Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

I can access to published messages after user close app sesion, using twig function #85

Open
frizquierdo opened this issue Oct 21, 2023 · 0 comments
Open

I can access to published messages after user close app sesion, using twig function #85

frizquierdo opened this issue Oct 21, 2023 · 0 comments

Comments

@frizquierdo
Copy link

I use Mercure out of Api Platform ecosystem with mercure() Twig function in template to notify the completion of tasks executed in the background, or update graphics in real time, and other updates that do not need to be private but must be reflected in the web interface. All this works fine.

mercure recipe:

mercure:
    hubs:
        default:
            url: '%env(MERCURE_URL)%'
            public_url: '%env(MERCURE_PUBLIC_URL)%'
            jwt:
                secret: '%env(MERCURE_JWT_SECRET)%'
                publish: ['squid/status', 'sysinfo/report', 'server/tools/datetime', 'internet/status', 'cuote/consumo-total', 'squid-proxy/access-log/monitor', 'notif/task-complete/{userId}', 'notif/list/latest/{userId}']
                subscribe: ['squid/status', 'sysinfo/report', 'server/tools/datetime', 'internet/status', 'cuote/consumo-total', 'squid-proxy/access-log/monitor', 'notif/task-complete/{userId}', 'notif/list/latest/{userId}']

In base template.html.twig:

{% block eventsource_javascript %}
    {% set config = {'mercureHub':mercure(['squid/status', 'notif/task-complete/'~app.user.idPublico|uuid_encode, 'notif/list/latest/'~app.user.idPublico|uuid_encode], { subscribe:['squid/status', 'notif/task-complete/'~app.user.idPublico|uuid_encode, 'notif/list/latest/'~app.user.idPublico|uuid_encode]})} %}
    <script id="mercure" type="application/json">
        {{ config|json_encode(constant('JSON_UNESCAPED_SLASHES') b-or constant('JSON_HEX_TAG'))|raw }}
    </script>
{% endblock %}

If user init sesion in web app, and copy the mercure url request (
https://squidmgr.lan/.well-known/mercure?topic=squid%2Fstatus&topic=sysinfo%2Freport&topic=server%2Ftools%2Fdatetime&topic=internet%2Fstatus&topic=cuote%2Fconsumo-total&topic=notif%2Ftask-complete%2F2nC0OMu3USsHE0AdKkreLz&topic=notif%2Flist%2Flatest%2F2nC0OMu3USsHE0AdKkreLz), logout application session and paste copied url in browser all messages related to the topics present in the copied url remain accessible, if the same user init session in another browser or computer, the updates of topics that include the user id are visible in the browser that access directly to mercure request url. On the other hand, if the user closes the browser, reopens it and pastes the url, then the message Unauthorized by Mercure is displayed. It's suppose that when logout process occur, the mercureAuthorization cookie is destroyed??? Publics updates don't care that be accessible out of the session, but privates Updates is necessary that do not be accessible out of user session.

I need that'notif/task-complete/{userId}' or 'notif/list/latest/{userId}' for example, don't be accessible if user logout.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@frizquierdo