docs update

Author: leastbad

README.md

@@ -1,6 +1,6 @@
 # Optimism
 
-[![GitHub stars](https://img.shields.io/github/stars/leastbad/optimism?style=social)](https://github.com/leastbad/optimism) [![GitHub forks](https://img.shields.io/github/forks/leastbad/optimism?style=social)](https://github.com/leastbad/optimism) [![Twitter follow](https://img.shields.io/twitter/follow/theleastbad?style=social)](https://twitter.com/theleastbad)
+[![GitHub stars](https://img.shields.io/github/stars/leastbad/optimism?style=social)](https://github.com/leastbad/optimism) [![GitHub forks](https://img.shields.io/github/forks/leastbad/optimism?style=social)](https://github.com/leastbad/optimism) [![Twitter follow](https://img.shields.io/twitter/follow/theleastbad?style=social)](https://twitter.com/theleastbad) [Discord.![](https://img.shields.io/discord/681373845323513862)](https://discord.gg/GnweR3)
 
 The missing drop-in solution for realtime remote form validation in Rails.
 

SUMMARY.md

@@ -4,6 +4,7 @@
 * [Setup](setup.md)
 * [Quick Start](quick-start.md)
 * [Typical Usage](typical-usage.md)
+* [Authentication](authentication.md)
 * [Reference](reference.md)
 * [Advanced Usage](advanced-usage.md)
 

authentication.md

@@ -0,0 +1,149 @@
+---
+description: Practice safe optimism
+---
+
+# Authentication
+
+If you're just trying to bootstrap a proof-of-concept application on your local workstation, you don't technically have to worry about giving ActionCable the ability to distinguish between multiple concurrent users. However, **the moment you deploy to a host with more than one person accessing your app, you'll find that you're sharing a session and seeing other people's updates**. That isn't what most developers have in mind.
+
+## Encrypted Session Cookies
+
+You can use your default Rails encrypted cookie-based sessions to isolate your users into their own sessions. This works great even if your application doesn't have a login system.
+
+{% code title="app/controllers/application\_controller.rb" %}
+```ruby
+class ApplicationController < ActionController::Base
+  before_action :set_action_cable_identifier
+
+  private
+
+  def set_action_cable_identifier
+    cookies.encrypted[:session_id] = session.id.to_s
+  end
+end
+```
+{% endcode %}
+
+{% code title="app/channels/application\_cable/connection.rb" %}
+```ruby
+module ApplicationCable
+  class Connection < ActionCable::Connection::Base
+    identified_by :session_id
+
+    def connect
+      self.session_id = cookies.encrypted[:session_id]
+    end
+  end
+end
+```
+{% endcode %}
+
+We need to instruct ActionCable to stream updates on a per-session basis:
+
+{% code title="app/channels/optimism_channel.rb" %}
+```ruby
+class OptimismChannel < ApplicationCable::Channel
+  def subscribed
+    stream_for session_id
+  end
+end
+```
+{% endcode %}
+
+Finally, we need to give Optimism the ability to broadcast updates to the correct channel subscription. We will override Optimism's default "OptimismChannel" with a lambda that returns the subscription identifier. You might already have other values in your initializer, or it might not yet exist at all:
+
+{% code title="config/initializers/optimism.rb" %}
+```ruby
+Optimism.configure do |config|
+  config.channel = ->(context) { OptimismChannel.broadcasting_for(context.session.id) }
+end
+```
+{% endcode %}
+
+## User-based Authentication
+
+Many Rails apps use the current\_user convention or more recently, the [Current](https://api.rubyonrails.org/classes/ActiveSupport/CurrentAttributes.html) object to provide a global user context. This gives access to the user scope from _almost_ all parts of your application.
+
+{% code title="app/controllers/application\_controller.rb  " %}
+```ruby
+class ApplicationController < ActionController::Base
+  before_action :set_action_cable_identifier
+
+  private
+
+  def set_action_cable_identifier
+    cookies.encrypted[:user_id] = current_user&.id
+  end
+end
+```
+{% endcode %}
+
+{% code title="app/channels/application\_cable/connection.rb " %}
+```ruby
+module ApplicationCable
+  class Connection < ActionCable::Connection::Base
+    identified_by :current_user
+
+    def connect
+      user_id = cookies.encrypted[:user_id]
+      return reject_unauthorized_connection if user_id.nil?
+      user = User.find_by(id: user_id)
+      return reject_unauthorized_connection if user.nil?
+      self.current_user = user
+    end
+  end
+end
+```
+{% endcode %}
+
+We need to instruct ActionCable to stream updates on a per-session basis:
+
+{% code title="app/channels/optimism_channel.rb" %}
+```ruby
+class OptimismChannel < ApplicationCable::Channel
+  def subscribed
+    stream_for current_user
+  end
+end
+```
+{% endcode %}
+
+Finally, we need to give Optimism the ability to broadcast updates to the correct channel subscription. We will override Optimism's default "OptimismChannel" with a lambda that returns the subscription identifier. You might already have other values in your initializer, or it might not yet exist at all:
+
+{% code title="config/initializers/optimism.rb" %}
+```ruby
+Optimism.configure do |config|
+  config.channel = ->(context) { OptimismChannel.broadcasting_for(context.current_user) }
+end
+```
+{% endcode %}
+
+## Devise-based Authentication
+
+If you're using the versatile [Devise](https://github.com/plataformatec/devise) authentication library, your configuration is *identical* to the User-Based Authentication above, **except** for how ActionCable looks up a user:
+
+{% code title="app/channels/application\_cable/connection.rb" %}
+```ruby
+module ApplicationCable
+  class Connection < ActionCable::Connection::Base
+    identified_by :current_user
+
+    def connect
+      self.current_user = find_verified_user
+    end
+
+    protected
+
+    def find_verified_user
+      if current_user = env["warden"].user
+        current_user
+      else
+        reject_unauthorized_connection
+      end
+    end
+  end
+end
+```
+{% endcode %}
+
+

lib/templates/optimism_channel.rb

@@ -1,5 +1,5 @@
 class OptimismChannel < ApplicationCable::Channel
   def subscribed
-    stream_for current_user
+    stream_from "OptimismChannel"
   end
 end

reference.md

@@ -93,7 +93,7 @@ Optimism is configurable via an optional initializer file. As with all initializ
 {% code title="config/initializers/optimism.rb" %}
 ```ruby
 Optimism.configure do |config|
-  config.channel = "OptimismChannel"
+  config.channel = ->(context) { "OptimismChannel" }
   config.form_class = "invalid"
   config.error_class = "error"
   config.disable_submit = false
@@ -109,7 +109,7 @@ end
 ```
 {% endcode %}
 
-**channel**: The ActionCable channel created by the `rake optimism:install` setup task. In most cases, you don't need to change this value. In fact, the only good reason to change this value is if you already have an OptimismChannel. If this describes you, congratulations on your optimism.
+**channel**: The ActionCable channel created by the `rake optimism:install` setup task. Good enough to get you up and running in development, you will need to pull your desired identifier from the context Optimism is running in and let the `broadcasting_for` method on `OptimismChannel` call the shots. Find out more on the [authentication](https://optimism.leastbad.com/authentication) page.
 
 **form\_class**: The CSS class that will be applied to the form if the id has been properly set eg. `posts_form` \(following the simple pattern **resources\_form**\). If form\_class is set to false or nil, no CSS class will be applied.
 

setup.md

@@ -18,7 +18,21 @@ The terminal commands above will ensure that Optimism is installed. It creates t
 
 ![](.gitbook/assets/setup.svg)
 
-### Logging
+# Authentication
+
+{% hint style="info" %}
+If you're just experimenting with Optimism or trying to bootstrap a proof-of-concept application on your local workstation, you can actually skip this section until you're planning to deploy.
+{% endhint %}
+
+Out of the box, ActionCable doesn't give Optimism the ability to distinguish between multiple concurrent users looking at the same page.
+
+**If you deploy to a host with more than one person accessing your app, you'll find that you're sharing a session and seeing other people's updates.** That isn't what most developers have in mind!
+
+When the time comes, it's easy to configure your application to support authenticating users by their Rails session or current_user scope. Just check out the Authentication page and choose your own adventure.
+
+{% page-ref page="authentication.md" %}
+
+# Logging
 
 In the default _debug_ log level, ActionCable emits particularly verbose log messages. You can optionally discard everything but exceptions by switching to the _warn_ log level, as is common in development environments:
 
@@ -29,7 +43,7 @@ config.log_level = :warn
 ```
 {% endcode %}
 
-### Troubleshooting
+# Troubleshooting
 
 {% hint style="info" %}
 If _something_ goes wrong, it's often because of the **spring** gem. You can test this by temporarily setting the `DISABLE_SPRING=1` environment variable and restarting your server.