I am making a Laravel 9 application involving websockets. I've made a private channel in the 'routes/channels.php' as following:
Broadcast::channel('User.{id}', function ($user, $id) {
return (int) $user->id === (int) $id;
});
It succesfully only allows authenticated users to join the channel and receive events. But the problem is, if I open two browser tabs, and logout at one, the other one is still 'authenticated' in the channel and is still able to receive new events. I want to make sure that if the user logs out of their account, he does not have access to the private channel anymore. How would this be possible?
Related
SO i am trying to listen to event that create channel dynamically with the the ids of the two users involved. I ma using pusher and echo for this purpose
the event successfully fired from my controller and is being recorded but echo does not listens to that event.
I am using guards as the conversation will be between two admins
My channel.php code is
Broadcast::channel('chatchannel.{reciever_id}.{sender_id}', function ($user, $reciever_id, $sender_id) {
if((int) auth()->guard('admin')->user()->id === (int) $reciever_id || (int) auth()->guard('admin')->user()->id === (int) $sender_id){
return true;
}else{
return false;
}
});
app.js file looks like this
Echo.private('chatchannel.'+app_sender_id+'.'+app_reciever_id)
.listen('.chatEvent', (e) => {
console.log('subscribed');
});
I did this change in my broadcastingerviceprovider.php file according to online soultions but it did not work
Broadcast::routes(['middleware' => 'auth:admin']);
I looked for all the solutions online but could not find anything that is of actual help. Can anyone guide me on how to get it working.
Your broadcast channel is chatchannel.{reciever_id}.{sender_id}.
However your client channel is chatchannel.'+app_sender_id+'.'+app_reciever_id
This means, for a sender of A and receiver of 2 you would have the following channels:
Broadcast - chatchannel.2.A
Client - private-chatchannel.A.2.
Channel names must match for the client to receive the broadcast event. You should ensure the sender and receiver Id are in the same order on both systems and that you are using private channels in both scenarios.
I'm working on a simple chat web app using Laravel.
I've decided to use the Model broadcasting routine here.
But I don't know how model broadcasting authorize users.
I know the standard method is like:
Broadcast::channel('orders.{orderId}', function ($user, $orderId) {
return $user->id === Order::findOrNew($orderId)->user_id;
});
While model broadcasting also broadcasts on private channels, the docs doesn't describe if developers need to set up authorization callbacks.
So, do I need to create a private channel authorization callback like:
Broadcast::channel('App.User.{userId}', function ($user, $userId) {
return $user->id === userId;
});
And the second question: can I create different private channels authorization callbacks for different auth guards like:
Broadcast::channel('channel.{memberId}', function ($member, $memberId) {
// ...
}, ['guards' => ['member']]);
Broadcast::channel('channel.{adminId}', function ($admin, $adminId) {
// ...
}, ['guards' => ['admin']]);
The last question: does the broadcasting in Laravel support client-to-client broadcasting? Because I need to limit who can send messages to specific channels, if the client-to-client behavior exists it may effect the privacy of users in my app.
My native language is not English. Sorry if my words are not clear.
I am fiddling with Laravel websockets for the first time.
Currently i am just using plain JS WebSocket client (not Laravel Echo).
They way i see it, laravel echo provides an 'authEndpoint' for private and presence channels.
This allows you to create Broadcast::channel() callback that looks like this
Broadcast::channel('App.User.{id}', function ($user, $id) {
return (int) $user->id === (int) $id;
});
What puzzles me now, is that when i make a websocket connection with the WebSocket native client and i dont provide the auth endpoint, i can just subscribe to my private channel, and thus bypass all auth completely?
Is this correct or am i missing something?
My goal is to have private channels that reject access is the auth endpoint was not provided.
What does your broadcast routing look like? Any middleware?
From Laravel:
Broadcast::channel('channel', function () {
// ...
}, ['guards' => ['web', 'admin']]);
I am not able to listen for a notification in a private channel. When I try to connect to the channel I can see in the pusher debug console that a connection is attempted but then it does not say subscribed. If I try to log the channel to the console it says subscriptionPending: true.
I am using the following code:
window.Echo.private(`App.Models.User.User.${Laravel.userId}`).notification((notification) => {
console.log(notification);
})
I have not tried a .listen method after the .private method as I am listening for a notification to be emitted from Laravel.
Here is the contents of my channels.php file for authenticating the user
Broadcast::channel('App.Models.User.User.{id}', function ($user, $id) {
return (int) $user->id === (int) $id;
});```
Turns out I was subscribing to the wrong channel, forgot my User model was in a directory called Users not User
I have a question and I do not find an answer that satisfies me.
I have an app of Soccer Teams:
A user can join multiple teams,
I want to send notifications when an action in a team occurs (for example, when a match is scheduled)
I broadcast on channels this way:
new PrivateChannel('team.' . $this->team->id);
But I don't know how to register a User in multiple channels.
The question is, do I need to register the User to the channels of every team that he belongs?
for ($user->teams as $team) {
Echo.private('team.'.$team->id)
}
Is there any other way to register the user to his channels?
Thank you in advance.
You'll need to authenticate the user for each team's channel in your channels.php route file:
// loop teams to create channel names like teams.team1.1, teams.team2.1
// {id} is the user's primary key
Broadcast::channel("teams.{$team->name}.{id}", function (Authenticatable $user, $id) {
return (int)$user->getAuthIdentifier() === (int)$id;
});
// have Echo listen for broadcast events on the same channels.
Echo.private('teams.team1.1')
.listen('SomeTeamEvent', callback)
.listen('AnotherTeamEvent', callback2)
...
.listen('LastTeamEvent', callbackX)
...
Echo.private('teams.team2.1')
.listen('SomeTeamEvent', anotherCallback)
.listen('AnotherTeamEvent', anotherCallback2)
...
.listen('LastTeamEvent', anotherCallback2)