What I'm trying to do
I have a user_notifications DB
I have a trigger on the DB that sends a Realtime Event to my "notifications" Realtime channel
Because my software is a single-tenant environment, all notifications for all users are being sent to the channel
I want to make sure that users on the front-end (WeWeb) will only see notifications that belong to them
Question
I can filter notifications on the front-end by a user_id variable.
While I'm not well versed in software security, this seems a little bit sketchy as each user instance will still be receiving ALL notifications.
Is there a way to add authentication to Realtime events so the user's instance will not even receive another user's notifications?
Or will filtering the notifications on the front-end suffice from a "best-practices" perspective.