I'm building a chat app using Django channels. Now the app allow users to watch any chat rooms if they know the urls for them.
I wanna restrict access to each chat room except certain two people. How do I realize that on Django channels? How do I allow only certain users to access to a url on Django app in general?
Url for chat rooms in my chat app is following.
In a Django app (no channels for now) what you would do is first enforce authentication (using for instance the login_required decorator) and then check request.user for any conditions that you want to satisfy. There are many ways to achieve this, but I guess the one I described is the easiest.
As for Django Channels, you will have to do something rather similar. For the sake of an example, let's say you are using WebSockets. What you can do is set a token that is sent in every 'subscribe' request, and then map that token to a user. If the mapping satisfies all your criteria (is a valid token that maps to one of the users that can access the endpoint) you add them to the group, otherwise you do not. Here is a guide for JWT tokens that you can use.
