decentraland / comms-gatekeeper

83%

main: 82%

LAST BUILD ON BRANCH 2.22.0

branch: 2.22.0

CHANGE BRANCH

x

Reset

Sync Branches

• 2.22.0
• 1.1.0
• 1.1.1
• 1.2.0
• 1.2.1
• 1.3.0
• 2.0.0
• 2.0.1
• 2.1.0
• 2.1.1
• 2.10.0
• 2.11.0
• 2.12.0
• 2.13.0
• 2.13.1
• 2.13.2
• 2.14.0
• 2.15.0
• 2.16.0
• 2.17.0
• 2.17.1
• 2.18.0
• 2.19.0
• 2.19.1
• 2.19.2
• 2.19.3
• 2.2.0
• 2.2.1
• 2.20.0
• 2.20.1
• 2.21.0
• 2.21.1
• 2.3.0
• 2.4.0
• 2.6.0
• 2.6.1
• 2.7.0
• 2.8.0
• 2.9.0
• add-ai-agent-context-to-readme
• chore/WKC-presentation
• chore/add-debugging-logs-for-room-started-handler
• chore/bump-node
• chore/update-dcl-schemas
• chore/use-docs-generic-action
• coverage
• dependabot/npm_and_yarn/dcl/analytics-component-0.2.3
• dependabot/npm_and_yarn/dcl/analytics-component-0.2.4
• dependabot/npm_and_yarn/dcl/analytics-component-0.2.5
• dependabot/npm_and_yarn/dcl/analytics-component-0.2.6
• dependabot/npm_and_yarn/dcl/analytics-component-0.2.7
• dependabot/npm_and_yarn/dcl/analytics-component-0.2.8
• dependabot/npm_and_yarn/dcl/eslint-config-2.2.1
• dependabot/npm_and_yarn/dcl/eslint-config-2.3.0
• dependabot/npm_and_yarn/dcl/eslint-config-2.3.1
• dependabot/npm_and_yarn/dcl/eslint-config-2.4.3
• dependabot/npm_and_yarn/dcl/platform-crypto-middleware-1.1.0
• dependabot/npm_and_yarn/dcl/platform-server-commons-1.0.1
• dependabot/npm_and_yarn/dcl/schemas-16.11.0
• dependabot/npm_and_yarn/dcl/schemas-16.12.0
• dependabot/npm_and_yarn/dcl/schemas-16.13.0
• dependabot/npm_and_yarn/dcl/schemas-16.14.0
• dependabot/npm_and_yarn/dcl/schemas-16.6.4
• dependabot/npm_and_yarn/dcl/schemas-16.9.0
• dependabot/npm_and_yarn/dcl/schemas-17.0.0
• dependabot/npm_and_yarn/dcl/schemas-17.1.0
• dependabot/npm_and_yarn/dcl/schemas-17.2.0
• dependabot/npm_and_yarn/dcl/schemas-18.0.0
• dependabot/npm_and_yarn/dcl/schemas-18.3.0
• dependabot/npm_and_yarn/dcl/schemas-18.8.0
• dependabot/npm_and_yarn/dcl/schemas-19.0.0
• dependabot/npm_and_yarn/dcl/schemas-19.3.0
• dependabot/npm_and_yarn/dcl/schemas-19.4.0
• dependabot/npm_and_yarn/dcl/schemas-19.4.1
• dependabot/npm_and_yarn/dcl/schemas-19.6.0
• dependabot/npm_and_yarn/dcl/schemas-19.8.0
• dependabot/npm_and_yarn/dcl/schemas-20.2.0
• dependabot/npm_and_yarn/dcl/schemas-20.3.0
• dependabot/npm_and_yarn/dcl/schemas-22.0.0
• dependabot/npm_and_yarn/dcl/sns-component-3.0.1
• dependabot/npm_and_yarn/dcl/sns-component-3.0.2
• dependabot/npm_and_yarn/well-known-components/fetch-component-3.0.0
• dependabot/npm_and_yarn/well-known-components/interfaces-1.4.3
• dependabot/npm_and_yarn/well-known-components/interfaces-1.5.1
• dependabot/npm_and_yarn/well-known-components/interfaces-1.5.2
• dependabot/npm_and_yarn/well-known-components/test-helpers-1.5.8
• docs-update
• docs/adapt-to-new-docs-workflow
• docs/add-endpoint-docs
• docs/ai-context
• docs/banned-name-is-optional
• docs/confusing-required-props-for-bans-and-admins
• docs/fix-docs-workflow-usage
• docs/fix-publish
• docs/force-publish
• docs/forcing-re-deploy
• docs/improve-openapi-description
• docs/rename-api-spec
• docs/standarize-readme-schemas-and-agent-context
• docs/test-api-reference-file
• docs/update-list-bans-response
• docs/use-docs-generic-action
• docs/users-can-also-be-banned-by-name
• feat/add-analytics
• feat/add-generate-links
• feat/add-logs
• feat/add-names-to-get-admins
• feat/add-owner-and-operators-in-list-admins
• feat/add-private-voice-chat
• feat/add-profile-to-metadata
• feat/add-scene-room-creds-to-cast
• feat/add-schema-validator-component
• feat/add-support-for-multi-world-scenes
• feat/add-support-for-world-rooms
• feat/add-tracing
• feat/add-try-catch
• feat/add-world-bans-check
• feat/all-active-voice-chats-endpoint
• feat/allow-adding-scene-admins-by-name
• feat/allow-banning-unbanning-by-name
• feat/authorative-server
• feat/ban-user-from-scene
• feat/bans-check
• feat/bot-presenter-handler
• feat/cache-deny-list
• feat/cache-response-of-fetch-entity-by-id
• feat/cast-endpoints
• feat/catch-ingress-not-found
• feat/change-manual-deploy
• feat/check-community-calls-ongoing
• feat/communities-voice-actions
• feat/communities-voice-chat-store-role
• feat/community-voice-chat
• feat/componenterize-blocklist
• feat/end-community-call
• feat/enhance-handler
• feat/expire-rooms
• feat/filter-local-preview-realm
• feat/forward-livekit-messages-to-dwh
• feat/generate-stream-link-get
• feat/get-private-conversations-room-token
• feat/get-scene-adapter-should-fail-for-banned-users
• feat/get-social-privacy-settings-for-metadata
• feat/get-stream-info-endpoint
• feat/http-server-for-http2
• feat/identity
• feat/identity-handling
• feat/kick-banned-users
• feat/land-validation
• feat/linker-server
• feat/list-and-revoke-stream-access
• feat/listen-livekit-webhook
• feat/livekit-receive-webhook
• feat/livekit-webhook-handler
• feat/livekit-webhook-handler-2
• feat/logs
• feat/moderator-token-auth
• feat/move-user-joined-event-to-event-joining-process
• feat/mute-metadata
• feat/notifications
• feat/notify-moderation-events
• feat/patch-social-privacy-settings
• feat/places-checker
• feat/platform-bans-check
• feat/prevent-request-from-being-blocked
• feat/publish-all-room-join-and-left-events
• feat/publish-community-streaming-ended-event
• feat/publish-user-left-room-event
• feat/re-discovery-changes
• feat/reject-request-to-speak
• feat/remove-bans-from-disabled-places
• feat/remove-old-key
• feat/reset-logs
• feat/reset-streaming-key
• feat/return-world-other-permissions-addresses
• feat/revoke-endpoint
• feat/save-speaker-in-metadata
• feat/scene-admins-for-multiplayer
• feat/send-notifications-when-ban-unban-from-scene
• feat/send-the-disconnection-reason-to-analytics
• feat/setup-scene-admin-addapters-and-controllers
• feat/sns-component
• feat/sqs-message
• feat/store-is-speaker-in-metadata-by-default
• feat/stream-acces-migretion-adapter
• feat/stream-link-gen
• feat/streaming-image
• feat/streaming-key-ttl-checker
• feat/streaming-ttl-checker
• feat/support-getting-community-voice-chat-status-in-bulk
• feat/support-http2
• feat/support-listing-bans-from-a-scene
• feat/support-unban-user-from-scene
• feat/update-explorer-url
• feat/update-livekit-metadata-with-bans-info
• feat/update-metadata-with-bans-after-room-creation
• feat/use-admin-smart-item-world-scene-wise
• feat/use-token-middleware
• feat/user-moderation
• feat/validate-world-stream-permissions
• fix/active-community-calls-endpoint
• fix/add-debugging-voice-chat-logs
• fix/add-missing-update-operators
• fix/add-more-voice-logging
• fix/allow-owners-to-access-their-worlds
• fix/avoid-fetching-places-using-undefined-parcels
• fix/banned-users-cannot-be-admins
• fix/cast-and-streaming-access-generations-for-multi-scene-worlds
• fix/cast-expiration-time
• fix/cast-room-id
• fix/cast-stream-access-missing-ingress
• fix/change-auth-token
• fix/check-world-owner
• fix/community-voice-chats-expiring-job
• fix/correctly-check-for-body-user-metadata
• fix/denylist
• fix/ends-time
• fix/env-var-auth-server
• fix/expired-query
• fix/failing-tests
• fix/github-actions
• fix/ingress-id-unique-error
• fix/ingress-not-being-deleted
• fix/ingress-options
• fix/land-lease-multiple-authorizations-bug
• fix/livekit-handler
• fix/livekit-host
• fix/livekit-host-procol
• fix/lowercase-address
• fix/metadata
• fix/metadata-profile
• fix/only-fire-end-event-on-closing-call
• fix/parcels-endpoint-throwing
• fix/participant-id
• fix/place-search-response
• fix/place-world-migration
• fix/places-id-migration
• fix/print-status-code-on-fetch-error
• fix/privacy-settings-fetching
• fix/remove-streaming-key
• fix/remove-unused-handler
• fix/resolve-world-scene-id-before-checking-ban
• fix/respond-with-404-when-name-owner-not-found
• fix/respond-with-livekit-connection-url
• fix/restful-moderation
• fix/return-created_at-as-number
• fix/streaming-key
• fix/test
• fix/test-voice-chat-room-hook
• fix/tests
• fix/update-readme
• fix/use-correct-metadata-validator
• fix/use-improved-lamb2-land-api
• fix/use-webhook-event-room-when-room-started
• fix/voice-chat-room-deletion
• fix/world-streaming
• fix/wss-adapter
• gonpombo8-patch-1
• main
• pentreathm-patch-1
• pentreathm-patch-2
• refactor/add-scene-ban-input-camel-cased
• refactor/change-terminlogy-blacklister-to-denylister
• refs/tags/1.0.0
• refs/tags/1.0.1
• revert-logging
• test/duplicate-instance-for-testing-purposes
• test/livekit

Build # 23797040353

Build Type

push

github

Committed by web-flow

Commit Message

feat: add token-based moderator authentication (#250)

* feat: add token-based moderator authentication

Add MODERATOR_TOKEN env var as an alternative auth method for moderation
routes. Moderators can now authenticate via Bearer token instead of
wallet signatures, with identity provided via a moderator query parameter.

* fix: pass config to createModeratorComponent in test components

* fix: update integration tests to expect 401 for unsigned moderation requests

With signedFetch set to optional, unsigned requests now pass through to
the moderator middleware which returns 401 instead of signedFetch's 400.

* refactor: parameterize moderator middleware with moderatorRequired option

Replace two separate middlewares with a single configurable
moderatorAuthMiddleware({ moderatorRequired }) factory. Write endpoints
require the moderator query param, read endpoints do not.

* fix: address security review feedback for moderator token auth

- Use timing-safe comparison for token validation to prevent timing attacks
- Sanitize moderator query parameter (alphanumeric, max 100 chars)
- Add audit logging for token-based auth success and failure

Run Details

927 of 1238 branches covered (74.88%)

Branch coverage included in aggregate %.

44 of 44 new or added lines in 4 files covered. (100.0%)

2 existing lines in 1 file now uncovered.

2651 of 3081 relevant lines covered (86.04%)

41.34 hits per line