kcar
e0f2207848
- Replace wildcard CORS with configurable TLSYNC_ALLOWED_ORIGINS env var - Add TLSYNC_SECRET token validation on /connect/:roomId (401 if missing/wrong) - Add in-memory rate limiter: max 20 connections per IP per 60s - Add GET /health endpoint returning status + uptime - Add SIGTERM/SIGINT graceful shutdown handlers - Fix hardcoded Access-Control-Allow-Origin: * on uploads and unfurl routes - Fix rooms.ts: import TLSchema/TLStore/TLStoreOptions from @tldraw/tlschema not tldraw - Add @tldraw/tlschema 3.6.1 as direct dependency (was transitive, causing ENOENT crash) - Add named tlsync-node-modules volume to docker-compose to prevent host mount shadowing image packages Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The file is empty.