backend: gate existing endpoints behind auth and app permissions #2

Open

restitux wants to merge 1 commits from auth/2-gate-endpoints into auth/1-user-management

Author	SHA1	Message	Date
restitux	826a3b59c9	backend: gate existing endpoints behind auth and app permissions Move /api/pair, /api/apps, and /api/stream/start under the session auth middleware so they require a valid session token. Add app-level permission filtering: non-admin users only see and can stream apps they have been explicitly granted access to. Admins bypass all permission checks. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-16 15:12:22 +00:00

Author

SHA1

Message

Date

restitux

826a3b59c9

backend: gate existing endpoints behind auth and app permissions

Move /api/pair, /api/apps, and /api/stream/start under the session
auth middleware so they require a valid session token. Add app-level
permission filtering: non-admin users only see and can stream apps
they have been explicitly granted access to. Admins bypass all
permission checks.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-04-16 15:12:22 +00:00

backend: gate existing endpoints behind auth and app permissions #2

1 Commits