senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-stream-server
History
senke db47f203f6 fix(security): implement JWT auth on stream-server WebSocket 
- Validate JWT token via AuthManager before accepting WebSocket connections
- Extract user_id from validated token claims instead of trusting query params
- Reject unauthenticated connections with 401 Unauthorized
- Add `authenticated` field to WebSocketConnection struct
- Update websocket_handler_wrapper to handle auth error responses

Previously, the WebSocket handler accepted all connections without
validating the token (comment: "pour l'instant, on accepte la connexion").
Now requires a valid JWT token via ?token= query param or Authorization header.

Addresses audit finding: A01 (Broken Access Control) — CRITICAL.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-11 22:41:35 +01:00
..
.github/workflows adding initial stream server (Rust) 2025-12-03 20:36:56 +01:00
audio adding initial stream server (Rust) 2025-12-03 20:36:56 +01:00
benches adding initial stream server (Rust) 2025-12-03 20:36:56 +01:00
dashboards adding initial stream server (Rust) 2025-12-03 20:36:56 +01:00
docs P0: stabilisation backend/chat/stream + nouvelle base migrations v1 2025-12-06 11:14:38 +01:00
k8s/production adding initial stream server (Rust) 2025-12-03 20:36:56 +01:00
migrations report generation and future tasks selection 2025-12-08 19:57:54 +01:00
proto adding initial stream server (Rust) 2025-12-03 20:36:56 +01:00
scripts report generation and future tasks selection 2025-12-08 19:57:54 +01:00
src fix(security): implement JWT auth on stream-server WebSocket 2026-02-11 22:41:35 +01:00
tools adding initial stream server (Rust) 2025-12-03 20:36:56 +01:00
.clippy.toml adding initial stream server (Rust) 2025-12-03 20:36:56 +01:00
.env.example fix(security): validate OAuth redirect URL against allowlist, require auth for internal transcode endpoint 2026-02-11 21:28:26 +01:00
.gitignore report generation and future tasks selection 2025-12-08 19:57:54 +01:00
AUDIT_EXHAUSTIF_STREAM_SERVER.md refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
AUDIT_STREAM_SERVER_RUST.md adding initial stream server (Rust) 2025-12-03 20:36:56 +01:00
build.rs [T0-002] fix(rust): Corriger erreurs compilation Rust 2026-01-04 01:44:20 +01:00
Cargo.toml feat(stream): add JWT revocation persistante Redis (P3.1) 2026-02-11 22:10:07 +01:00
check_errors.txt report generation and future tasks selection 2025-12-08 19:57:54 +01:00
docker-compose.production.yml adding initial stream server (Rust) 2025-12-03 20:36:56 +01:00
docker-compose.yml adding initial stream server (Rust) 2025-12-03 20:36:56 +01:00
Dockerfile report generation and future tasks selection 2025-12-08 19:57:54 +01:00
Dockerfile.production adding initial stream server (Rust) 2025-12-03 20:36:56 +01:00
env.example adding initial stream server (Rust) 2025-12-03 20:36:56 +01:00
install.sh adding initial stream server (Rust) 2025-12-03 20:36:56 +01:00
Makefile adding initial stream server (Rust) 2025-12-03 20:36:56 +01:00
RAPPORT_LAB.md report generation and future tasks selection 2025-12-08 19:57:54 +01:00
sync_errors.txt report generation and future tasks selection 2025-12-08 19:57:54 +01:00
sync_test_error.txt report generation and future tasks selection 2025-12-08 19:57:54 +01:00
test_output.txt report generation and future tasks selection 2025-12-08 19:57:54 +01:00