Defining and authorising private channels: Realtime with Laravel Reverb - Codecourse

Realtime with Laravel Reverb

Sign in Get started

Playing

09. Defining and authorising private channels

Episodes

0%

Your progress

Total: 1h 19m
Played: 0m
Remaining: 1h 19m

Join or sign in to track your progress

01. Broadcasting Basics

01. Introduction

02. Installing Reverb

03. Channels and events

04. Joining channels and listening to events

05. Adding data to events

06. Customising broadcast event data

07. Namespaced events

08. Queued events

02. Private channels

09. Defining and authorising private channels

10. Broadcasting to private channels

11. Listening to multiple events

12. Authorising other models

03. Presence channels

13. Setting up rooms

14. How presence channels work

15. Detecting who’s in a channel

16. Joining and leaving events

04. Whispering

17. Whispering basics

18. Whispering in action

Transcript

00:00

So far, we've only looked at public channels, which means anyone, even users that don't use

00:06

our application can connect to them channels. In this section, we're going to look at an example where we connect to the user's channel, which will only deliver notifications to that user. And only that user will be able to connect to that channel. And you can use this to create any channels for any model type that you need to be private. Okay. So I've created out a fresh

00:29

application here so we can focus on everything that we're doing. Let's go over to our channels root file and take a look at this channel here. We're not going to create a new channel. We're going to use what's already here to find out what is going on. Okay. So by default, Laravel includes this private channel. Let's just have a look at what is going on here. So this is the name of

00:51

the channel, which we're going to switch up. And it includes this placeholder just inside of here. So inside of here, we'll always get the user who is trying to connect to this private channel, and we'll also get any of the parameters that are passed into the channel name. We'll take a look at another example in a minute without implementing it, but this is the kind of thing that we're

01:15

dealing with. Now I'm actually going to change the channel name over to users.id. I much prefer just a cleaner rather than referencing the actual model. And let's just go ahead and pull in the namespace for that user. Okay. So effectively, when we connect to this channel, we're going to replace out this ID with the ID of the user who is trying to connect to the channel. We'll get

01:36

the currently authenticated user through and we'll make sure that the ID of the user matches what we have passed in here. And you can see it's cast to an int. So these get compared properly. Okay. Let's go ahead and try to connect to this channel and see what happens. So we're going to head over to our dashboard. So let's go back over to our dashboard and we'll just do exactly the same

01:58

thing again. Just write some raw JavaScript out in here. So let's use echo to go ahead and connect to a channel. Now we don't want to use channel. That's what we did before when we joined a public channel. Instead, we want to use the private method to signify to echo that we need to connect to a private channel. And we'll see what happens behind the scenes with a network request when we do this.

02:21

So let's go ahead and connect to users.one and just see what happens. So let's head over to the browser, open up our console, and let's take a look at what is going on here. Okay. So I've given the page a refresh and everything looks like it's good. Before we dive into the network request, let's go ahead and try and connect to users.two, which isn't the ID that I've registered with.

02:44

We give that a refresh. You can see we get a 403 forbidden. So what echo is doing now that we're using the private method to connect to a channel is it's sending a request to this endpoint within our Laravel application. What this endpoint will do is map this up to the channel that we're trying to connect to over in channels. It will run this closure. And obviously if we return false here,

03:10

it's going to unauthorize it. So let's go ahead and look at that network request in more detail when we go ahead and actually provide the correct ID. And then we'll go ahead and start to broadcast to this private channel. Okay. So there we go. There's our successful auth request. We can see that all of that was okay. Now you might be wondering, well, what's the point in defining

03:31

out this kind of channel when we're just returning a single true or false value? Well, with this, we can add in some logic to check if we're allowed to access this channel or not. Let's take the example just really quickly of creating out a chat room interface. So let's say that we had a chat room with a specific ID. We'd still get the user passed in, but this would now be the room

03:58

ID. So let's call that room ID just so it makes a bit more sense. Now what you can do inside of here, and this is all in the Laravel documentation, if you want to go ahead and reference it, is create out an if statement to explicitly stop the user accessing a room if they can't access it. So once you implement roles and permissions or any kind of logic in your application

04:23

to allow a user into a room or to perform a certain action, you can just define all of this out in here. So the example from the Laravel documentation is something like this. We would say something like user, which we now have, can access room, and then we could pass in the room ID. So if they can't access that room, then we want to return false. Otherwise, we want to return

04:48

true. So it's kind of like just a standard authorization, but now within a channel's route. So that's the kind of thing that we want to do. We're not going to implement just that just yet because we have other courses that cover that, but for now we know that only this specific user can connect to this channel. Now before we go, how do we actually pass this in? Well, it's

05:10

entirely up to you however you're building your application. Because we're just working within a blade file here, all we really need to do here is just output the currently authenticated user's ID. So now that will be directly passed into here, it will authorize it, and of course we can now connect. If someone was to go in and try and change this value or manually try and connect to this private

05:32

channel using a different ID, it wouldn't allow them in because over in channels we're performing this here. Okay, so hopefully that makes sense with private channels. Let's go over to the next couple of episodes and build out something a little bit more useful where we can dispatch to these private channels.

18 episodes•1 hr 19 mins•1 year ago

Overview

New to realtime broadcasting in Laravel? This course covers the essentials with plenty of examples along the way, leaving you ready to start adding realtime functionality to any of your Laravel applications.

Broken up into channel types, we’ll cover:

The basics of installing, configuring and running a Reverb server
Broadcasting events
Private channels
Presence channels
Client-to-client broadcasting by whispering

Alex Garrett-Smith

Alex Garrett-Smith

Hey, I'm the founder of Codecourse!

Episode discussion

No comments, yet. Be the first!