restitux/gamestream-webtransport-proxy
1
0
Fork 0
Code Issues Pull Requests 6 Actions Packages Projects Releases Wiki Activity

Compare commits

base: restitux/gamestream-webtransport-proxy:917acfdb27874178dbc112800ccdd87ef36339e6
Branches Tags
restitux/gamestream-webtransport-proxy:main restitux/gamestream-webtransport-proxy:auth/3-stream-proxy-token restitux/gamestream-webtransport-proxy:auth/4-frontend-login restitux/gamestream-webtransport-proxy:auth/5-attach-credentials restitux/gamestream-webtransport-proxy:auth/6-admin-panel restitux/gamestream-webtransport-proxy:auth/2-gate-endpoints restitux/gamestream-webtransport-proxy:auth/1-user-management
..
compare: restitux/gamestream-webtransport-proxy:00e38c9e17d6b741d7441fa913d8f45972e7ba33
Branches Tags
restitux/gamestream-webtransport-proxy:auth/3-stream-proxy-token restitux/gamestream-webtransport-proxy:auth/4-frontend-login restitux/gamestream-webtransport-proxy:auth/5-attach-credentials restitux/gamestream-webtransport-proxy:auth/6-admin-panel restitux/gamestream-webtransport-proxy:auth/2-gate-endpoints restitux/gamestream-webtransport-proxy:auth/1-user-management restitux/gamestream-webtransport-proxy:main

2 Commits
917acfdb27 .. 00e38c9e17

Author SHA1 Message Date
restitux 00e38c9e17 frontend: add login page and auth guard 
Add authentication flow to the frontend:
- authStore with token management (localStorage persistence)
- Login page with username/password form at /login
- Layout-level auth guard that redirects to /login when no valid
  session exists, validates token on load via GET /api/auth/me
- Top navigation bar showing username and admin link when applicable

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-16 15:12:25 +00:00
restitux 9e650e1f75 backend: add single-use token auth for spawned stream proxies 
Generate a random 256-bit token when spawning a proxy process, pass
it as a CLI argument, and return it to the client in the stream start
response. The proxy validates the token on WebTransport connect and
consumes it after first use, preventing replay. A wrong token attempt
also consumes the token for security. Includes 5 unit tests for token
validation logic.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-16 15:12:25 +00:00
1 changed files with 2 additions and 3 deletions
Expand all files Collapse all files
gamestream-webtransport-proxy/src/proxy/mod.rs
+2 -3
View File
@@ -85,9 +85,8 @@ pub async fn validate_stream_token(proxy: &Proxy, provided: &str) -> std::result
match token_guard.take() { match token_guard.take() {
Some(expected) if expected == provided => Ok(()), Some(expected) if expected == provided => Ok(()),
Some(_) => { Some(_) => {
// Wrong token: still consumed by the `take()` above. Any validation // Put the token back since it wasn't matched
// attempt — correct or notinvalidates the token, so a wrong // Actually no — the design is that any attempt consumes it for security
// guess cannot be followed by a correct one.
Err("Invalid stream token".to_string()) Err("Invalid stream token".to_string())
} }
None => Err("Stream token already used".to_string()), None => Err("Stream token already used".to_string()),