pusher 1.3.2 → 1.4.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: d7b2bbdf8bc09f38d44a290d712f4e4cfea3c02d
-  data.tar.gz: 72350a25756be9e9bff440195d2efba5d6f91a17
+SHA256:
+  metadata.gz: 4101c5a5932482beeedbb64514332771698b5c462f951d318f5b0412a379da1e
+  data.tar.gz: 10912c158ead0794e8b8ba7cc68d02e8ce4165458abd7cec6dd48d3583feadca
 SHA512:
-  metadata.gz: 177ffe40c85c424260852a5928196bd56d0bd40984635426d82f57d5ec6f126f4ce0e6eb99ee87b2e821a29b35e9640abde5a80895f0f71795f2d99c809d7a9a
-  data.tar.gz: 76a3284cc6ec3ea2686066cad60a020ca34399bdec353ccf5b2dc776ff8f57b9d1f68c2ce4a5ad10e2166de4757c995d16500b7c42b8af235338493dcf2b315a
+  metadata.gz: acdc1eb1c1630f04ab0e5de74c9d62c11bf1f9588421d1e130a641c7ee31a547e727c693c4a3a11bd035d800f0ba8721106f1b322bd36e5e97cde7a0c4dbbe43
+  data.tar.gz: 1692589eb319a5fa54560807af603e52ba368897e91363a81184dcdfa3cc3a5b120ecf2f87dea9c56d8e2ee2d689bf8cb3ccc1f6dc36db2095a0d338363b553c

data/.github/stale.yml

@@ -0,0 +1,26 @@
+# Configuration for probot-stale - https://github.com/probot/stale
+
+# Number of days of inactivity before an Issue or Pull Request becomes stale
+daysUntilStale: 365
+
+# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
+# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
+daysUntilClose: 7
+
+# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
+onlyLabels: []
+
+# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
+exemptLabels:
+  - pinned
+  - security
+
+# Set to true to ignore issues with an assignee (defaults to false)
+exemptAssignees: true
+
+# Comment to post when marking as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. If you'd
+  like this issue to stay open please leave a comment indicating how this issue
+  is affecting you. Thankyou.

data/.travis.yml

@@ -1,12 +1,12 @@
+before_install:
+  - sudo apt-get -y install libsodium18
+
 language: ruby
 sudo: false
 rvm:
-  - 1.9.3
-  - 2.0
-  - 2.1
-  - 2.2
-  - 2.3.0
-  - 2.4.1
+  - 2.4
+  - 2.5
+  - 2.6
   - jruby
   - rbx-2
 

data/CHANGELOG.md

@@ -1,3 +1,40 @@
+1.4.3 / 2020-10-28
+==================
+
+  * Remove newline from end of base64 encoded strings, some decoders don't like
+    them.
+
+1.4.2 / 2020-10-20
+==================
+
+  * Return `shared_secret` to support authenticating encrypted channels. Thanks
+    @Benjaminpjacobs
+
+1.4.1 / 2020-10-05
+==================
+
+  * Remove rbnacl from dependencies so we don't get errors when it isn't
+    required. Thanks @y-yagi!
+
+1.4.0 / 2020-09-29
+==================
+
+  * Support for end-to-end encryption.
+
+1.3.3 / 2019-07-02
+==================
+
+  * Rewording to clarify "Pusher Channels" or simply "Channels" product name.
+
+1.3.2 / 2018-10-17
+==================
+
+  * Return a specific error for "Request Entity Too Large" (body over 10KB).
+  * Add a `use_tls` option for SSL (defaults to false).
+  * Add a `from_url` client method (in addition to existing `from_env` option).
+  * Improved documentation and fixed typos.
+  * Add Ruby 2.4 to test matrix.
+
 1.3.1 / 2017-03-15
 ==================
 
@@ -100,4 +137,3 @@ First release with a changelog !
 
   * Bump httpclient to v2.4. See #62 (POODLE SSL)
   * Fix limited channel count at README.md. Thanks @tricknotes
-

data/README.md

@@ -1,8 +1,8 @@
 # Gem for Pusher Channels
 
-This Gem provides a Ruby interface to [the Pusher HTTP API for Pusher Channels](https://pusher.com/docs/rest_api).
+This Gem provides a Ruby interface to [the Pusher HTTP API for Pusher Channels](https://pusher.com/docs/channels/library_auth_reference/rest-api).
 
-[![Build Status](https://secure.travis-ci.org/pusher/pusher-http-ruby.svg?branch=master)](http://travis-ci.org/pusher/pusher-http-ruby)
+[![Build Status](https://secure.travis-ci.org/pusher/pusher-http-ruby.svg?branch=master)](http://travis-ci.org/pusher/pusher-http-ruby) [![Gem Version](https://badge.fury.io/rb/pusher.svg)](https://badge.fury.io/rb/pusher)
 
 ## Installation and Configuration
 
@@ -18,7 +18,7 @@ or install via gem
 gem install pusher
 ```
 
-After registering at <https://dashboard.pusher.com/>, configure your Pusher Channels app with the security credentials.
+After registering at [Pusher](https://dashboard.pusher.com/accounts/sign_up), configure your Channels app with the security credentials.
 
 ### Instantiating a Pusher Channels client
 
@@ -27,7 +27,7 @@ Creating a new Pusher Channels `client` can be done as follows.
 ``` ruby
 require 'pusher'
 
-channels_client = Pusher::Client.new(
+pusher = Pusher::Client.new(
   app_id: 'your-app-id',
   key: 'your-app-key',
   secret: 'your-app-secret',
@@ -43,7 +43,7 @@ If you want to set a custom `host` value for your client then you can do so when
 ``` ruby
 require 'pusher'
 
-channels_client = Pusher::Client.new(
+pusher = Pusher::Client.new(
   app_id: 'your-app-id',
   key: 'your-app-key',
   secret: 'your-app-secret',
@@ -57,12 +57,12 @@ Finally, if you have the configuration set in an `PUSHER_URL` environment
 variable, you can use:
 
 ``` ruby
-channels_client = Pusher::Client.from_env
+pusher = Pusher::Client.from_env
 ```
 
 ### Global configuration
 
-Configuring Pusher can also be done globally on the Pusher class.
+The library can also be configured globally on the `Pusher` class.
 
 ``` ruby
 Pusher.app_id = 'your-app-id'
@@ -92,9 +92,9 @@ As of version 0.12, SSL certificates are verified when using the synchronous htt
 Pusher.default_client.sync_http_client.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
 ```
 
-## Interacting with the Pusher service
+## Interacting with the Channels HTTP API
 
-The Pusher gem contains a number of helpers for interacting with the service. As a general rule, the library adheres to a set of conventions that we have aimed to make universal.
+The `pusher` gem contains a number of helpers for interacting with the API. As a general rule, the library adheres to a set of conventions that we have aimed to make universal.
 
 ### Handling errors
 
@@ -102,7 +102,7 @@ Handle errors by rescuing `Pusher::Error` (all errors are descendants of this er
 
 ``` ruby
 begin
-  channels_client.trigger('a_channel', 'an_event', :some => 'data')
+  pusher.trigger('a_channel', 'an_event', :some => 'data')
 rescue Pusher::Error => e
   # (Pusher::AuthenticationError, Pusher::HTTPError, or Pusher::Error)
 end
@@ -121,14 +121,14 @@ Pusher.logger = Rails.logger
 An event can be published to one or more channels (limited to 10) in one API call:
 
 ``` ruby
-channels_client.trigger('channel', 'event', foo: 'bar')
-channels_client.trigger(['channel_1', 'channel_2'], 'event_name', foo: 'bar')
+pusher.trigger('channel', 'event', foo: 'bar')
+pusher.trigger(['channel_1', 'channel_2'], 'event_name', foo: 'bar')
 ```
 
-An optional fourth argument may be used to send additional parameters to the API, for example to [exclude a single connection from receiving the event](http://pusher.com/docs/publisher_api_guide/publisher_excluding_recipients).
+An optional fourth argument may be used to send additional parameters to the API, for example to [exclude a single connection from receiving the event](https://pusher.com/docs/channels/server_api/excluding-event-recipients).
 
 ``` ruby
-channels_client.trigger('channel', 'event', {foo: 'bar'}, {socket_id: '123.456'})
+pusher.trigger('channel', 'event', {foo: 'bar'}, {socket_id: '123.456'})
 ```
 
 #### Batches
@@ -137,7 +137,7 @@ It's also possible to send multiple events with a single API call (max 10
 events per call on multi-tenant clusters):
 
 ``` ruby
-channels_client.trigger_batch([
+pusher.trigger_batch([
   {channel: 'channel_1', name: 'event_name', data: { foo: 'bar' }},
   {channel: 'channel_1', name: 'event_name', data: { hello: 'world' }}
 ])
@@ -151,36 +151,36 @@ Most examples and documentation will refer to the following syntax for triggerin
 Pusher['a_channel'].trigger('an_event', :some => 'data')
 ```
 
-This will continue to work, but has been replaced by `channels_client.trigger` which supports one or multiple channels.
+This will continue to work, but has been replaced by `pusher.trigger` which supports one or multiple channels.
 
 ### Getting information about the channels in your Pusher Channels app
 
-This gem provides methods for accessing information from the [Pusher HTTP API](https://pusher.com/docs/rest_api). The documentation also shows an example of the responses from each of the API endpoints.
+This gem provides methods for accessing information from the [Channels HTTP API](https://pusher.com/docs/channels/library_auth_reference/rest-api). The documentation also shows an example of the responses from each of the API endpoints.
 
 The following methods are provided by the gem.
 
-- `channels_client.channel_info('channel_name')` returns information about that channel.
+- `pusher.channel_info('channel_name', {info:"user_count,subscription_count"})` returns a hash describing the state of the channel([docs](https://pusher.com/docs/channels/library_auth_reference/rest-api#get-channels-fetch-info-for-multiple-channels-)).
 
-- `channels_client.channel_users('channel_name')` returns a list of all the users subscribed to the channel.
+- `pusher.channel_users('presence-channel_name')` returns a list of all the users subscribed to the channel (only for Presence Channels) ([docs](https://pusher.com/docs/channels/library_auth_reference/rest-api#get-channels-fetch-info-for-multiple-channels-)).
 
-- `channels_client.channels` returns information about all the channels in your Pusher application.
+- `pusher.channels({filter_by_prefix: 'presence-', info: 'user_count'})` returns a hash of occupied channels (optionally filtered by prefix, f.i. `presence-`), and optionally attributes for these channels ([docs](https://pusher.com/docs/channels/library_auth_reference/rest-api#get-channels-fetch-info-for-multiple-channels-)).
 
 ### Asynchronous requests
 
 There are two main reasons for using the `_async` methods:
 
-* In a web application where the response from the Pusher Channels HTTP API is not used, but you'd like to avoid a blocking call in the request-response cycle
+* In a web application where the response from the Channels HTTP API is not used, but you'd like to avoid a blocking call in the request-response cycle
 * Your application is running in an event loop and you need to avoid blocking the reactor
 
 Asynchronous calls are supported either by using an event loop (eventmachine, preferred), or via a thread.
 
 The following methods are available (in each case the calling interface matches the non-async version):
 
-* `channels_client.get_async`
-* `channels_client.post_async`
-* `channels_client.trigger_async`
+* `pusher.get_async`
+* `pusher.post_async`
+* `pusher.trigger_async`
 
-It is of course also possible to make calls to the Pusher Channels HTTP API via a job queue. This approach is recommended if you're sending a large number of events.
+It is of course also possible to make calls to the Channels HTTP API via a job queue. This approach is recommended if you're sending a large number of events.
 
 #### With EventMachine
 
@@ -190,14 +190,14 @@ It is of course also possible to make calls to the Pusher Channels HTTP API via
 The `_async` methods return an `EM::Deferrable` which you can bind callbacks to:
 
 ``` ruby
-channels_client.get_async("/channels").callback { |response|
+pusher.get_async("/channels").callback { |response|
   # use reponse[:channels]
 }.errback { |error|
   # error is an instance of Pusher::Error
 }
 ```
 
-A HTTP error or an error response from pusher will cause the errback to be called with an appropriate error object.
+A HTTP error or an error response from Channels will cause the errback to be called with an appropriate error object.
 
 #### Without EventMachine
 
@@ -208,12 +208,12 @@ An `HTTPClient::Connection` object is returned immediately which can be [interro
 
 ## Authenticating subscription requests
 
-It's possible to use the gem to authenticate subscription requests to private or presence channels. The `authenticate` method is available on a channel object for this purpose and returns a JSON object that can be returned to the client that made the request. More information on this authentication scheme can be found in the docs on <http://pusher.com>
+It's possible to use the gem to authenticate subscription requests to private or presence channels. The `authenticate` method is available on a channel object for this purpose and returns a JSON object that can be returned to the client that made the request. More information on this authentication scheme can be found in the docs on <https://pusher.com/docs/channels/server_api/authenticating-users>
 
 ### Private channels
 
 ``` ruby
-channels_client.authenticate('private-my_channel', params[:socket_id])
+pusher.authenticate('private-my_channel', params[:socket_id])
 ```
 
 ### Presence channels
@@ -221,7 +221,7 @@ channels_client.authenticate('private-my_channel', params[:socket_id])
 These work in a very similar way, but require a unique identifier for the user being authenticated, and optionally some attributes that are provided to clients via presence events:
 
 ``` ruby
-channels_client.authenticate('presence-my_channel', params[:socket_id],
+pusher.authenticate('presence-my_channel', params[:socket_id],
   user_id: 'user_id',
   user_info: {} # optional
 )
@@ -232,7 +232,7 @@ channels_client.authenticate('presence-my_channel', params[:socket_id],
 A WebHook object may be created to validate received WebHooks against your app credentials, and to extract events. It should be created with the `Rack::Request` object (available as `request` in Rails controllers or Sinatra handlers for example).
 
 ``` ruby
-webhook = channels_client.webhook(request)
+webhook = pusher.webhook(request)
 if webhook.valid?
   webhook.events.each do |event|
     case event["name"]
@@ -247,3 +247,54 @@ else
   render text: 'invalid', status: 401
 end
 ```
+
+### End-to-end encryption
+
+This library supports [end-to-end encrypted channels](https://pusher.com/docs/channels/using_channels/encrypted-channels). This means that only you and your connected clients will be able to read your messages. Pusher cannot decrypt them. You can enable this feature by following these steps:
+
+1. Add the `rbnacl` gem to your Gemfile (it's not a gem dependency).
+
+2. Install [Libsodium](https://github.com/jedisct1/libsodium), which we rely on to do the heavy lifting. [Follow the installation instructions for your platform.](https://github.com/RubyCrypto/rbnacl/wiki/Installing-libsodium)
+
+3. Encrypted channel subscriptions must be authenticated in the exact same way as private channels. You should therefore [create an authentication endpoint on your server](https://pusher.com/docs/authenticating_users).
+
+4. Next, generate your 32 byte master encryption key, encode it as base64 and pass it to the Pusher constructor.
+
+   This is secret and you should never share this with anyone.
+   Not even Pusher.
+
+   ```bash
+   openssl rand -base64 32
+   ```
+
+   ```rb
+   pusher = new Pusher::Client.new({
+     app_id: 'your-app-id',
+     key: 'your-app-key',
+     secret: 'your-app-secret',
+     cluster: 'your-app-cluster',
+     use_tls: true
+     encryption_master_key_base64: '<KEY GENERATED BY PREVIOUS COMMAND>',
+   });
+   ```
+
+5. Channels where you wish to use end-to-end encryption should be prefixed with `private-encrypted-`.
+
+6. Subscribe to these channels in your client, and you're done! You can verify it is working by checking out the debug console on the [https://dashboard.pusher.com/](dashboard) and seeing the scrambled ciphertext.
+
+**Important note: This will __not__ encrypt messages on channels that are not prefixed by `private-encrypted-`.**
+
+**Limitation**: you cannot trigger a single event on multiple channels in a call to `trigger`, e.g.
+
+```rb
+pusher.trigger(
+  ['channel-1', 'private-encrypted-channel-2'],
+  'test_event',
+  { message: 'hello world' },
+)
+```
+
+Rationale: the methods in this library map directly to individual Channels HTTP API requests. If we allowed triggering a single event on multiple channels (some encrypted, some unencrypted), then it would require two API requests: one where the event is encrypted to the encrypted channels, and one where the event is unencrypted for unencrypted channels.
+
+## Supported Ruby versions
+2.4+

data/examples/presence_channels/presence_channels.rb

@@ -0,0 +1,56 @@
+require 'sinatra'
+require 'sinatra/cookies'
+require 'sinatra/json'
+require 'pusher'
+
+# You can get these variables from http://dashboard.pusher.com
+pusher = Pusher::Client.new(
+  app_id: 'your-app-id',
+  key: 'your-app-key',
+  secret: 'your-app-secret',
+  cluster: 'your-app-cluster'
+)
+
+set :public_folder, 'public'
+
+get "/" do
+  redirect '/presence_channels.html'
+end
+
+# Emulate rails behaviour where this information would be stored in session
+get '/signin' do
+  cookies[:user_id] = 'example_cookie'
+  'Ok'
+end
+
+# Auth endpoint: https://pusher.com/docs/channels/server_api/authenticating-users
+post '/pusher/auth' do
+  channel_data = {
+      user_id: 'example_user',
+      user_info: {
+        name: 'example_name',
+        email: 'example_email'
+      }
+    }
+
+  if cookies[:user_id] == 'example_cookie'
+    response = pusher.authenticate(params[:channel_name], params[:socket_id], channel_data)
+    json response
+  else
+    status 403
+  end
+end
+
+get '/pusher_trigger' do
+  channels = ['presence-channel-test'];
+
+  begin
+    pusher.trigger(channels, 'test-event', {
+      message: 'hello world'
+    })
+  rescue Pusher::Error => e
+  # (Pusher::AuthenticationError, Pusher::HTTPError, or Pusher::Error)
+  end
+
+  'Triggered!'
+end

data/examples/presence_channels/public/presence_channels.html

@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<head>
+  <title>Pusher Test</title>
+  <script src="https://js.pusher.com/5.0/pusher.min.js"></script>
+  <script>
+
+    // Enable pusher logging - don't include this in production
+    Pusher.logToConsole = true;
+
+    var pusher = new Pusher('your-app-key', {
+      cluster: 'your-app-cluster',
+      forceTLS: true,
+      authEndpoint: '/pusher/auth'
+    });
+
+    var channel = pusher.subscribe('presence-channel-test');
+    channel.bind('test-event', function(data) {
+      alert(JSON.stringify(data));
+    });
+  </script>
+</head>
+<body>
+  <h1>Pusher Test</h1>
+  <p>
+    Try publishing an event to channel <code>presence-channel-test</code>
+    with event name <code>test-event</code>.
+  </p>
+</body>

data/lib/pusher/channel.rb

@@ -174,6 +174,15 @@ module Pusher
       r
     end
 
+    def shared_secret(encryption_master_key)
+      return unless encryption_master_key
+
+      secret_string = @name + encryption_master_key
+      digest = OpenSSL::Digest::SHA256.new
+      digest << secret_string
+      digest.digest
+    end
+
     private
 
     def validate_socket_id(socket_id)

data/lib/pusher/client.rb

@@ -1,8 +1,10 @@
+require 'base64'
+
 require 'pusher-signature'
 
 module Pusher
   class Client
-    attr_accessor :scheme, :host, :port, :app_id, :key, :secret, :notification_host, :notification_scheme
+    attr_accessor :scheme, :host, :port, :app_id, :key, :secret, :notification_host, :notification_scheme, :encryption_master_key
     attr_reader :http_proxy, :proxy
     attr_writer :connect_timeout, :send_timeout, :receive_timeout,
                 :keep_alive_timeout
@@ -55,6 +57,11 @@ module Pusher
           :scheme, :host, :port, :app_id, :key, :secret, :notification_host, :notification_scheme
         )
 
+      if options.has_key?(:encryption_master_key_base64)
+        @encryption_master_key =
+          Base64.strict_decode64(options[:encryption_master_key_base64])
+      end
+
       @http_proxy = nil
       self.http_proxy = options[:http_proxy] if options[:http_proxy]
 
@@ -138,6 +145,12 @@ module Pusher
       @connect_timeout, @send_timeout, @receive_timeout = value, value, value
     end
 
+    # Set an encryption_master_key to use with private-encrypted channels from
+    # a base64 encoded string.
+    def encryption_master_key_base64=(s)
+      @encryption_master_key = s ? Base64.strict_decode64(s) : nil
+    end
+
     ## INTERACT WITH THE API ##
 
     def resource(path)
@@ -362,7 +375,13 @@ module Pusher
     #
     def authenticate(channel_name, socket_id, custom_data = nil)
       channel_instance = channel(channel_name)
-      channel_instance.authenticate(socket_id, custom_data)
+      r = channel_instance.authenticate(socket_id, custom_data)
+      if channel_name.match(/^private-encrypted-/)
+        r[:shared_secret] = Base64.strict_encode64(
+          channel_instance.shared_secret(encryption_master_key)
+        )
+      end
+      r
     end
 
     # @private Construct a net/http http client
@@ -413,10 +432,17 @@ module Pusher
       channels = Array(channels).map(&:to_s)
       raise Pusher::Error, "Too many channels (#{channels.length}), max 10" if channels.length > 10
 
+      encoded_data = if channels.any?{ |c| c.match(/^private-encrypted-/) } then
+        raise Pusher::Error, "Cannot trigger to multiple channels if any are encrypted" if channels.length > 1
+        encrypt(channels[0], encode_data(data))
+      else
+        encode_data(data)
+      end
+
       params.merge({
         name: event_name,
         channels: channels,
-        data: encode_data(data),
+        data: encoded_data,
       })
     end
 
@@ -424,7 +450,11 @@ module Pusher
       {
         batch: events.map do |event|
           event.dup.tap do |e|
-            e[:data] = encode_data(e[:data])
+            e[:data] = if e[:channel].match(/^private-encrypted-/) then
+              encrypt(e[:channel], encode_data(e[:data]))
+            else
+              encode_data(e[:data])
+            end
           end
         end
       }
@@ -436,8 +466,37 @@ module Pusher
       MultiJson.encode(data)
     end
 
+    # Encrypts a message with a key derived from the master key and channel
+    # name
+    def encrypt(channel_name, encoded_data)
+      raise ConfigurationError, :encryption_master_key unless @encryption_master_key
+
+      # Only now load rbnacl, so that people that aren't using it don't need to
+      # install libsodium
+      require_rbnacl
+
+      secret_box = RbNaCl::SecretBox.new(
+        channel(channel_name).shared_secret(@encryption_master_key)
+      )
+
+      nonce = RbNaCl::Random.random_bytes(secret_box.nonce_bytes)
+      ciphertext = secret_box.encrypt(nonce, encoded_data)
+
+      MultiJson.encode({
+        "nonce" => Base64::strict_encode64(nonce),
+        "ciphertext" => Base64::strict_encode64(ciphertext),
+      })
+    end
+
     def configured?
       host && scheme && key && secret && app_id
     end
+
+    def require_rbnacl
+      require 'rbnacl'
+    rescue LoadError => e
+      $stderr.puts "You don't have rbnacl installed in your application. Please add it to your Gemfile and run bundle install"
+      raise e
+    end
   end
 end

data/lib/pusher/version.rb

@@ -1,3 +1,3 @@
 module Pusher
-  VERSION = '1.3.2'
+  VERSION = '1.4.3'
 end

data/pusher.gemspec

@@ -9,22 +9,23 @@ Gem::Specification.new do |s|
   s.authors     = ["Pusher"]
   s.email       = ["support@pusher.com"]
   s.homepage    = "http://github.com/pusher/pusher-http-ruby"
-  s.summary     = %q{Pusher API client}
-  s.description = %q{Wrapper for pusher.com REST api}
+  s.summary     = %q{Pusher Channels API client}
+  s.description = %q{Wrapper for Pusher Channels REST api: : https://pusher.com/channels}
   s.license     = "MIT"
 
-  s.add_dependency "multi_json", "~> 1.0"
+  s.add_dependency "multi_json", "~> 1.15"
   s.add_dependency 'pusher-signature', "~> 0.1.8"
-  s.add_dependency "httpclient", "~> 2.7"
+  s.add_dependency "httpclient", "~> 2.8"
   s.add_dependency "jruby-openssl" if defined?(JRUBY_VERSION)
 
-  s.add_development_dependency "rspec", "~> 3.0"
-  s.add_development_dependency "webmock"
-  s.add_development_dependency "em-http-request", "~> 1.1.0"
-  s.add_development_dependency "addressable", "=2.4.0"
-  s.add_development_dependency "rake", "~> 10.4.2"
-  s.add_development_dependency "rack", "~> 1.6.4"
-  s.add_development_dependency "json", "~> 1.8.3"
+  s.add_development_dependency "rspec", "~> 3.9"
+  s.add_development_dependency "webmock", "~> 3.9"
+  s.add_development_dependency "em-http-request", "~> 1.1"
+  s.add_development_dependency "addressable", "~> 2.7"
+  s.add_development_dependency "rake", "~> 13.0"
+  s.add_development_dependency "rack", "~> 2.2"
+  s.add_development_dependency "json", "~> 2.3"
+  s.add_development_dependency "rbnacl", "~> 7.1"
 
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")

data/spec/channel_spec.rb

@@ -167,4 +167,23 @@ describe Pusher::Channel do
       }.to raise_error Pusher::Error
     end
   end
+
+  describe `#shared_secret` do
+    before(:each) do
+      @channel.instance_variable_set(:@name, 'private-encrypted-1')
+    end
+
+    it 'should return a shared_secret based on the channel name and encryption master key' do
+      key = '3W1pfB/Etr+ZIlfMWwZP3gz8jEeCt4s2pe6Vpr+2c3M='
+      shared_secret = @channel.shared_secret(key)
+      expect(Base64.strict_encode64(shared_secret)).to eq(
+        "6zeEp/chneRPS1cbK/hGeG860UhHomxSN6hTgzwT20I="
+      )
+    end
+
+    it 'should return nil if missing encryption master key' do
+      shared_secret = @channel.shared_secret(nil)
+      expect(shared_secret).to be_nil
+    end
+  end
 end

data/spec/client_spec.rb

@@ -1,7 +1,12 @@
-require 'spec_helper'
+require 'base64'
 
+require 'rbnacl'
 require 'em-http'
 
+require 'spec_helper'
+
+encryption_master_key = RbNaCl::Random.random_bytes(32)
+
 describe Pusher do
   # The behaviour should be the same when using the Client object, or the
   # 'global' client delegated through the Pusher class
@@ -171,11 +176,22 @@ describe Pusher do
       end
     end
 
+    describe 'can set encryption_master_key_base64' do
+      it "sets encryption_master_key" do
+        @client.encryption_master_key_base64 =
+          Base64.strict_encode64(encryption_master_key)
+
+        expect(@client.encryption_master_key).to eq(encryption_master_key)
+      end
+    end
+
     describe 'when configured' do
       before :each do
         @client.app_id = '20'
         @client.key    = '12345678900000001'
         @client.secret = '12345678900000001'
+        @client.encryption_master_key_base64 =
+          Base64.strict_encode64(encryption_master_key)
       end
 
       describe '#[]' do
@@ -260,6 +276,19 @@ describe Pusher do
           })
         end
 
+        it 'should include a shared_secret if the private-encrypted channel' do
+          allow(MultiJson).to receive(:encode).with(@custom_data).and_return 'a json string'
+          @client.instance_variable_set(:@encryption_master_key, '3W1pfB/Etr+ZIlfMWwZP3gz8jEeCt4s2pe6Vpr+2c3M=')
+
+          response = @client.authenticate('private-encrypted-test_channel', '1.1', @custom_data)
+
+          expect(response).to eq({
+            :auth => "12345678900000001:#{hmac(@client.secret, "1.1:private-encrypted-test_channel:a json string")}",
+            :shared_secret => "o0L3QnIovCeRC8KTD8KBRlmi31dGzHVS2M93uryqDdw=",
+            :channel_data => 'a json string'
+          })
+        end
+
       end
 
       describe '#trigger' do
@@ -321,6 +350,46 @@ describe Pusher do
             }
           end
         end
+
+        it "should fail to publish to encrypted channels when missing key" do
+          @client.encryption_master_key_base64 = nil
+          expect {
+            @client.trigger('private-encrypted-channel', 'event', {'some' => 'data'})
+          }.to raise_error(Pusher::ConfigurationError)
+          expect(WebMock).not_to have_requested(:post, @api_path)
+        end
+
+        it "should fail to publish to multiple channels if one is encrypted" do
+          expect {
+            @client.trigger(
+              ['private-encrypted-channel', 'some-other-channel'],
+              'event',
+              {'some' => 'data'},
+            )
+          }.to raise_error(Pusher::Error)
+          expect(WebMock).not_to have_requested(:post, @api_path)
+        end
+
+        it "should encrypt publishes to encrypted channels" do
+          @client.trigger(
+            'private-encrypted-channel',
+            'event',
+            {'some' => 'data'},
+          )
+
+          expect(WebMock).to have_requested(:post, @api_path).with { |req|
+            data = MultiJson.decode(MultiJson.decode(req.body)["data"])
+
+            key = RbNaCl::Hash.sha256(
+              'private-encrypted-channel' + encryption_master_key
+            )
+
+            expect(MultiJson.decode(RbNaCl::SecretBox.new(key).decrypt(
+              Base64.strict_decode64(data["nonce"]),
+              Base64.strict_decode64(data["ciphertext"]),
+            ))).to eq({ 'some' => 'data' })
+          }
+        end
       end
 
       describe '#trigger_batch' do
@@ -352,6 +421,55 @@ describe Pusher do
             )
           }
         end
+
+        it "should fail to publish to encrypted channels when missing key" do
+          @client.encryption_master_key_base64 = nil
+          expect {
+            @client.trigger_batch(
+              {
+                channel: 'private-encrypted-channel',
+                name: 'event',
+                data: {'some' => 'data'},
+              },
+              {channel: 'mychannel', name: 'event', data: 'already encoded'},
+            )
+          }.to raise_error(Pusher::ConfigurationError)
+          expect(WebMock).not_to have_requested(:post, @api_path)
+        end
+
+        it "should encrypt publishes to encrypted channels" do
+          @client.trigger_batch(
+            {
+              channel: 'private-encrypted-channel',
+              name: 'event',
+              data: {'some' => 'data'},
+            },
+            {channel: 'mychannel', name: 'event', data: 'already encoded'},
+          )
+
+          expect(WebMock).to have_requested(:post, @api_path).with { |req|
+            batch = MultiJson.decode(req.body)["batch"]
+            expect(batch.length).to eq(2)
+
+            expect(batch[0]["channel"]).to eq("private-encrypted-channel")
+            expect(batch[0]["name"]).to eq("event")
+
+            data = MultiJson.decode(batch[0]["data"])
+
+            key = RbNaCl::Hash.sha256(
+              'private-encrypted-channel' + encryption_master_key
+            )
+
+            expect(MultiJson.decode(RbNaCl::SecretBox.new(key).decrypt(
+              Base64.strict_decode64(data["nonce"]),
+              Base64.strict_decode64(data["ciphertext"]),
+            ))).to eq({ 'some' => 'data' })
+
+            expect(batch[1]["channel"]).to eq("mychannel")
+            expect(batch[1]["name"]).to eq("event")
+            expect(batch[1]["data"]).to eq("already encoded")
+          }
+        end
       end
 
       describe '#trigger_async' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pusher
 version: !ruby/object:Gem::Version
-  version: 1.3.2
+  version: 1.4.3
 platform: ruby
 authors:
 - Pusher
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-10-17 00:00:00.000000000 Z
+date: 2020-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.15'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.15'
 - !ruby/object:Gem::Dependency
   name: pusher-signature
   requirement: !ruby/object:Gem::Requirement
@@ -44,113 +44,127 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.7'
+        version: '2.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.7'
+        version: '2.8'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.9'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.9'
 - !ruby/object:Gem::Dependency
   name: em-http-request
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.0
+        version: '1.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.0
+        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: addressable
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.4.0
+        version: '2.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.4.0
+        version: '2.7'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 10.4.2
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 10.4.2
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.6.4
+        version: '2.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.6.4
+        version: '2.2'
 - !ruby/object:Gem::Dependency
   name: json
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.3
+        version: '2.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: rbnacl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.3
-description: Wrapper for pusher.com REST api
+        version: '7.1'
+description: 'Wrapper for Pusher Channels REST api: : https://pusher.com/channels'
 email:
 - support@pusher.com
 executables: []
@@ -159,6 +173,7 @@ extra_rdoc_files: []
 files:
 - ".document"
 - ".gemtest"
+- ".github/stale.yml"
 - ".gitignore"
 - ".travis.yml"
 - CHANGELOG.md
@@ -167,6 +182,8 @@ files:
 - README.md
 - Rakefile
 - examples/async_message.rb
+- examples/presence_channels/presence_channels.rb
+- examples/presence_channels/public/presence_channels.html
 - lib/pusher.rb
 - lib/pusher/channel.rb
 - lib/pusher/client.rb
@@ -199,11 +216,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
-summary: Pusher API client
+summary: Pusher Channels API client
 test_files:
 - spec/channel_spec.rb
 - spec/client_spec.rb