README.md in faye-authentication-0.4.0 vs README.md in faye-authentication-1.6.0

- old
+ new

@@ -38,98 +38,119 @@ ## Usage ### Channels requiring authentication -All channels require authentication, except channels beginning by ``/public/`` +All channels require authentication by default, however, it is possible to provide +a lambda to the faye extensions to let them know which channels are public. -However, globbing, even on ``/public/`` channels will require authentication. - -Example : - -- ``/public/foo`` does not require authentication -- ``/public/bar/*`` requires authentication - - ### Authentication endpoint requirements The endpoint will receive a POST request, and shall return a JSON hash with a ``signature`` key. The parameters sent to the endpoint are the following : -```` +```json { - 'message' => - { - 'channel' => '/foo/bar', - 'clientId' => '123abc' + "message" : { + "channel": "/foo/bar", + "clientId": "123abc" } } -```` +``` If the endpoint returns an error, the message won't be signed and the server will reject it. You can use ``Faye::Authentication.sign`` to generate the signature from the message and a private key. Example (For a Rails application) -````ruby +```ruby def auth if current_user.can?(:read, params[:message][:channel]) render json: {signature: Faye::Authentication.sign(params[:message].slice(:channel,:clientId), 'your shared secret key')} else render json: {error: 'Not authorized'}, status: 403 end end -```` +``` A Ruby HTTP Client is also available for publishing messages to your faye server without the hassle of using EventMachine : -````ruby +```ruby Faye::Authentication::HTTPClient.publish('http://localhost:9290/faye', '/channel', 'data', 'your private key') -```` +``` ### Javascript client extension Add the extension to your faye client : -````javascript +```javascript var client = new Faye.Client('http://my.server/faye'); client.addExtension(new FayeAuthentication(client)); -```` +``` By default, when sending a subscribe request or publishing a message, the extension will issue an AJAX request to ``/faye/auth`` If you wish to change the endpoint, you can supply it as the second argument of the extension constructor, the first one being the client : +````javascript +client.addExtension(new FayeAuthentication(client, '/my_custom_auth_endpoint')); +```` - client.addExtension(new FayeAuthentication(client, '/my_custom_auth_endpoint')); +If you want to specify some channels for which you don't want the extension to +call your endpoint, you can pass an options object with a ``whitelist`` key mapping +to a function : +````javascript +function channelWhitelist(channel) { + // Allow channels beginning with /public but disallow globbing + return (channel.lastIndexOf('/public/', 0) === 0 && channel.indexOf('*') == -1); +} + +client.addExtension(new FayeAuthentication(client, '/faye/auth', {whitelist: channelWhitelist})); +```` + + ### Ruby Faye server extension Instanciate the extension with your secret key and add it to the server : -````ruby +```ruby server = Faye::RackAdapter.new(:mount => '/faye', :timeout => 15) server.add_extension Faye::Authentication::ServerExtension.new('your shared secret key') -```` +``` Faye::Authentication::ServerExtension expect that : - a ``signature`` is present in the message for publish/subscribe request - this signature is a valid JWT token - the JWT payload contains "channel", "clientId" and a expiration timestamp "exp" that is not in the past. Otherwise Faye Server will refuse the message. +If you want to specify some channels for which you don't want the extension require +authentication, you can pass an options hash with a ``whitelist`` key mapping +to a lambda : + +````ruby +channel_whitelist = lambda do |channel| + # Allow channels beginning with /public but disallow globbing + channel.start_with?('/public/') and not channel.include?('*') +end + +server = Faye::RackAdapter.new(:mount => '/faye', :timeout => 15) +server.add_extension Faye::Authentication::ServerExtension.new('your shared secret key', {whitelist: channel_whitelist}) +```` + ### Ruby Faye client extension This extension allows the ruby ``Faye::Client`` to auto-sign its messages before sending them to the server. -````ruby +```ruby client = Faye::Client.new('http://localhost:9292/faye') client.add_extension Faye::Authentication::ClientExtension.new('your shared secret key') -```` +``` ## Contributing 1. Fork it ( https://github.com/dimelo/faye-authentication/fork ) 2. Create your feature branch (`git checkout -b my-new-feature`)