mirror of
https://github.com/screentinker/screentinker.git
synced 2026-06-17 03:32:32 -06:00
6d152a5ccf
The portal needs to show an agency which playlists it may post to. New read surface on the security primitive, built with write-path rigor: the confinement query lives in lib/agency-targets.js (own token + bound workspace only) and is bite-tested four ways - own targets yes; another token's, outside the allowlist, and cross-workspace all NO; neutralizing the t.token_id filter makes it go red. Real-path wiring + the portal's graceful 401 trigger asserted in the integration suite. No :playlistId, so router.param doesn't apply - the query is the seam. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| config | ||
| db | ||
| lib | ||
| middleware | ||
| player | ||
| routes | ||
| scripts | ||
| services | ||
| test | ||
| ws | ||
| .gitignore | ||
| config.js | ||
| package-lock.json | ||
| package.json | ||
| server.js | ||
| version.js | ||