diff --git a/app/controllers/items_controller.rb b/app/controllers/items_controller.rb
index 398131d..1a9b5ef 100644
--- a/app/controllers/items_controller.rb
+++ b/app/controllers/items_controller.rb
@@ -1,6 +1,6 @@
 class ItemsController < ApplicationController
   before_action :set_item, only: [:show, :edit, :update, :destroy]
-  before_action :require_login, except: [:index]
+  before_action :require_login, except: [:index, :authorize]
 
   def require_login
     redirect_to new_user_session_path unless current_user.present?
@@ -15,6 +15,10 @@ def index
   # GET /items/1
   # GET /items/1.json
   def show
+    session[:token] ||= SecureRandom.hex(16)
+    Rails.cache.write(session[:token], 
+                      @item.streams.collect { |s| s["url"] }, 
+                      expires_in: 1.hours)
   end
 
   # GET /items/new
@@ -66,6 +70,17 @@ def destroy
     end
   end
 
+  # GET /items/authorize
+  def authorize
+    authorized_streams = Rails.cache.read(params[:token])
+
+    if params[:name] and not authorized_streams.any? { |valid| valid.index(params[:name]).present? }
+      return head :forbidden
+    else
+      return head :ok
+    end
+  end
+
   private
     # Use callbacks to share common setup or constraints between actions.
     def set_item
diff --git a/app/views/items/show.html.erb b/app/views/items/show.html.erb
index 40c0347..2459d74 100644
--- a/app/views/items/show.html.erb
+++ b/app/views/items/show.html.erb
@@ -23,7 +23,7 @@
     preload="auto"
   >
     <% @item.streams.each do |stream| %>
-      <source src="<%= stream["url"] %>" type="application/x-mpegURL" label="<%= stream["label"] %>"/>
+      <source src="<%= stream["url"] %>?token=<%= session[:token] %>" type="application/x-mpegURL" label="<%= stream["label"] %>"/>
     <% end %>
   </video>
 </p>
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 1311e3e..a6b4ca5 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -24,7 +24,7 @@
   else
     config.action_controller.perform_caching = false
 
-    config.cache_store = :null_store
+    config.cache_store = :memory_store
   end
 
   # Store uploaded files on the local file system (see config/storage.yml for options)
diff --git a/config/routes.rb b/config/routes.rb
index 1e3e2d9..c37c7c6 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,5 +1,9 @@
 Rails.application.routes.draw do
-  resources :items
+  resources :items do
+    collection do
+      get :authorize
+    end
+  end
   devise_for :users
   root to: "items#index"
   # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
diff --git a/docker-compose.yml b/docker-compose.yml
index a37f9b3..4a793c0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -17,6 +17,8 @@ services:
       - "3000:3000"
     depends_on:
       - db
+    stdin_open: true
+    tty: true
   streaming:
     build: ./nginx
     volumes:
diff --git a/nginx/nginx.conf.template b/nginx/nginx.conf.template
index 5043461..b861c88 100644
--- a/nginx/nginx.conf.template
+++ b/nginx/nginx.conf.template
@@ -38,7 +38,7 @@ http {
       sub_filter_once off;
       sub_filter '.ts' ".ts?token=$token";
 
-      # auth_request /auth;
+      auth_request /auth;
       add_header Access-Control-Allow-Headers '*';
       add_header Access-Control-Expose-Headers 'Server,range,Content-Length,Content-Range';
       add_header Access-Control-Allow-Methods 'GET, HEAD, OPTIONS';