restitux/gamestream-webtransport-proxy
1
0
Fork 0
Code Issues Pull Requests 6 Actions Packages Projects Releases Wiki Activity

backend: gate existing endpoints behind auth and app permissions #2

Open
restitux wants to merge 1 commits from auth/2-gate-endpoints into auth/1-user-management
pull from: auth/2-gate-endpoints
merge into: restitux:auth/1-user-management
Conversation 3 Commits 1 Files Changed 3
+57 -5
restitux commented 2026-04-16 05:18:04 +00:00
Owner
Copy Link
Copy Source

Move /api/pair, /api/apps, and /api/stream/start under the session
auth middleware so they require a valid session token. Add app-level
permission filtering: non-admin users only see and can stream apps
they have been explicitly granted access to. Admins bypass all
permission checks.

Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

Move /api/pair, /api/apps, and /api/stream/start under the session auth middleware so they require a valid session token. Add app-level permission filtering: non-admin users only see and can stream apps they have been explicitly granted access to. Admins bypass all permission checks. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
restitux reviewed 2026-04-16 15:07:21 +00:00
gamestream-webtransport-proxy/src/apps.rs Outdated
@@ -144,2 +146,4 @@
}
// Filter apps by user permissions (admins see everything)
if let Some(ref user) = user {
restitux commented 2026-04-16 15:07:21 +00:00
Author
Owner
Copy Link
Copy Source

I don't like this; we should be hard failing if the depot doesn't contain a user. I will upload a version that fixes this.

I don't like this; we should be hard failing if the depot doesn't contain a user. I will upload a version that fixes this.
restitux reviewed 2026-04-16 15:12:38 +00:00
gamestream-webtransport-proxy/src/stream.rs Outdated
@@ -88,2 +90,4 @@
});
// Check app permission
if let Some(user) = auth::get_user_from_depot(depot) {
restitux commented 2026-04-16 15:12:38 +00:00
Author
Owner
Copy Link
Copy Source

Same issue here.

Same issue here.
restitux marked this conversation as resolved
restitux added 1 commit 2026-04-16 15:16:18 +00:00
backend: gate existing endpoints behind auth and app permissions 826a3b59c9 
Move /api/pair, /api/apps, and /api/stream/start under the session
auth middleware so they require a valid session token. Add app-level
permission filtering: non-admin users only see and can stream apps
they have been explicitly granted access to. Admins bypass all
permission checks.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
restitux force-pushed auth/2-gate-endpoints from bfe2d79a59 to 826a3b59c9 2026-04-16 15:16:18 +00:00 Compare
restitux reviewed 2026-04-16 15:19:26 +00:00
restitux left a comment
Author
Owner
Copy Link
Copy Source

Code looks good, need to test manually.

Code looks good, need to test manually.
restitux marked the pull request as ready for review 2026-04-16 15:19:36 +00:00
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin auth/2-gate-endpoints:auth/2-gate-endpoints
git checkout auth/2-gate-endpoints
Sign in to join this conversation.
Reviewers
No Reviewers
restitux
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
restitux (restitux)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: restitux/gamestream-webtransport-proxy#2
Delete Branch "auth/2-gate-endpoints"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?