({ token, documentName }: onAuthenticatePayload)
| 184 | }, |
| 185 | |
| 186 | async onAuthenticate({ token, documentName }: onAuthenticatePayload) { |
| 187 | if (!token) { |
| 188 | throw new Error('Authentication required') |
| 189 | } |
| 190 | |
| 191 | // Verify JWT using same secret + algorithm as backend |
| 192 | let payload: any |
| 193 | try { |
| 194 | payload = jwt.verify(token, SECRET_KEY, { algorithms: ['HS256'] }) |
| 195 | } catch { |
| 196 | throw new Error('Invalid token') |
| 197 | } |
| 198 | |
| 199 | const boardUuid = extractBoardUuid(documentName) |
| 200 | if (!boardUuid) { |
| 201 | throw new Error('Invalid document name') |
| 202 | } |
| 203 | |
| 204 | // Verify board membership via backend API (with timeout) |
| 205 | let response: Response |
| 206 | try { |
| 207 | response = await fetchWithTimeout( |
| 208 | `${API_URL}/api/v1/boards/${boardUuid}/membership`, |
| 209 | { |
| 210 | headers: { |
| 211 | Authorization: `Bearer ${token}`, |
| 212 | }, |
| 213 | }, |
| 214 | ) |
| 215 | } catch (err) { |
| 216 | console.error( |
| 217 | `[collab] Membership check failed for ${boardUuid}:`, |
| 218 | err, |
| 219 | ) |
| 220 | throw new Error('Authentication service unavailable') |
| 221 | } |
| 222 | |
| 223 | if (!response.ok) { |
| 224 | throw new Error('Not authorized for this board') |
| 225 | } |
| 226 | |
| 227 | const membership = await response.json() |
| 228 | |
| 229 | return { |
| 230 | user: { |
| 231 | id: payload.sub, |
| 232 | name: membership.username || 'Unknown', |
| 233 | role: membership.role, |
| 234 | }, |
| 235 | } |
| 236 | }, |
| 237 | |
| 238 | async onConnect({ documentName, instance }: onConnectPayload) { |
| 239 | const boardUuid = extractBoardUuid(documentName) |
nothing calls this directly
no test coverage detected