Protecting Resources with Restricted Access

30 views
Skip to first unread message

Allen Wyma

unread,
May 21, 2013, 3:37:29 AM5/21/13
to fireh...@googlegroups.com
I have a Rails app that is rather complicated with it's resources and who can and cannot read resources. For this I am using CanCan and Devise. Is there a way that Firehose can read into this? it seems like Firehose and Rails are completely separated, so I'm curious if there's a way to accomplish this. Hmm, maybe the best way is to have some kind of tokenized URL? Any experience in this?

Brad Gessler

unread,
May 21, 2013, 4:09:54 AM5/21/13
to fireh...@googlegroups.com
You'd have to implement a proxy in Firehose that fires off a HEAD request to the path on your server with the resource. If the user has access to this resource (200 OK) then Firehose could stream to the user; otherwise if Firehose got a 401 or 403 from the resource, it wouldn't allow the user to bind to the stream.

Brad

On Tuesday, May 21, 2013 at 12:37 AM, Allen Wyma wrote:

I have a Rails app that is rather complicated with it's resources and who can and cannot read resources. For this I am using CanCan and Devise. Is there a way that Firehose can read into this? it seems like Firehose and Rails are completely separated, so I'm curious if there's a way to accomplish this. Hmm, maybe the best way is to have some kind of tokenized URL? Any experience in this?

--
You received this message because you are subscribed to the Google Groups "FirehoseIO" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firehoseio+...@googlegroups.com.
To post to this group, send email to fireh...@googlegroups.com.
Visit this group at http://groups.google.com/group/firehoseio?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Allen Wyma

unread,
May 25, 2013, 10:22:41 AM5/25/13
to fireh...@googlegroups.com
Is this something easily done or do I have to fork firehose to do so? Sounds a little bit difficult, also and costly, unless this only gets done once per resource per request per session?

Brad Gessler

unread,
May 29, 2013, 2:23:12 AM5/29/13
to fireh...@googlegroups.com
Its more on the difficult side and would certainly require a fork. I assume by costly you mean resource intensive? I don't think its too expense, but would most certainly increase latency by a few ms. You could cache the auth in Firehose to speed it up if you found it to be too slow.

If you took on this project I'd like to figure out how to merge your work into the firehose master branch.

Brad

Reply all
Reply to author
Forward
0 new messages