Add authentication flow to the frontend:
- authStore with token management (localStorage persistence)
- Login page with username/password form at /login
- Layout-level auth guard that redirects to /login when no valid
session exists, validates token on load via GET /api/auth/me
- Top navigation bar showing username and admin link when applicable
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Generate a random 256-bit token when spawning a proxy process, pass
it as a CLI argument, and return it to the client in the stream start
response. The proxy validates the token on WebTransport connect and
consumes it after first use, preventing replay. A wrong token attempt
also consumes the token for security. Includes 5 unit tests for token
validation logic.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Move /api/pair, /api/apps, and /api/stream/start under the session
auth middleware so they require a valid session token. Add app-level
permission filtering: non-admin users only see and can stream apps
they have been explicitly granted access to. Admins bypass all
permission checks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add authentication and authorization infrastructure:
- SQLite database (db.rs) with users, sessions, and app permissions tables
- Password hashing with argon2
- Session-based auth with random 256-bit tokens
- Auth middleware (session validation) and admin middleware
- Login/logout/me endpoints
- Admin CRUD endpoints for user and permission management
- Auto-seed default admin user on first run
- 23 unit tests covering all DB operations
Existing API endpoints are not yet gated behind auth.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- changed the backend to append the buffers together and dispatch them
as such (this is what moonlight-embedded does)
- fixed the frontend trying to playback an empty buffer because types
are hard (this is why I should have used protobuf...)
- added a small frontend for starting
- added logic to serve the frontend
- split out the gamestream logic into a separate process
- added logic to scaffold the separate proxy process
- Added (working) apps endpoint
- Added config file (actually a state file) wrapper to handle shared
mutability
- Refactored base url and http get shared code into common
- Added tracing based logging and converted debug statemets to it
- More things that I forgot
restitux