Let’s imagine I have two tenants A,B. Now, ids in all tables are not unique because they are not primary key - primary key is a composite key (tenant_id, id).
I have a connection defined like this.
module ApplicationCable
class Connection < ActionCable::Connection::Base
identified_by :current_user
def dispatch_websocket_message(*)
Apartment::Tenant.switch(subdomain) { super }
end
def connect
self.current_user = find_user
end
protected
def find_user
if (current_user = env['warden'].user)
current_user
else
reject_unauthorized_connection
end
rescue UncaughtThrowError
nil
end
end
end
And then I have a channel.
class UserChannel < ApplicationCable::Channel
def subscribed
user = User.find params[:user_id]
stream_for user
end
end
and controller
UserChannel.broadcast_to @user, { ... data }
This works perfectly in a non-multitenant environment but now, using subdomains for multitenancy, there is no clear way to make this secure.
Clients will technically receive updates from each other as the channel names are not unique - but this is not really an issue - the issue is that broadcast should not even send packets to clients that are not on the same subdomain or at least Rails should provide an interface for configuring this.
I think there currently is no way how to really securely broadcast in a multitenant environment. Yes you can do some hacks with channel names, eg. MD5, … but I don’t think this is correct.
Or am I doing something wrong?
