search

soft-networks / is-this-thing-on

is this thing on?
5 stars 0 forks source link

Add user verification for server API #37

Open kyeah opened 3 months ago

kyeah commented 3 months ago

Changes

Context

Provides some additional protections since the server is now being relied on for more administrative features (e.g. streaming directly from the browser.)

This was a bit lower on our priority list, but I realized it would be fairly straightforward to implement following the Firebase authentication guidance.

Testing

Verified that I get a forbidden error without auth:

curl -X GET http://localhost:4000/stream-keys/soft
Forbidden

curl -X GET -H "Authorization: Bearer 123" http://localhost:4000/stream-key/soft
Forbidden

Verified that Admin page still showed stream keys when I am an admin for a given room.

Relevant Issues

Closes #35

netlify[bot] commented 3 months ago

Deploy Preview for is-this-thing-on ready!

Name Link
Latest commit 5eb0b132495502507165e922f3977e50c7a60214
Latest deploy log https://app.netlify.com/sites/is-this-thing-on/deploys/674aa742a1ee310008de16d7
Deploy Preview https://deploy-preview-37--is-this-thing-on.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

Lighthouse		 1 paths audited
Performance: 51 (🔴 down 43 from production)
Accessibility: 82 (🟢 up 1 from production)
Best Practices: 92 (no change from production)
SEO: 73 (no change from production)
PWA: -
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify site configuration.

kyeah commented 2 months ago

@bhaviksingh This needs a server deployment, so will defer to you to merge this PR and deploy since I don't have those permissions I think :D

kyeah commented 4 days ago

Hmm, let's try to keep them separate if possible but I'll get this branch up to date to avoid conflicts. After that:

1) Merge #55 2) Merge this and get the server changes deployed