fix: channels connection authorization #29

src/ChatifyMessenger.php

@@ -81,14 +81,36 @@ public function push($channel, $event, $data)
     /**
      * Authentication for pusher
      *
+     * @param User $requestUser
+     * @param User $authUser
      * @param string $channelName
      * @param string $socket_id
      * @param array $data
      * @return void
      */
-    public function pusherAuth($channelName, $socket_id, $data = null)
+    public function pusherAuth($requestUser, $authUser, $channelName, $socket_id)
     {
-        return $this->pusher->socket_auth($channelName, $socket_id, $data);
+        // Auth data
+        $authData = json_encode([
+            'user_id' => $authUser->id,
+            'user_info' => [
+                'name' => $authUser->name
+            ]
+        ]);
+        // check if user authenticated
+        if (Auth::check()) {
+            if($requestUser->id == $authUser->id){
+                return $this->pusher->socket_auth(
+                    $channelName,
+                    $socket_id,
+                    $authData
+                );
+            }
+            // if not authorized
+            return response()->json(['message'=>'Unauthorized'], 401);
+        }
+        // if not authenticated
+        return response()->json(['message'=>'Not authenticated'], 403);
     }
 
     /**

src/Http/Controllers/Api/MessagesController.php

@@ -27,23 +27,12 @@ class MessagesController extends Controller
      */
     public function pusherAuth(Request $request)
     {
-        // Auth data
-        $authData = json_encode([
-            'user_id' => Auth::user()->id,
-            'user_info' => [
-                'name' => Auth::user()->name
-            ]
-        ]);
-        // check if user authorized
-        if (Auth::check()) {
-            return Chatify::pusherAuth(
-                $request['channel_name'],
-                $request['socket_id'],
-                $authData
-            );
-        }
-        // if not authorized
-        return response()->json(['message'=>'Unauthorized'], 401);
+        return Chatify::pusherAuth(
+            $request->user(),
+            Auth::user(),
+            $request['channel_name'],
+            $request['socket_id']
+        );
     }
 
     /**
@@ -157,7 +146,7 @@ public function send(Request $request)
             $messageData = Chatify::fetchMessage($messageID);
 
             // send to user using pusher
-            Chatify::push('private-chatify', 'messaging', [
+            Chatify::push("private-chatify.".$request['id'], 'messaging', [
                 'from_id' => Auth::user()->id,
                 'to_id' => $request['id'],
                 'message' => Chatify::messageCard($messageData, 'default')

src/Http/Controllers/MessagesController.php

@@ -30,23 +30,12 @@ class MessagesController extends Controller
      */
     public function pusherAuth(Request $request)
     {
-        // Auth data
-        $authData = json_encode([
-            'user_id' => Auth::user()->id,
-            'user_info' => [
-                'name' => Auth::user()->name
-            ]
-        ]);
-        // check if user authorized
-        if (Auth::check()) {
-            return Chatify::pusherAuth(
-                $request['channel_name'],
-                $request['socket_id'],
-                $authData
-            );
-        }
-        // if not authorized
-        return response()->json(['message'=>'Unauthorized'], 401);
+        return Chatify::pusherAuth(
+            $request->user(),
+            Auth::user(),
+            $request['channel_name'],
+            $request['socket_id']
+        );
     }
 
     /**