NowChessSystems

NowChess/NowChessSystems

Fork 0

Files

T

History

lq64 343e2bdd10

Build & Test (NowChessSystems) TeamCity build failed

Details

fix: NCS-122 authenticate WebSocket connections via first-message auth (#73 )

Replace header-based auth (not possible with browser WebSocket API) with a
first-message auth protocol: client sends {"type":"auth","token":"<JWT>"}
as the first text frame; server validates and proceeds or closes the connection.

Both GameWebSocketResource and UserWebSocketResource now hold incoming
connections in a pendingAuth set until the auth frame arrives, preventing
any game or event messages from being processed before identity is established.

Also removes the broken Bearer-prefix handling that caused header-based auth
to silently fail even for non-browser clients.

---------

Co-authored-by: LQ63 <lkhermann@web.de>
Reviewed-on: #73
Co-authored-by: Leon Hermann <lq@blackhole.local>
Co-committed-by: Leon Hermann <lq@blackhole.local>

2026-06-17 10:42:52 +02:00

account

ci: bump version with Build-125

2026-06-17 07:24:13 +00:00

analysis

ci: bump version with Build-123

2026-06-15 20:52:53 +00:00

analytics

feat(official-bots): park expert bot on tournament server at startup (#76 )

2026-06-17 10:42:42 +02:00

api

ci: bump version with Build-118