Jeff Emmett
2fe77055a9
Restrict MI data so only meeting attendees can access their meetings. Each meeting gets a unique access_token generated at creation time. Attendees discover their token via conference_id (room name) lookup. Backend: - New auth.py with Bearer token validation and multi-token extraction - Token generation in create_meeting(), backfill on startup - All endpoints gated: list_meetings filters by X-MI-Tokens header, per-meeting endpoints require Authorization: Bearer <token> - New GET /meetings/token?conference_id=<room> discovery endpoint Frontend: - tokenStorage.ts manages tokens in localStorage keyed by room name - middleware.ts auto-fetches token on CONFERENCE_JOINED - All API calls in actions.ts now include auth headers Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| app | ||
| Dockerfile | ||
| requirements.txt | ||