ScreenTinker 1d253c4cae Android + web player: handle device_token authentication ... Follows up on the security audit remediation (afbe113) which added device_token auth to the WebSocket /device namespace. Android player (ServerConfig.kt, WebSocketService.kt): - Persist device_token in EncryptedSharedPreferences alongside device_id - Send device_token in device:register on reconnect and playlist refresh - Save/overwrite token from device:registered response (handles legacy devices getting their first token) - Handle device:auth-error by clearing credentials and showing pairing screen - clearDeviceCredentials() method wipes device_id, device_token, is_paired Web player (player/index.html): - Save deviceToken in localStorage config from device:registered response - Send device_token in register() payload on reconnect - Handle device:auth-error and device:unpaired events — clear config and show re-pair UI Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>		2026-04-11 22:52:52 -05:00
..
db	Security audit remediation: auth, IDOR, XSS, hardening	2026-04-11 22:48:07 -05:00
middleware	Security audit remediation: auth, IDOR, XSS, hardening	2026-04-11 22:48:07 -05:00
player	Android + web player: handle device_token authentication	2026-04-11 22:52:52 -05:00
routes	Security audit remediation: auth, IDOR, XSS, hardening	2026-04-11 22:48:07 -05:00
services	Phase 2: schedules accept playlist_id, scheduler overrides device playlist	2026-04-11 22:07:36 -05:00
ws	Security audit remediation: auth, IDOR, XSS, hardening	2026-04-11 22:48:07 -05:00
config.js	Initial open source release	2026-04-08 12:14:53 -05:00
package-lock.json	Initial open source release	2026-04-08 12:14:53 -05:00
package.json	Initial open source release	2026-04-08 12:14:53 -05:00
server.js	Security audit remediation: auth, IDOR, XSS, hardening	2026-04-11 22:48:07 -05:00