fix(security): remove hardcoded credentials from stream server auth

Co-authored-by: Cursor <cursoragent@cursor.com>

veza-stream-server/src/auth/mod.rs

@@ -151,64 +151,15 @@ impl AuthManager {
         })
     }
 
+    /// Authenticate user. Stream server does NOT support direct login.
+    /// Users must obtain JWT from backend API (/api/v1/auth/login). This endpoint
+    /// always returns InvalidCredentials for security.
     pub async fn authenticate_user(
         &self,
-        username: &str,
-        password: &str,
+        _username: &str,
+        _password: &str,
     ) -> Result<UserInfo, AuthError> {
-        // Simuler une authentification (à remplacer par votre logique réelle)
-        if username == "admin" && password == "admin123" {
-            Ok(UserInfo {
-                id: "550e8400-e29b-41d4-a716-446655440001".to_string(), // UUID
-                username: username.to_string(),
-                email: Some("admin@example.com".to_string()),
-                roles: vec![Role::Admin],
-                permissions: vec![
-                    Permission::StreamAudio,
-                    Permission::StreamHighQuality,
-                    Permission::StreamUnlimited,
-                    Permission::ViewAnalytics,
-                    Permission::ManageUsers,
-                    Permission::SystemAdmin,
-                    Permission::AccessAPI,
-                ],
-                subscription_tier: SubscriptionTier::Enterprise,
-                created_at: SystemTime::now()
-                    .duration_since(UNIX_EPOCH)
-                    .map(|d| d.as_secs())
-                    .unwrap_or(0),
-                last_login: SystemTime::now()
-                    .duration_since(UNIX_EPOCH)
-                    .map(|d| d.as_secs())
-                    .unwrap_or(0),
-            })
-        } else if username == "user" && password == "user123" {
-            Ok(UserInfo {
-                id: "550e8400-e29b-41d4-a716-446655440002".to_string(), // UUID
-                username: username.to_string(),
-                email: Some("user@example.com".to_string()),
-                roles: vec![Role::User],
-                permissions: vec![
-                    Permission::StreamAudio,
-                    Permission::CreatePlaylists,
-                    Permission::ShareContent,
-                    Permission::Comment,
-                    Permission::Like,
-                ],
-                subscription_tier: SubscriptionTier::Free,
-                created_at: SystemTime::now()
-                    .duration_since(UNIX_EPOCH)
-                    .map(|d| d.as_secs())
-                    .unwrap_or(0)
-                    .saturating_sub(86400),
-                last_login: SystemTime::now()
-                    .duration_since(UNIX_EPOCH)
-                    .map(|d| d.as_secs())
-                    .unwrap_or(0),
-            })
-        } else {
-            Err(AuthError::InvalidCredentials)
-        }
+        Err(AuthError::InvalidCredentials)
     }
 
     pub async fn generate_tokens(