Add user verification for server API #37
Conversation
✅ Deploy Preview for is-this-thing-on ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
| setRooms(rooms); | ||
| let [rooms, userToken] = await Promise.all([ | ||
| getRoomsWhereUserISAdmin(uid), | ||
| auth.currentUser?.getIdToken(), |
There was a problem hiding this comment.
I tried to use the user from UserStore at first, but for some reason it couldn't find the getIdToken method.
|
@bhaviksingh This needs a server deployment, so will defer to you to merge this PR and deploy since I don't have those permissions I think :D |
There was a problem hiding this comment.
Ahhh completely missed this. Do you still want to try and merge it? My suggestion would be to merge into #55 , and then merge together?
|
Hmm, let's try to keep them separate if possible but I'll get this branch up to date to avoid conflicts. After that:
|
|
Hey - at this point, I may recommend just deprecating this branch :(There's lots of stuff in here that is no longer relevant. The roomManagement UI (that this effects, with RTMPS URLs / reset stream key functionality) has pretty much entirely changed and not really needed anymore If you think it's important for the experience for the show to have the server / stream authenticated (which seems smart), maybe we do it in a new branch? |
Changes
Context
Provides some additional protections since the server is now being relied on for more administrative features (e.g. streaming directly from the browser.)
This was a bit lower on our priority list, but I realized it would be fairly straightforward to implement following the Firebase authentication guidance.
Testing
Verified that I get a forbidden error without auth:
curl -X GET http://localhost:4000/stream-keys/soft Forbidden curl -X GET -H "Authorization: Bearer 123" http://localhost:4000/stream-key/soft ForbiddenVerified that Admin page still showed stream keys when I am an admin for a given room.
Relevant Issues
Closes #35