New message notification #533
Conversation
|
@jsuchal nie je to zatial poriadne otestovane, kedze sa blbo testuje (potrebujem vyrobit na strane UPVS message na prevzatie). Fungovalo to na inom triggri, takze principialne by fungovat malo. Tak spravme tak, ze najprv kuknes koncept, ak zhruba OK, poprosim Luciu o zopar sprav, a otestujem a spravim nejake videjko z funkcnosti. Dikes |
| @@ -4,3 +4,8 @@ | |||
| thread_messages: @thread_messages, | |||
| thread_last_message_draft_id: @thread_last_message_draft_id | |||
| ) %> | |||
| <% if @notify %> | |||
| <%= turbo_frame_tag :new_messages_frame, target: "_top" do %> | |||
| <%= turbo_stream_from @message_thread %> | |||
There was a problem hiding this comment.
Security je postavene na predpokladoch (ktore som 100% neoveroval, ale verim, ze platia)
- Ked uz vidim vlakno, tak budem moct vidiet aj spravu, ktora pride po prevzati dorucenky
- Takyto subscription sa urobi len ked vidim dane vlakno (a subscription je zavesene na ID daneho vlakna), neviem ho vyrobit nijako odboku
- Jedine, co mi vysledok danej subscription da, je info o vzniku novej spravy a jej ID/linku na nu, co by nemalo nijako pomoct cloveku, co na tu spravu/vlakno nema pristup
There was a problem hiding this comment.
Myslim, ze minimalne taketo nieco bude treba https://guides.rubyonrails.org/action_cable_overview.html#server-side-components-connections
There was a problem hiding this comment.
Podla dokumentacie je toto doriesene v tomto turbo_stream_from, resp. v Turbo::Streamable, ak spravne chapem nasledovne:
https://rubydoc.info/github/hotwired/turbo-rails/Turbo%2FStreamsHelper:turbo_stream_from
The stream name being generated is safe to embed in the HTML sent to a user without fear of tampering, as it is signed using Turbo.signed_stream_verifier
There was a problem hiding this comment.
@stage-rl problem nie je tempering obsahu ale to, ze niekto sa napichne na stream a bude citat nieco co nema.
There was a problem hiding this comment.
Skor si myslim, ze to maju vyriesene railsaci vnutri. Ale keby aj nie, max sa utocnik dozvie linku na vlakno, na ktore nema pravo.
There was a problem hiding this comment.
Nemaju to doriesene (nemaju preco lebo turbo stream by default funguje ako public vec), treba doriesit autentifikaciu na urovni vytvarania channel/connection. Je to ale par riadkov https://binarysolo.blog/is-your-action-cable-connection-secure-when-using-turbo/
|
@stage-rl s tymto sa ako dari, nepotrebujes nic od nas? |
|
Tak cakal som nejaku reakciu na tie moje elaboraty, ale OK, nejako to spravim podla poziadavky a uvidime |
…sko-digital/govbox-pro into feature/new_message_alert
Gemfile
Outdated
| @@ -5,6 +5,7 @@ ruby '3.3.0' | |||
| gem 'rails', '~> 7.1' | |||
| gem 'rails-i18n' | |||
|
|
|||
| gem 'actioncable-enhanced-postgresql-adapter' | |||
There was a problem hiding this comment.
Ak spravne pozeram, tak pod 8000 bytes sa to sprava rovnako ako default adapter, cize sem nemusime tahat zavislost na nejaky deravy mrtvy gem 2 roky stary. (partial co posielas mas < 2000 bytes)
| @@ -4,3 +4,6 @@ | |||
| thread_messages: @thread_messages, | |||
| thread_last_message_draft_id: @thread_last_message_draft_id | |||
| ) %> | |||
| <%= turbo_frame_tag :new_messages_frame, target: "_top" do %> | |||
| <%= turbo_stream_from @message_thread %> | |||
| <% end %> | |||
There was a problem hiding this comment.
Zaujimave, ze ordering gemov tvoj linter riesi ale newline na konci nie. :)
| </div> | ||
| <div class="ml-3"> | ||
| <p class="text-sm font-medium text-blue-800"> | ||
| <%= link_to message_thread_path(message.thread), class: "underline" do %> |
There was a problem hiding this comment.
tu nepotrebujes block tu ti staci link_to nazov, url, zvysok
| <button | ||
| type="button" | ||
| data-action="dismissible-alert#dismiss" | ||
| class="inline-flex rounded-md bg-blue-50 text-blue-500 hover:bg-blue-100 focus:ring-blue-600 focus:ring-offset-blue-50 p-1.5 focus:outline-none focus:ring-2 focus:ring-offset-2" | ||
| > |
There was a problem hiding this comment.
Tomuto formatovaniu som nikdy neprisiel na chut.
|
|
||
| sign_in_as(:admin) | ||
| end | ||
| test 'should notify user on new message' do |
app/models/message.rb
Outdated
| @@ -46,6 +46,9 @@ class Message < ApplicationRecord | |||
|
|
|||
| after_update_commit ->(message) { EventBus.publish(:message_changed, message) } | |||
| after_destroy_commit ->(message) { EventBus.publish(:message_destroyed, message) } | |||
| after_create_commit do |message| | |||
| broadcast_render_later_to message.thread, partial: "messages/new_message_alert", locals: { message: message } | |||
There was a problem hiding this comment.
Do ktorej fronty sa toto zaradi? Beriem to tak, ze by to malo mat dost vysoku prioritu kedze to je userfacing.
|
|
||
| test: | ||
| adapter: test | ||
| adapter: enhanced_postgresql | ||
|
|
||
| production: |
There was a problem hiding this comment.
V produkcii sa odporuca to bezat standalone, ale nemyslim si ze tu bude nejaky velky traffic ze by nas to malo trapit. https://guides.rubyonrails.org/action_cable_overview.html#running-standalone-cable-servers cc @celuchmarek co myslis?
|
|
No description provided.