Fatal编程技术网
  • laravel/
  • 尝试订阅专用频道时,Laravel不检查授权

尝试订阅专用频道时,Laravel不检查授权

laravel

尝试订阅专用频道时,Laravel不检查授权,laravel,broadcast,pusher,Laravel,Broadcast,Pusher,我刚开始工作,遇到了一个问题。我正在使用Pusher,我想检查用户是否有权订阅私人频道。用户对帖子评论通知的访问已通过身份验证,但未经授权。我试图只向帖子的作者发送新评论的通知,但是所有打开帖子的经过身份验证的用户都会收到通知。我是不是错过了什么 <?php namespace App\Events; use Illuminate\Broadcasting\Channel; use Illuminate\Queue\SerializesModels; use Illuminate\Br

我刚开始工作,遇到了一个问题。我正在使用Pusher,我想检查用户是否有权订阅私人频道。用户对帖子评论通知的访问已通过身份验证,但未经授权。我试图只向帖子的作者发送新评论的通知,但是所有打开帖子的经过身份验证的用户都会收到通知。我是不是错过了什么

<?php

namespace App\Events;

use Illuminate\Broadcasting\Channel;
use Illuminate\Queue\SerializesModels;
use Illuminate\Broadcasting\PrivateChannel;
use Illuminate\Broadcasting\PresenceChannel;
use Illuminate\Foundation\Events\Dispatchable;
use Illuminate\Broadcasting\InteractsWithSockets;
use Illuminate\Contracts\Broadcasting\ShouldBroadcast;

class NewCommentEvent implements ShouldBroadcast
{
    use Dispatchable, InteractsWithSockets, SerializesModels;

    /**
     * Create a new event instance.
     *
     * @return void
     */

    public $comment;
    public function __construct($comment)
    {
        $this->comment = $comment;
    }

    /**
     * Get the channels the event should broadcast on.
     *
     * @return \Illuminate\Broadcasting\Channel|array
     */
    public function broadcastOn()
    {
        return new PrivateChannel('post-'.$this->comment->post_id);
    }

    public function broadcastAs()
    {
        return 'new-comment-event';
    }

    public function broadcastWith()
    {
        return ['comment' => $this->comment->comment];
    }
}
我使用的laravel版本是:5.8“$this->comment->post_id”表示什么?如果它表示该特定帖子的id,那么谁有权访问该帖子将获得通知。从post\u id获取作者id,并在“post-”上广播。作者id。

是,如果某篇文章是特定的,它就是该id。不,一个私人频道(在本例中为private-post-3)应该对用户进行身份验证(现在是这样),并检查是否也被授权。你会订阅所有帖子以获得帖子的评论吗?现在,谁订阅了该帖子id,谁就会收到通知。如果您只希望author获得通知,请在频道名称中使用author_id。这是我从频道路由中所期望的:
Broadcast::channel('post-{id}',function($user,$id){return$user->id==post::find($id)->author_id;})哦..好的。我建议以作者身份广播更好。看看哪个更合适。似乎根本没有调用channel.php路由。

<?php

use App\models\Post;

Broadcast::channel('App.User.{id}', function ($user, $id) {
    return (int) $user->id === (int) $id;
});

Broadcast::channel('post-{id}', function ($user, $id) {
    return false;
    //return $user->id == Post::find($id)->author_id;
});



var pusher = new Pusher('904d58ankty8c8397d000', {

        authEndpoint: 'http://localhost/blog/public/broadcasting/auth',
        cluster: 'ap2',
        forceTLS: true,
        auth: {
            headers: {
              'X-CSRF-Token': "{{csrf_token()}}"
            }
        }
    });

    var privateChannel = pusher.subscribe("private-post-{{{$post->id}}}");
    privateChannel.bind('new-comment-event', function(data) {
        $('#post-comments').append('<p>'+data.comment+'</p>');
    });



public function boot()
    {
        Broadcast::routes(['middleware' => ['auth']]);

        require base_path('routes/channels.php');
    }