|
|
67e47fc47f
|
feat(tlsync): fetch short-lived token from API before multiplayer connect
app-ci-deploy / test-build-deploy (push) Has been cancelled
- Remove VITE_TLSYNC_SECRET from browser env (no longer exposed to bundle)
- Add useTlsyncToken hook that fetches /api/tlsync/token with Supabase auth
- Extract TldrawCanvas sub-component: only renders after token is ready
- Pass API-issued short-lived token to createSyncConnectionOptions
- Add vite.config.ts blocklist to prevent secret leak (defense-in-depth)
- Remove VITE_TLSYNC_SECRET from .env.example (server-side only now)
Related: t_a69128a1 (API token endpoint), t_41a844a7 (this task)
|
2026-05-28 18:00:43 +01:00 |
|
