Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Handle pub/sub messaging through private channels in Rails.

branch: master

This branch is 0 commits ahead and 0 commits behind master

Fetching latest commit…

Cannot retrieve the latest commit at this time

README.rdoc

Private Pub

This is a Ruby gem for use with Rails to publish and subscribe to messages through Faye. All channels are private so you don't have to worry about users subscribing to channels which you haven't subscribed them to.

This project was motivated by Railscasts episode #260.

Setup

Add the gem to your Gemfile and run bundle.

gem "private_pub"

Run the generator to create the initial files.

rails g private_pub:install

Add the generated JavaScript to your layout file. This can be used with any JavaScript framework.

<%= javascript_include_tag "private_pub" %>

Next, install and start up Faye using the rackup file that was generated.

gem install faye
rackup faye.ru -s thin -E production

It's not necessary to include faye.js since that will be handled automatically for you.

Usage

Use the subscribe_to helper method on any page to subscribe to a channel.

<%= subscribe_to "/messages/new" %>

Use the publish_to helper method to publish messages to that channel. If a block of JavaScript is passed it will be evaluated automatically. This is usually done in a JavaScript AJAX response (such as a create.js.erb file).

<% publish_to "/messages/new" do %>
  $("#chat").append("<%= escape_javascript render(@messages) %>");
<% end %>

If you prefer to work through JSON you can pass an argument to publish_to instead of a block and it will be converted to_json behind the scenes.

publish_to "/messages/new", :chat_message => "Hello, world!"

And then handle this through JavaScript on the client side.

PrivatePub.subscribe("/messages/new", function(data, channel) {
  $("#chat").append(data.chat_message);
});

The Ruby subscribe_to call is still necessary with this approach to grant the user access to the channel. The JavaScript is just a callback for any custom behavior.

Security

Security is handled automatically for you. Only the Rails app is able to publish. Users are only able to receive messages on the channels you subscribe them to. This means every channel is private.

Here's how it works. The subscribe_to helper will output a script element containing data information about the channel.

<script type="text/javascript">
  PrivatePub.sign({
    channel: "/messages/new",
    timestamp: 1302306682972,
    signature: "dc1c71d3e959ebb6f49aa6af0c86304a0740088d",
    server: "http://localhost:9292/faye"
  });
</script>

The signature is a combination of the channel, timestamp, and secret token set in the Rails app. This is checked by the Faye extension when subscribing to a channel to ensure the signature is correct. The signature is automatically expired after 1 hour but this can be configured in the generated YAML file.

signature_expiration: 600 # 10 minutes, expressed in seconds

Or use a blank value for no expiration.

signature_expiration:

Note: if Faye is on a separate server from the Rails app it's important that the system clocks be in sync.

Development & Feedback

Questions or comments? Please use the issue tracker. If you would like to contribue to this project, clone this repository and run bundle and rake to run the tests.

Something went wrong with that request. Please try again.