ClassroomCopilot/tlsync
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12 Commits 1 Branch 0 Tags
Commit Graph

12 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
kcar
33d5ebf571 feat: validate short-lived HS256 JWT auth tokens
Some checks failed
tlsync-ci-deploy / build-deploy (push) Has been cancelled
Details 
- Add src/server/auth.ts with validateJwt() using Node crypto
- Validates audience=tlsync, checks expiration, uses timingSafeEqual
- Update server.bun.ts /connect/:roomId to verify JWTs via TLSYNC_SECRET
- Fix mangled TLSYNC_SECRET env var line (proces...CRET → process.env.TLSYNC_SECRET)
- Add 7 unit tests (bun:test): valid, expired, wrong aud, wrong secret, malformed, empty, missing exp
- Smoke tested: valid JWT → 101, no token → 401, bad token → 401
 2026-05-28 18:02:33 +01:00
kcar
31ebb5e5f2 ci: add tlsync deploy workflow
Some checks failed
tlsync-ci-deploy / build-deploy (push) Has been cancelled
Details
2026-05-27 23:24:29 +01:00
kcar
e0f2207848 security: restrict CORS, add auth token, rate limiting, health endpoint, graceful shutdown 
- Replace wildcard CORS with configurable TLSYNC_ALLOWED_ORIGINS env var
- Add TLSYNC_SECRET token validation on /connect/:roomId (401 if missing/wrong)
- Add in-memory rate limiter: max 20 connections per IP per 60s
- Add GET /health endpoint returning status + uptime
- Add SIGTERM/SIGINT graceful shutdown handlers
- Fix hardcoded Access-Control-Allow-Origin: * on uploads and unfurl routes
- Fix rooms.ts: import TLSchema/TLStore/TLStoreOptions from @tldraw/tlschema not tldraw
- Add @tldraw/tlschema 3.6.1 as direct dependency (was transitive, causing ENOENT crash)
- Add named tlsync-node-modules volume to docker-compose to prevent host mount shadowing image packages

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-21 17:06:18 +00:00
kcar
68bafbebef chore: ignore core binary file 2026-05-13 22:44:12 +00:00
Classroom Copilot Dev
d913dd1930 chore: add .env to .gitignore for environment protection 2026-02-23 21:20:18 +00:00
Classroom Copilot Dev
438f6fea0a Merge branch 'master' of https://git.kevlarai.com/ClassroomCopilot/tlsync 2026-02-23 21:16:50 +00:00
Classroom Copilot Dev
7cb7165b9d chore: add data/ and *.bak to gitignore 2026-02-23 21:16:41 +00:00
kcar
469d12d8a2 Delete .env 2026-02-23 21:00:24 +00:00
Classroom Copilot Dev
6e92fbc084 chore: add lock files for reproducible builds 
- Added bun.lock for Bun package manager
- Added package-lock.json for npm compatibility
 2026-02-23 17:48:36 +00:00
Kevin Carter
5804f644ea latest 2025-11-14 14:46:55 +00:00
KCar
47d47d44c7 update 2025-08-23 14:06:40 +00:00
KCar
c3d80f0c61 Initial commit 2025-08-23 13:04:42 +00:00