grant/recap-relay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cbd9748a79ba5e2ec87585720a7f2d7d7ff26968
recap-relay/server
T
History
Keysat cbd9748a79 Guard meeting :id against path traversal 
saveMeeting/loadMeeting/deleteMeeting built path.join(meetingsDir, id +
'.json') straight from req.params.id, so an admin-authed :id like
'../../etc/passwd' could read/write/delete outside internal-meetings/.
Centralize a meetingPath() helper that strips anything outside
[A-Za-z0-9_-] (mirrors output-store.js) and throws on an empty result;
load/delete catch it as 404/no-op. Add a regression test.
2026-06-13 18:22:00 -05:00
..
backends
Wire new routes; identity, summarize-url, dashboard, admin
2026-06-13 13:36:30 -05:00
routes
Guard meeting :id against path traversal
2026-06-13 18:22:00 -05:00
test
Guard meeting :id against path traversal
2026-06-13 18:22:00 -05:00
admin-auth.js
Wire new routes; identity, summarize-url, dashboard, admin
2026-06-13 13:36:30 -05:00
audio-meta.js
Add internal-meetings pipeline and post-hoc speaker tools
2026-06-13 13:35:53 -05:00
audit-log.js
Wire new routes; identity, summarize-url, dashboard, admin
2026-06-13 13:36:30 -05:00
btcpay-client.js
Add self-serve billing: tiers, credits, BTCPay and Zaprite
2026-06-13 13:36:05 -05:00
chunk-buffer.js
Add internal-meetings pipeline and post-hoc speaker tools
2026-06-13 13:35:53 -05:00
chunked-analyze.js
Add internal-meetings pipeline and post-hoc speaker tools
2026-06-13 13:35:53 -05:00
config.js
Wire new routes; identity, summarize-url, dashboard, admin
2026-06-13 13:36:30 -05:00
credits.js
Fix credit-counter reset on early subscription renewal
2026-06-13 16:23:26 -05:00
hardware-config.js
Add Spark Control hardware backend (diarize, queue, discovery)
2026-06-13 13:36:04 -05:00
hardware-queue.js
Add Spark Control hardware backend (diarize, queue, discovery)
2026-06-13 13:36:04 -05:00
identity.js
Wire new routes; identity, summarize-url, dashboard, admin
2026-06-13 13:36:30 -05:00
index.js
Wire new routes; identity, summarize-url, dashboard, admin
2026-06-13 13:36:30 -05:00
job-credits.js
Add self-serve billing: tiers, credits, BTCPay and Zaprite
2026-06-13 13:36:05 -05:00
job-stats.js
Add internal-meetings pipeline and post-hoc speaker tools
2026-06-13 13:35:53 -05:00
jobs.js
Add internal-meetings pipeline and post-hoc speaker tools
2026-06-13 13:35:53 -05:00
keysat-client.js
Wire new routes; identity, summarize-url, dashboard, admin
2026-06-13 13:36:30 -05:00
lan-fetch.js
Add Spark Control hardware backend (diarize, queue, discovery)
2026-06-13 13:36:04 -05:00
meeting-extras.js
Add internal-meetings pipeline and post-hoc speaker tools
2026-06-13 13:35:53 -05:00
meeting-speaker-edits.js
Add internal-meetings pipeline and post-hoc speaker tools
2026-06-13 13:35:53 -05:00
output-store.js
Add internal-meetings pipeline and post-hoc speaker tools
2026-06-13 13:35:53 -05:00
package-lock.json
Bump multer 1.4.5-lts.1 -> ^2.0.1 (DoS CVEs)
2026-06-13 16:23:26 -05:00
package.json
Bump multer 1.4.5-lts.1 -> ^2.0.1 (DoS CVEs)
2026-06-13 16:23:26 -05:00
post-cluster-polish.js
Add internal-meetings pipeline and post-hoc speaker tools
2026-06-13 13:35:53 -05:00
pricing.js
Add self-serve billing: tiers, credits, BTCPay and Zaprite
2026-06-13 13:36:05 -05:00
safe-url.js
Block SSRF on media_url downloads (transcribe-url/summarize-url)
2026-06-13 16:23:26 -05:00
sanitize-error.js
Wire new routes; identity, summarize-url, dashboard, admin
2026-06-13 13:36:30 -05:00
spark-control-events.js
Add Spark Control hardware backend (diarize, queue, discovery)
2026-06-13 13:36:04 -05:00
spark-control.js
Add Spark Control hardware backend (diarize, queue, discovery)
2026-06-13 13:36:04 -05:00
speaker-clustering.js
Add internal-meetings pipeline and post-hoc speaker tools
2026-06-13 13:35:53 -05:00
youtube-captions.js
Wire new routes; identity, summarize-url, dashboard, admin
2026-06-13 13:36:30 -05:00
zaprite-client.js
Add self-serve billing: tiers, credits, BTCPay and Zaprite
2026-06-13 13:36:05 -05:00