auth and faye

Question

auth and faye

francescoagati opened this issue 13 years ago · 6 comments

how about autentication? with faye there is a private_pub gem for use the autorhization in rails e faye

Answer 1 · 2012-06-20T16:48:51.000Z

So far I have had success using a proxy to whitelist certain IP addresses for PUT requests. I haven't tried the private_pub gem you mentioned.

Answer 2 · 2012-06-20T18:45:12.000Z

Ultimately we'd like to have an async middleware that can intercept requests, authenticate the client, then bind the client to a stream if they're authorized (or a 403 if not). This would allow you to setup whatever authorization scheme you want (HTTP Basic over HTTPS, tokens, etc.)

The big hold-up on that now is that rack doesn't support async middleware, so we'd have to switch to something like Goliath to make that work properly.

At best, today you can publish to an obfuscated URL. So try something like /some/resource/:big_long_dirty_little_secret_key.

Answer 3 · 2012-07-10T16:18:19.000Z

Brad,

After finding that Juggernaut (similar to Firehose) doesn't do authentication very well, or even at all, we're casting around for another option for our real-time app and found Firehose.

Looking like a perfect match for what we need, but we have one problem like thoughtless - most of our streams are carrying sensitive data. Additionally that data is scoped to what the Devise current_user is allowed to access, so it's not a binary "either authenticated or not" scenario (which is where the hardcoded keys of other solutions fall down).

We see your existing solution is "use an obfuscated URL", but how far have you got since the Railsconf on the authorisation layer you mentioned above? (In the video you said you've been toying with Goliath already.)

Answer 4 · 2012-07-10T18:16:22.000Z

There was a Goliath branch in the works at that time, but switched over to regular EM because we couldn't find a decent EM::Synchrony client that supported Redis pub/sub. Also, WS support in Goliath a few months ago wasn't up to snuff.

Really the problem is that Rack doesn't support async middleware, so its tough to drop an auth-layer into what we have place now unless you hard code it into the LongPoll and WS app. Do you know of any decent async rack solutions out there that would let a person like you easily drop auth into the Firehose stack as a middleware?

Answer 5 · 2014-01-04T01:38:43.000Z

Hey all,

Any update on this? We're just looking into building a streaming api and would love to use Firehose.

If not, any suggestions for alternatives?

Thanks!

Charlie

Answer 6 · 2014-01-06T05:38:28.000Z

We have not worked on building-in authorization or an async proxy because we haven't run into a need yet in any of our applications to stream private resources.

If you wanted to take a stab at this and understand EM I could help integrated it into the Firehose project; otherwise you'll have to wait indefinitely for us to run into the need.