2 files changed, 7 insertions, 1 deletions

diff --git a/server/src/routes/stream.rs b/server/src/routes/stream.rs
index eb7bc13..469ad07 100644
--- a/server/src/routes/stream.rs
+++ b/server/src/routes/stream.rs
@@ -3,7 +3,7 @@
     which is licensed under the GNU Affero General Public License (version 3); see /COPYING.
     Copyright (C) 2023 metamuffin <metamuffin.org>
 */
-use super::ui::error::MyError;
+use super::ui::{account::session::Session, error::MyError};
 use crate::library::Library;
 use anyhow::{anyhow, Context, Result};
 use jellyremuxer::RemuxerContext;
@@ -37,6 +37,7 @@ pub fn stream_uri(path: &PathBuf, tracks: &Vec<u64>, webm: bool) -> String {
 
 #[get("/stream/<path..>?<tracks>&<webm>")]
 pub fn r_stream(
+    _sess: Session,
     path: PathBuf,
     webm: Option<bool>,
     tracks: String,
diff --git a/server/src/routes/ui/account/session.rs b/server/src/routes/ui/account/session.rs
index ed40d83..3457d41 100644
--- a/server/src/routes/ui/account/session.rs
+++ b/server/src/routes/ui/account/session.rs
@@ -6,6 +6,7 @@
 use crate::{
     database::{Database, User},
     routes::ui::error::MyError,
+    CONF,
 };
 use anyhow::anyhow;
 use rocket::{
@@ -20,11 +21,15 @@ pub struct Session {
 
 impl Session {
     pub async fn from_request_ut(req: &Request<'_>) -> Result<Self, MyError> {
+        #[cfg(not(feature = "bypass-auth"))]
         let cookie = req
             .cookies()
             .get_private("user")
             .ok_or(anyhow!("login required"))?;
+        #[cfg(not(feature = "bypass-auth"))]
         let username = cookie.value();
+        #[cfg(feature = "bypass-auth")]
+        let username = CONF.admin_username.to_string();
 
         let db = req.guard::<&State<Database>>().await.unwrap();
         let user = db