From 39177b6dccacc8d6520d208aac5969ca63b6d875 Mon Sep 17 00:00:00 2001
From: Leafus <leafus@pawkey.dev>
Date: Tue, 18 Nov 2025 06:27:29 +0100
Subject: [PATCH] feat: [backend] better streaming auth

---
 .../backend/src/server/api/StreamingApiServerService.ts    | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/packages/backend/src/server/api/StreamingApiServerService.ts b/packages/backend/src/server/api/StreamingApiServerService.ts
index 6ca96d3093..1131256864 100644
--- a/packages/backend/src/server/api/StreamingApiServerService.ts
+++ b/packages/backend/src/server/api/StreamingApiServerService.ts
@@ -108,14 +108,9 @@ export class StreamingApiServerService {
 			try {
 				[user, app] = await this.authenticateService.authenticate(token);
 
-				if (app !== null && !app.permission.some(p => p === 'read:account')) {
+				if ((app !== null && !app.permission.some(p => p === 'read:account')) || user == null) {
 					throw new AuthenticationError('Your app does not have necessary permissions to use websocket API.');
 				}
-
-				// Ensure we have a valid user
-				if (!user) {
-					throw new AuthenticationError('Invalid token or user not found.');
-				}
 			} catch (e) {
 				if (e instanceof AuthenticationError) {
 					socket.write([