Handle server live authentication inside WebSocket connection #67

New issue

Closed

opened 2026-04-30 23:50:50 +00:00 by luca0N · 2 comments

luca0N commented

2026-04-30 23:50:50 +00:00

Owner

The WebSocket API does not offer any functionality for specifying headers. As such, the current authentication check implemented in the live endpoint handler cannot be used in any browser.

The server should perform session validation after a WebSocket connection has been established.

The [WebSocket API](https://developer.mozilla.org/en-US/docs/Web/API/WebSocket/WebSocket) does not offer any functionality for specifying headers. As such, the current authentication check implemented in the live endpoint handler cannot be used in any browser. The server should perform session validation after a WebSocket connection has been established.

luca0N added the

Kind/Bug

Priority

Critical

labels

2026-04-30 23:50:50 +00:00

luca0N self-assigned this

2026-04-30 23:50:50 +00:00

luca0N added this to the v1.0.0 project

2026-04-30 23:50:50 +00:00

luca0N added a new dependency

2026-05-02 23:37:15 +00:00

#56 Refactor server WebSocket comms

luca0N commented

2026-05-02 23:38:31 +00:00

Author

Owner

Added #56 as a dependency, as otherwise the current code would be too long, complex, prone to errors and bugs, and would be quite lacking in code quality.

I am planning on refactoring WebSocket I/O operations, more specifically.

Added #56 as a dependency, as otherwise the current code would be too long, complex, prone to errors and bugs, and would be quite lacking in code quality. I am planning on refactoring WebSocket I/O operations, more specifically.

luca0N referenced this issue from a commit

2026-05-03 23:53:49 +00:00

Refactor live code and remove HTTP auth (fixes #56)

luca0N commented

2026-05-04 23:42:09 +00:00

Author

Owner

I am currently taking this rework as an opportunity to have an initial handshake instead of having the client send the protocol version in every single packet¹.

server/ws.go
Line 76 in 2bc8b9e
// TODO: remove Version from the packet; there is no need to send this in
↩︎

I am currently taking this rework as an opportunity to have an initial handshake instead of having the client send the protocol version in every single packet[^1]. [^1]: https://git.luca0n.com/luca0N/lanbassador/src/commit/2bc8b9e5bf6f573c367930702ccb3b671929d708/server/ws.go#L76

luca0N added a new dependency

2026-05-05 23:19:54 +00:00

#69 Enhance live connection handshake interpretation in server

luca0N added a new dependency

2026-05-07 23:18:06 +00:00

#70 Update live connection handshake structure

luca0N closed this issue

2026-05-07 23:58:50 +00:00