Talon/chat_grid
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Require auth session for media proxy

Browse Source
This commit is contained in:
Jage9
2026-03-08 21:44:27 -04:00
parent 47d4a61256
commit 6e8ecf44c1
6 changed files with 146 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/runtime-flow.md
View File

@@ -12,6 +12,7 @@
7. Server sends `auth_result`.
- includes role + permissions for authenticated session.
8. Client persists authenticated session into a server-managed `HttpOnly` cookie via `GET /auth/session/set` (`Authorization: Bearer <sessionToken>`, `X-Chgrid-Auth-Client: 1`), and clears it via `GET /auth/session/clear` (`X-Chgrid-Auth-Client: 1`) on logout/session errors.
- the optional PHP media proxy validates that same cookie through `GET /auth/session/check` before relaying media
9. Server sends `welcome` with users/items snapshot.
10. Client:
- applies `welcome.worldConfig.gridSize` for authoritative grid bounds/rendering