Samir Boulahtit
cff0af31be
feat(hosting): signed preview URLs for POC sites
Replace the standalone POC viewer (duplicate rendering) with signed
JWT preview tokens that bypass StorefrontAccessMiddleware:
Architecture:
1. Admin clicks Preview → route generates signed JWT
2. Redirects to /storefront/{subdomain}/homepage?_preview=token
3. Middleware validates token signature + expiry + store_id
4. Sets request.state.is_preview = True, skips subscription check
5. Full storefront renders with HostWizard preview banner injected
New files:
- app/core/preview_token.py: create_preview_token/verify_preview_token
Changes:
- middleware/storefront_access.py: preview token bypass before sub check
- storefront/base.html: preview banner injection via is_preview state
- hosting/routes/pages/public.py: redirect with signed token (was direct render)
- hosting/routes/api/admin_sites.py: GET /sites/{id}/preview-url endpoint
Removed:
- hosting/templates/hosting/public/poc-viewer.html (replaced by storefront)
Benefits: one rendering path, all section types work, shareable 24h links.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-02 22:41:34 +02:00
..
2026-03-19 22:18:39 +01:00
2026-03-29 21:43:36 +02:00
2026-03-28 21:08:59 +01:00
2026-03-28 21:08:59 +01:00
2026-03-08 23:48:25 +01:00
2026-04-01 22:54:15 +02:00
2026-03-11 23:43:12 +01:00
2026-03-29 12:34:26 +02:00
2026-03-28 21:16:13 +01:00
2026-03-19 22:18:39 +01:00
2026-04-02 22:41:34 +02:00
2026-03-19 22:18:39 +01:00
2026-03-29 12:34:26 +02:00
2026-03-19 22:18:39 +01:00
2026-03-28 21:06:21 +01:00
2026-03-19 22:18:39 +01:00
2026-03-28 21:08:07 +01:00
2026-03-19 22:18:39 +01:00
2026-04-02 20:01:55 +02:00
2026-03-30 21:36:42 +02:00
2026-02-15 13:20:29 +01:00
2026-03-11 23:43:12 +01:00
2026-03-19 22:18:39 +01:00
2026-02-02 19:32:32 +01:00
2026-03-08 23:48:25 +01:00
2026-02-12 23:10:42 +01:00
2026-01-27 22:02:39 +01:00
2026-02-15 13:20:29 +01:00
2026-02-13 21:58:59 +01:00
2026-02-15 20:00:06 +01:00
2026-02-15 13:20:29 +01:00
2026-01-27 22:52:01 +01:00