Module ws_ticket 

Short-lived, single-use tickets for WebSocket authentication.

Replaces the old ?token=<api_key> pattern that leaked persistent credentials into proxy/CDN/browser logs.

Flow

1. Client POST /api/ws-ticket with x-api-key header → {"ticket":"wst_…","expires_in":30}
2. Client connects to /ws?ticket=wst_… within 30 seconds
3. Server validates (exists, not expired, not already used), consumes, upgrades

Structs

TicketStore

In-memory store for short-lived WebSocket upgrade tickets.