siftlode/backend/app
npeter83 5cd807ec51 feat(auth): per-tab account — different account per browser tab
Two tabs in one browser can now run two different signed-in accounts at once.

- The signed session cookie stays the browser's account WALLET (account_ids). Which account a
  given tab acts as is a per-tab choice held in sessionStorage and sent per-request via the
  X-Siftlode-Account header; current_user honours it only for an account already in the wallet,
  without mutating the cookie's default account. Switching accounts sets the header + reloads
  THIS tab only, instead of the old cookie-wide switch that changed every tab.
- WebSocket can't send headers, so the per-tab account rides in the ?account= query param
  (validated against the wallet).
- Logout is per-tab aware: it signs the requesting tab's active account out of the wallet
  (promoting a new default only if the removed one was the default), and the tab drops its
  override. A stale per-tab header account 401s just that tab instead of clearing the session.
- Serve index.html with Cache-Control: no-cache so a deploy's new hashed bundle is picked up
  immediately instead of the browser running a heuristically-cached stale index.html.
2026-07-01 23:43:35 +02:00
..
routes feat(auth): per-tab account — different account per browser tab 2026-07-01 23:43:35 +02:00
static chore: rebrand Subfeed -> Siftlode 2026-06-14 04:40:22 +02:00
sync feat(search): ephemeral results, count selector, blocklist, new-first ordering (backend) 2026-07-01 00:42:32 +02:00
youtube chore: prepare repo for public release — scrub internal infra, rewrite README 2026-07-01 12:46:50 +02:00
__init__.py feat: M1 foundation — compose stack, FastAPI, Google OAuth, encrypted tokens 2026-06-11 01:01:37 +02:00
auth.py feat(auth): per-tab account — different account per browser tab 2026-07-01 23:43:35 +02:00
config.py chore: prepare repo for public release — scrub internal infra, rewrite README 2026-07-01 12:46:50 +02:00
db.py feat: M1 foundation — compose stack, FastAPI, Google OAuth, encrypted tokens 2026-06-11 01:01:37 +02:00
email.py chore: rename remaining subfeed references to siftlode 2026-06-21 06:53:12 +02:00
main.py feat(auth): per-tab account — different account per browser tab 2026-07-01 23:43:35 +02:00
models.py feat(views): saved-views backend — table, model, CRUD + reorder API 2026-07-01 03:17:36 +02:00
notifications.py feat(notifications): durable per-user inbox (P1) + maintenance schema 2026-06-18 03:20:17 +02:00
progress.py feat(scheduler): admin run-now/run-all triggers + live progress + completion notices 2026-06-18 04:01:10 +02:00
quota.py feat(channels): channel-explore backend — about metadata, ephemeral provenance, cleanup 2026-06-30 02:52:44 +02:00
ratelimit.py feat(demo): demo-account schema + reusable rate limiter 2026-06-16 09:17:14 +02:00
realtime.py feat(messages): end-to-end encrypted real-time direct messaging backend 2026-06-25 22:05:35 +02:00
scheduler.py feat(search): ephemeral results, count selector, blocklist, new-first ordering (backend) 2026-07-01 00:42:32 +02:00
security.py refactor(auth): centralize token hashing, email validation & admin gating 2026-06-26 03:15:36 +02:00
state.py refactor(auth): centralize token hashing, email validation & admin gating 2026-06-26 03:15:36 +02:00
sysconfig.py feat(search): ephemeral results, count selector, blocklist, new-first ordering (backend) 2026-07-01 00:42:32 +02:00
utils.py refactor(auth): centralize token hashing, email validation & admin gating 2026-06-26 03:15:36 +02:00