Module: Pgbus::Streams::SignedName

Defined in:

lib/pgbus/streams/signed_name.rb

Overview

Verifies tamper-proof stream identifiers carried in URLs (the ‘signed-stream-name` attribute set by `pgbus_stream_from`). Reuses `Turbo.signed_stream_verifier_key` when turbo-rails is loaded so that existing `broadcasts_to :room` calls Just Work; falls back to `Pgbus.configuration.streams_signed_name_secret` otherwise.

The signed payload is the logical stream name as a string (e.g. ‘“gid://app/Order/42:messages”`). Verification returns that string; tampered or unsigned input raises `InvalidSignedName`.

Defined Under Namespace

Classes: InvalidSignedName, MissingSecret

Class Method Summary

• .sign(stream_name) ⇒ Object
• .verify!(token) ⇒ Object

Class Method Details

.sign(stream_name) ⇒ Object

# File 'lib/pgbus/streams/signed_name.rb', line 31

def self.sign(stream_name)
  verifier.generate(stream_name)
end

.verify!(token) ⇒ Object

# File 'lib/pgbus/streams/signed_name.rb', line 23

def self.verify!(token)
  raise InvalidSignedName, "signed stream name is blank" if token.nil? || token.to_s.strip.empty?

  verifier.verified(token) || raise(InvalidSignedName, "signed stream name failed verification")
rescue ActiveSupport::MessageVerifier::InvalidSignature => e
  raise InvalidSignedName, "signed stream name failed verification: #{e.message}"
end