chore(rust): chat server env, veza-common auth, stream server routes/websocket

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-11 22:19:17 +01:00 · 2026-02-11 22:19:17 +01:00 · a83a76e942
commit a83a76e942
parent 30f17dfc2a
5 changed files with 8 additions and 6 deletions
--- a/veza-chat-server/.env.lab.example
+++ b/veza-chat-server/.env.lab.example
@ -3,8 +3,8 @@

 # Base de données (avec schema chat forcé)
 # Note: Les scripts lab ajoutent automatiquement options=-c search_path=chat si absent
-VEZA_LAB_DSN="postgres://veza:veza_password@localhost:5432/veza_lab?sslmode=disable"
-DATABASE_URL="postgres://veza:veza_password@localhost:5432/veza_lab?sslmode=disable&options=-c%20search_path=chat"
+VEZA_LAB_DSN="postgres://veza:veza_password@veza.fr:5432/veza_lab?sslmode=disable"
+DATABASE_URL="postgres://veza:veza_password@veza.fr:5432/veza_lab?sslmode=disable&options=-c%20search_path=chat"

 # Serveur
 CHAT_SERVER_PORT=8081
--- a/veza-common/Cargo.toml
+++ b/veza-common/Cargo.toml
@ -52,7 +52,7 @@ sha2 = "0.10"
 hmac = "0.12"
 base64 = "0.21"
 rand = "0.8"
-totp-rs = "5.4"
+totp-rs = { version = "5.4", features = ["otpauth"] }

 # HTTP client
 reqwest = { version = "0.11", features = ["json"] }
--- a/veza-common/src/auth.rs
+++ b/veza-common/src/auth.rs
@ -354,6 +354,8 @@ pub fn validate_totp_code(secret: &str, code: &str, _window: i64) -> VezaResult<
        30,
        secret_obj.to_bytes()
            .map_err(|e| VezaError::Auth(format!("Invalid TOTP secret: {}", e)))?,
+        None,
+        "".to_string(),
    ).map_err(|e| VezaError::Auth(format!("Invalid TOTP secret: {}", e)))?;
    
    let is_valid = totp.check_current(code)
--- a/veza-stream-server/src/routes/api.rs
+++ b/veza-stream-server/src/routes/api.rs
@ -149,7 +149,7 @@ async fn internal_transcode_handler(
    headers: HeaderMap,
    Json(payload): Json<serde_json::Value>,
 ) -> Result<Json<serde_json::Value>, (StatusCode, String)> {
-    // SECURITY: Require X-Internal-API-Key when INTERNAL_API_KEY is set
+    // SECURITY: Require X-Internal-API-Key when INTERNAL_API_KEY is set (P1.1.2)
    if let Ok(expected_key) = std::env::var("INTERNAL_API_KEY") {
        if !expected_key.is_empty() {
            let provided = headers
--- a/veza-stream-server/src/streaming/websocket.rs
+++ b/veza-stream-server/src/streaming/websocket.rs
@ -313,7 +313,7 @@ impl WebSocketManager {
        };

        if let Ok(json) = serde_json::to_string(&welcome_event) {
-            if let Err(e) = sender_ws.send(Message::Text(json)).await {
+            if let Err(e) = sender_ws.send(Message::Text(json.into())).await {
                tracing::warn!("Erreur envoi message bienvenue: {}", e);
            }
        }
@ -416,7 +416,7 @@ impl WebSocketManager {

                if should_send {
                    if let Ok(json) = serde_json::to_string(&event) {
-                        if let Err(e) = sender_ws.send(Message::Text(json)).await {
+                        if let Err(e) = sender_ws.send(Message::Text(json.into())).await {
                            tracing::warn!(
                                "Erreur envoi événement à {}: {}",
                                connection_id_clone,