restitux/gamestream-webtransport-proxy
1
0
Fork 0
Code Issues Pull Requests 6 Actions Packages Projects Releases Wiki Activity

WIP: backend: add single-use token auth for spawned stream proxies #3

Draft
restitux wants to merge 1 commits from auth/3-stream-proxy-token into auth/2-gate-endpoints
pull from: auth/3-stream-proxy-token
merge into: restitux:auth/2-gate-endpoints
Conversation 1 Commits 1 Files Changed 4
+109 -8
restitux commented 2026-04-16 05:18:21 +00:00
Owner
Copy Link
Copy Source

Generate a random 256-bit token when spawning a proxy process, pass
it as a CLI argument, and return it to the client in the stream start
response. The proxy validates the token on WebTransport connect and
consumes it after first use, preventing replay. A wrong token attempt
also consumes the token for security. Includes 5 unit tests for token
validation logic.

Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

Generate a random 256-bit token when spawning a proxy process, pass it as a CLI argument, and return it to the client in the stream start response. The proxy validates the token on WebTransport connect and consumes it after first use, preventing replay. A wrong token attempt also consumes the token for security. Includes 5 unit tests for token validation logic. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
restitux reviewed 2026-04-16 15:36:09 +00:00
gamestream-webtransport-proxy/src/proxy/mod.rs Outdated
@@ -80,1 +80,4 @@
/// Validate a provided token against the stored token. Consumes the token on success (single-use).
/// Returns Ok(()) if valid, Err with description if invalid or already consumed.
pub async fn validate_stream_token(proxy: &Proxy, provided: &str) -> std::result::Result<(), String> {
restitux commented 2026-04-16 15:36:09 +00:00
Author
Owner
Copy Link
Copy Source

This function exists but is only used by the tests and not the actual code. I will upload a fix for this.

This function exists but is only used by the tests and not the actual code. I will upload a fix for this.
restitux marked this conversation as resolved
restitux added 1 commit 2026-04-16 15:43:11 +00:00
backend: add single-use token auth for spawned stream proxies b8c705554f 
Generate a random 256-bit token when spawning a proxy process, pass
it as a CLI argument, and return it to the client in the stream start
response. The proxy validates the token on WebTransport connect and
consumes it after first use, preventing replay. A wrong token attempt
also consumes the token for security. Includes 5 unit tests for token
validation logic.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
restitux force-pushed auth/3-stream-proxy-token from 0fd90e8935 to b8c705554f 2026-04-16 15:43:11 +00:00 Compare
This pull request is marked as a work in progress.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin auth/3-stream-proxy-token:auth/3-stream-proxy-token
git checkout auth/3-stream-proxy-token
Sign in to join this conversation.
Reviewers
No Reviewers
restitux
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
restitux (restitux)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: restitux/gamestream-webtransport-proxy#3
Delete Branch "auth/3-stream-proxy-token"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?