Fix Invalid Signature issue and enable event creator to be sent from any app (#39)

* Add the ability to configure middleware. Fixes #22 * Fix StyleCI Error. * Include X-App-ID * Reconstruct the PusherBroadcaster * fix styleci * change from overwriting constructor to new Broadcaster * optional inside dashboard gate * remove comment * fix for styleci * Fix typo * Removed unused $config['options']
2018-12-17 16:38:18 +08:00 · 2018-12-17 16:38:18 +08:00 · c1f6ffa51b
parent ec96ca7172
commit c1f6ffa51b
5 changed files with 36 additions and 5 deletions
--- a/config/websockets.php
+++ b/config/websockets.php
@ -1,5 +1,7 @@
 <?php

+use BeyondCode\LaravelWebSockets\Dashboard\Http\Middleware\Authorize;
+
 return [

    /*
@ -47,6 +49,18 @@ return [
     */
    'path' => 'laravel-websockets',

+    /*
+     * Dashboard Routes Middleware
+     *
+     * These middleware will be assigned to every dashboard route, giving you
+     * the chance to add your own middleware to this list or change any of
+     * the existing middleware. Or, you can simply stick with this list.
+     */
+    'middleware' => [
+        'web',
+        Authorize::class,
+    ],
+
    'statistics' => [
        /*
         * This model will be used to store the statistics of the WebSocketsServer.
--- a/resources/views/dashboard.blade.php
+++ b/resources/views/dashboard.blade.php
@ -120,7 +120,8 @@
                    authEndpoint: '/{{ request()->path() }}/auth',
                    auth: {
                        headers: {
-                            'X-CSRF-Token': "{{ csrf_token() }}"
+                            'X-CSRF-Token': "{{ csrf_token() }}",
+                            'X-App-ID': this.app.id
                        }
                    },
                    enabledTransports: ['ws', 'flash']
--- a/src/Dashboard/Http/Controllers/AuthenticateDashboard.php
+++ b/src/Dashboard/Http/Controllers/AuthenticateDashboard.php
@ -2,13 +2,29 @@

 namespace BeyondCode\LaravelWebSockets\Dashboard\Http\Controllers;

+use Pusher\Pusher;
 use Illuminate\Http\Request;
-use Illuminate\Contracts\Broadcasting\Broadcaster;
+use BeyondCode\LaravelWebSockets\Apps\App;
+use Illuminate\Broadcasting\Broadcasters\PusherBroadcaster;

 class AuthenticateDashboard
 {
-    public function __invoke(Request $request, Broadcaster $broadcaster)
+    public function __invoke(Request $request)
    {
+        /**
+         * Find the app by using the header
+         * and then reconstruct the PusherBroadcaster
+         * using our own app selection.
+         */
+        $app = App::findById($request->header('x-app-id'));
+
+        $broadcaster = new PusherBroadcaster(new Pusher(
+            $app->key,
+            $app->secret,
+            $app->id,
+            []
+        ));
+
        /*
         * Since the dashboard itself is already secured by the
         * Authorize middleware, we can trust all channel
--- a/src/Dashboard/Http/Middleware/Authorize.php
+++ b/src/Dashboard/Http/Middleware/Authorize.php
@ -8,6 +8,6 @@ class Authorize
 {
    public function handle($request, $next)
    {
-        return Gate::check('viewWebSocketsDashboard') ? $next($request) : abort(403);
+        return Gate::check('viewWebSocketsDashboard', [$request->user()]) ? $next($request) : abort(403);
    }
 }
--- a/src/WebSocketsServiceProvider.php
+++ b/src/WebSocketsServiceProvider.php
@ -64,7 +64,7 @@ class WebSocketsServiceProvider extends ServiceProvider
    protected function registerRoutes()
    {
        Route::prefix(config('websockets.path'))->group(function () {
-            Route::middleware(AuthorizeDashboard::class)->group(function () {
+            Route::middleware(config('websockets.middleware', [AuthorizeDashboard::class]))->group(function () {
                Route::get('/', ShowDashboard::class);
                Route::get('/api/{appId}/statistics', [DashboardApiController::class,  'getStatistics']);
                Route::post('auth', AuthenticateDashboard::class);