a..8ee99649f4 100644 --- a/lib/action_cable/channel/base.rb +++ b/lib/action_cable/channel/base.rb @@ -35,8 +35,16 @@ module ActionCable subscribe end - def receive(data) - raise "Not implemented" + def receive_data(data) + if authorized? + if respond_to?(:receive) + receive(data) + else + logger.error "[ActionCable] #{self.class.name} received data (#{data}) but #{self.class.name}#receive callback is not defined" + end + else + unauthorized + end end def subscribe @@ -52,6 +60,15 @@ module ActionCable end protected + # Override in subclasses + def authorized? + true + end + + def unauthorized + logger.error "[ActionCable] Unauthorized access to #{self.class.name}" + end + def connect # Override in subclasses end @@ -61,7 +78,11 @@ module ActionCable end def broadcast(data) - connection.broadcast({ identifier: @channel_identifier, message: data }.to_json) + if authorized? + connection.broadcast({ identifier: @channel_identifier, message: data }.to_json) + else + unauthorized + end end def start_periodic_timers @@ -80,6 +101,10 @@ module ActionCable connection.worker_pool end + def logger + connection.logger + end + end end diff --git a/lib/action_cable/server.rb b/lib/action_cable/server.rb index 2449837105..3c78ad5239 100644 --- a/lib/action_cable/server.rb +++ b/lib/action_cable/server.rb @@ -106,7 +106,7 @@ module ActionCable def process_message(message) if @subscriptions[message['identifier']] - @subscriptions[message['identifier']].receive(ActiveSupport::JSON.decode message['data']) + @subscriptions[message['identifier']].receive_data(ActiveSupport::JSON.decode message['data']) else logger.error "Unable to process message: #{message}" end |