Skip to content

Instantly share code, notes, and snippets.

@stephenlb

stephenlb/README.md

Last active August 29, 2015 14:11
Show Gist options
  • Save stephenlb/546f4c5ef577a5453ad0 to your computer and use it in GitHub Desktop.
Save stephenlb/546f4c5ef577a5453ad0 to your computer and use it in GitHub Desktop.
Download ZIP
Secure PubNub Subscriber Key and Channel Name by Securing Data Streams on PubNub with ACL / Access Management
Raw
README.md

Securing Data Streams on PubNub with ACL / Access Management

You want to Secure the PubNub Subscriber Key and the Channel Name too. With fine grain read and write access control on a per-connection level you can Provide Authorization and access control to users, devices and channels.

Good Part - With PubNub Access Management and ACL you can prevent someone from setting up their own PubNub client and receive the notifications without any authorization.

This is done with a PubNub auth_key which is an authenticated access token managed by your servers. Essentially you want to Mitigate and Prevent Subscription Sharing for your valuable data on a PubNub Data Stream.

Keep it Secret and Safe - Access Control for Realtime Data Streams

You must treat your PubNub auth_key the same as you would a secret intended only for the user. This is like a Session Key/ID that allows access to a data stream, similar to the way Netflix, Spotify, Facebook and Gmail provide a secure access layer.

This is what your JavaScript should look like for safe access controls.

Wohhhh Note - There are no access keys stored in the JavaScript file.

// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
// Get User Access Keys from Your Server
// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
console.log('getting user login information');
get_user_access( 'https://myservers.com/user/login/', function(user) {
    var pubnub = PUBNUB({
        subscribe_key : user.subscribe_key,
        auth_key      : user.auth_key
    });

    ready( pubnub, user );
} );

// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
// Data Stream Connection Ready to Start
// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
function ready( pubnub, user ) {
    console.log('ready to subscribe to data stream channel');

    pubnub.subscribe({
        channel : user.channels,
        message : receiver
    });
}

// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
// Data Stream Payloads Received
// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
function receiver(data) {
    console.log('received secure data payload');
}

Revoke Access on Malicious Activity

What if a user is logging in twice or opens more than one PubNub data Stream Connection? If you detect abuse, you can revoke access instantly with pubnub.revoke() command.

// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
// Revoke Access from Your Server
// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
pubnub.revoke({
    channel   : 'CHANNEL_NAME',
    auth_key  : 'BAD_APPLE_AUTH_KEY',
    callback  : function(m){console.log(m) }
});

Secure PubNub Subscriber Key and Channel Name

Secure PubNub Subscriber Key and Channel Name by Securing Data Streams on PubNub with ACL / Access Management

Also if you are using Node.JS for Access Management Control we have a fun community forum post for you that describes mass grants at a reasonable speed using PubNub Access Manager with Node.JS for both good and for awesome.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment