Admin-only page at /admin with:
- Create user form (username, password, admin toggle)
- User list table with edit and delete actions
- Inline user editing (change password, toggle admin role)
- Inline permission editor with per-app checkboxes grouped by server
- Access guarded by checking is_admin from /api/auth/me
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Authorization Bearer header to all fetch calls (apps, stream
start). Handle 401 responses by clearing token and redirecting to
login. Pass stream_token from the stream start response through to
the WebTransport URL as a query parameter for proxy authentication.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add authentication flow to the frontend:
- authStore with token management (localStorage persistence)
- Login page with username/password form at /login
- Layout-level auth guard that redirects to /login when no valid
session exists, validates token on load via GET /api/auth/me
- Top navigation bar showing username and admin link when applicable
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Generate a random 256-bit token when spawning a proxy process, pass
it as a CLI argument, and return it to the client in the stream start
response. The proxy validates the token on WebTransport connect and
consumes it after first use, preventing replay. A wrong token attempt
also consumes the token for security. Includes 5 unit tests for token
validation logic.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Move /api/pair, /api/apps, and /api/stream/start under the session
auth middleware so they require a valid session token. Add app-level
permission filtering: non-admin users only see and can stream apps
they have been explicitly granted access to. Admins bypass all
permission checks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add authentication and authorization infrastructure:
- SQLite database (db.rs) with users, sessions, and app permissions tables
- Password hashing with argon2
- Session-based auth with random 256-bit tokens
- Auth middleware (session validation) and admin middleware
- Login/logout/me endpoints
- Admin CRUD endpoints for user and permission management
- Auto-seed default admin user on first run
- 23 unit tests covering all DB operations
Existing API endpoints are not yet gated behind auth.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- changed the backend to append the buffers together and dispatch them
as such (this is what moonlight-embedded does)
- fixed the frontend trying to playback an empty buffer because types
are hard (this is why I should have used protobuf...)
- added a small frontend for starting
- added logic to serve the frontend
- split out the gamestream logic into a separate process
- added logic to scaffold the separate proxy process
- Added (working) apps endpoint
- Added config file (actually a state file) wrapper to handle shared
mutability
- Refactored base url and http get shared code into common
- Added tracing based logging and converted debug statemets to it
- More things that I forgot
restitux