The security should be reviewed. Notable areas: - JWT token generation, can it be stolen / usurped - access control on the files - other vulnerabilities
