Add authentication guard to fs. and stream. routes

app/ws/Socket.js

@@ -59,18 +59,26 @@ class Socket extends Injectable {
 
             this.messages = this.messages.filter(x => !x.has_response)
         } else {
+            if ( this.needs_auth(message.route()) && !this.session.is_auth ) {
+                return this.send(response.error(Errors.NodePermissionFail))
+            }
+
             let handler;
             try {
                 handler = require(`./routes/${message.route()}`)
             } catch (e) {}
 
             if ( !handler ) {
-                return this.send(socket, response.error(Errors.InvalidMessageRoute))
+                return this.send(response.error(Errors.InvalidMessageRoute))
             }
 
             await handler(message, this.app.di().container.proxy())
         }
     }
+
+    needs_auth(route) {
+        return route.startsWith('fs.') || route.startsWith('stream.')
+    }
 }
 
 module.exports = exports = Socket