How to prevent spam when using websocket-rails gem?

To implement tic-tac-toe, consider the following:

One player sends a move, triggering an event on the main controller.

var dispatcher = new WebSocketRails('localhost:3000/websocket'); var channel = dispatcher.subscribe_private('private_game'); channel.bind('new_move', function(move) { // received new move, process it }); // later on when we want to send a move to the server we run the following code var move = { square: ...; } dispatcher.trigger('move', move); 

On the server, the controller can check if the user is allowed for this particular tic-tac-toe game. And then he can broadcast the move for both players.

 class TicTacToeController < WebsocketRails::BaseController def move # code to verify the move is valid and save to database ... # broadcast move to all players WebsocketRails[:private_game].trigger(:new_move, message) end end 

But there is nothing to guarantee that the client sends messages only with the help of the main dispatcher. Channel 'private_game', presumably, will be used only by the server for broadcasting moves. But a hostile client could send random data to it using

 channel.trigger('new_move', randomdata); 

Since channel events do not go through the Event Router and thus do not go through the Controller action, there is nothing on the server side to filter out random spam.

Is there a way to stop random spam on the server? Perhaps I do not understand how to use websocket-rails?