Security fixes:
1. Drawings cache now includes userId in cache key to prevent data leakage
between users making identical queries.
2. Socket.io connections now require JWT authentication when auth is enabled.
3. Socket.io join-room verifies drawing ownership before allowing access.
4. Frontend passes auth token when connecting to Socket.io.
Co-authored-by: ZimengXiong <83783148+ZimengXiong@users.noreply.github.com>
- Update test utilities for user authentication
- Update Settings page for authenticated export
- Update docker-compose.yml if needed
- Update package-lock.json files
- Add Select All button with CheckSquare/Square icons
- Toggle selection of all drawings in current view
- Match styling with other icon buttons
- Add tooltip for better UX
- Add Login page with email/password form
- Add Register page with email validation
- Add forgot password link to login page
- Update App.tsx with auth routes and AuthProvider
- Add email validation in registration form
- Add AuthContext for managing user authentication state
- Add ProtectedRoute component for route protection
- Update API client with JWT token injection
- Add refresh token rotation support
- Add CSRF token handling
* fix: sync pasted/uploaded images across collaborating tabs
- Implement file delta synchronization to broadcast image file data
- Add periodic file sync check to catch async file data arrival
- Wrap Excalidraw addFiles API to automatically emit file changes
- Enhance socket element-update to include file payloads
- Add comprehensive E2E test for image collaboration scenarios
- Improve CORS flexibility for development localhost ports
Fixes#25: New images not appearing when collaborating - collaborators
now see uploaded images immediately instead of placeholder until refresh.
* perf: increase file sync polling interval from 500ms to 1000ms
Reduces CPU overhead while still catching async file arrivals. Most
updates go through the addFiles wrapper anyway.
---------
Co-authored-by: Zimeng Xiong <zxzimeng@gmail.com>
tototomate123
Zimeng Xiong