@epicgames-ps/lib-pixelstreamingsignalling-ue5.6
0.4.0
Minor Changes
- 568133c: Add extension points so consumers can plug in their own authentication and authorization without the library shipping an auth scheme. Connections now expose the HTTP upgrade
request(IStreamer.request/IPlayer.request) so identity attached during averifyClientcheck survives to later decisions, andIServerConfig.authorizeStreamerIdlets a consumer authorize, override (e.g. namespace per tenant), or reject the id a streamer registers as — the seam for preventing streamer-id squatting. Default behaviour is unchanged when these are not supplied. SeeDocs/Security-Guidelines.md.
Patch Changes
- 1d54751: Enforce streamer/player subscription when routing signalling messages. Previously
StreamerConnection.forwardMessage,StreamerConnection.onDisconnectPlayerRequestandSFUConnection.sendToPlayerresolved their target via the global player registry without checking that the player was subscribed to the sending streamer/SFU. On a signalling server shared by multiple streamers this let one streamer send forgedoffer/answer/iceCandidatemessages to, or disconnect, players belonging to another streamer. These paths now drop messages for players that are not in the streamer'ssubscribersset. SFU connections now register themselves as a subscriber of their upstream streamer so messages destined for the SFU continue to be forwarded.
0.3.0
Minor Changes
- b0550d4: Add CORS support to the signalling web server. A new
IWebServerConfig.corsoption registers thecorsExpress middleware before the rate limiter and any route handlers, so that custom frontends hosted on a different origin can call the REST API (--rest_api) or any other route mounted on the app. Wilbur exposes this through a--corsCLI flag (default off) plus--cors_allowed_origins,--cors_allowed_methods,--cors_allowed_headers, and--cors_credentials. All four sub-options accept comma-separated values and read matchingcors*keys fromconfig.json. When--corsis set without an explicit origin list, all origins are allowed. - 9308aa4: Make the REST API reachable when Wilbur is started with
--rest_apibut without--serve. Previously the Express app that hosts the/api/*routes was only bound to an HTTP listener inside theservebranch, so with--serve=false --rest_api=truethe listener never started and requests were answered by the WebSocket upgrade handler on the player port (426 Upgrade Required). The HTTP listener now starts wheneverrest_apiorserveis set. Static file serving and the homepage route are gated by a newIWebServerConfig.serveStaticflag (the port listener runs independently of static serving), and the rate limiter is registered before any route handlers so the homepage and any downstream-registered routes are all rate-limited. Wilbur logs at startup which mode it is running in.
Patch Changes
- c3e46a8: - Addressing security issues raised by dependabot. (glob, js-yaml, playwright)
- Added lint npm script to the root project. Running
npm run lintwill now run linting over all packages.
- Added lint npm script to the root project. Running
- 5696f2e: Make
npm run lintwork regardless of the directory it's invoked from. Each workspace'seslint.config.mjsnow pinsparserOptions.tsconfigRootDirtoimport.meta.dirname, soparserOptions.projectresolves relative to the config file's own directory rather than whichever CWDtypescript-eslinthappens to pick by default. Previously the six workspace configs prefixedprojectwith the workspace directory (e.g.'Common/tsconfig.cjs.json'), which only worked under one specifictypescript-eslintversion's resolution behavior and broke CI when run from within the workspace. - Updated dependencies [c3e46a8]
- Updated dependencies [5696f2e]
- @epicgames-ps/lib-pixelstreamingcommon-ue5.7@0.1.5
0.2.1
Patch Changes
- 812a419: - Addressing security issues raised by dependabot. (glob, js-yaml, playwright)
- Added lint npm script to the root project. Running
npm run lintwill now run linting over all packages.
- Added lint npm script to the root project. Running
- Updated dependencies [812a419]
- @epicgames-ps/lib-pixelstreamingcommon-ue5.7@0.1.4
0.2.0
Minor Changes
-
05bebea: Add: Ability to access player id on the frontend.
QoL: Remove player id stripping from the signalling library.It is useful to be able to use the player id as a unique identifier that is common between UE side stats and frontend side stats; however, the player id is not actually exposed to TS/JS because the SS strips it out of signalling messages.
This change is a backport of "Exposed playerid" (#728)