Ws test

[vshcherb]

No description provided.

[alisa911]

https://github.com/osmandapp/OsmAnd-Issues/issues/3153

[RZR-UA]

Please follow the comments.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[alisa911]

Security Techniques Added

Password-Protected Room Access via JWT Tokens:

• JWT Bearer tokens for password-authenticated room access
• Token-to-room binding validation (token must match specific translationId)
• Time-limited tokens (30 minutes validity)
• Token type verification (ROOM token type)

Rate Limiting:

• Failed attempt tracking per WebSocket session
• Maximum 5 failed attempts per session
• 1-minute rate limit window
• Automatic reset on successful access

Device-Based Access Control:

• Device ID validation via X-Device-Id header
• Per-device sharing restrictions (max 5 devices per user per translation)
• Device-specific access matching for active sharers
• Flexible matching: deviceId = 0 allows any device, specific deviceId restricts to that device only

Verified Users Cache:

• In-memory cache of verified users per translation
• Avoids repeated password/token checks after initial verification
• Supports anonymous users (id = -1) in verified list

Access Control Flow:

• JWT token validation on SUBSCRIBE command
• Fallback to session-based permissions if no token
• Token validation only on subscription, not on every message
• Access granted via token → user added to verifiedUsers cache

[Copilot]

Pull request overview

Copilot reviewed 19 out of 19 changed files in this pull request and generated 28 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.