Make shared files and published content publicly accessible

Fork: 0

root / navi-1

Browse code Make shared files and published content publicly accessible Remove auth requirements from: - GET /sessions/{id}/files/{filename} — direct download links (session ID acts as unguessable capability token) - GET /sessions/{id}/content — published inline content list Both endpoints still verify session exists and protect against path traversal. File upload and file listing remain auth-gated. Update tests to match new signatures. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> feature/navi-code master vmkdemo
1 parent 66a0feb commit c40745ae303ed22d381da6a4b8655c161d4596a9 Eugene Sukhodolskiy authored 24 days ago

Browse code

Remove auth requirements from:
- GET /sessions/{id}/files/{filename} — direct download links (session ID
  acts as unguessable capability token)
- GET /sessions/{id}/content — published inline content list

Both endpoints still verify session exists and protect against path
traversal. File upload and file listing remain auth-gated.

Update tests to match new signatures.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

feature/navi-code master vmkdemo

1 parent 66a0feb commit c40745ae303ed22d381da6a4b8655c161d4596a9

Eugene Sukhodolskiy authored 24 days ago

Patch

Unified Split

Showing 2 changed files

Ignore Space Show notes View navi/api/routes/sessions.py

Ignore Space Show notes View tests/unit/api/test_session_files.py

Show line notes below