✨(backend) draft initial Room viewset for external applications
From a security perspective, the list endpoint should be limited to return only rooms created by the external application. Currently, there is a risk of exposing public rooms through this endpoint. I will address this in upcoming commits by updating the room model to track the source of generation. This will also provide useful information for analytics. The API viewset was largely copied and adapted. The serializer was heavily restricted to return a response more appropriate for external applications, providing ready-to-use information for their users (for example, a clickable link). I plan to extend the room information further, potentially aligning it with the Google Meet API format. This first draft serves as a solid foundation. Although scopes for delete and update exist, these methods have not yet been implemented in the viewset. They will be added in future commits.
This commit is contained in:
lebaudantoine
committed by
aleb_the_flash
aleb_the_flash
parent
b8c3c3df3a
commit
c9fcc2ed60
@@ -69,3 +69,4 @@ FRONTEND_USE_PROCONNECT_BUTTON=False
|
||||
# External Applications
|
||||
APPLICATION_JWT_AUDIENCE=http://localhost:8071/external-api/v1.0/
|
||||
APPLICATION_JWT_SECRET_KEY=devKey
|
||||
APPLICATION_BASE_URL=http://localhost:3000
|
||||
|
||||
Reference in New Issue
Block a user