Right now, anything can request from localhost:8080 and get data back, like source code, file attachments, etc.

We should tighten that up, so only the developer can access info.

dataflow run should open a webpage like http://localhost:8080?auth_token=65c87a64c6e5, where that auth token will authorize that user to view notebooks/get file attachments and all.

• Don't connect to websocket unless valid auth token.
• /api/import should also have some form of auth
• /api/file-attachments should also have some auth
• What about multiple clients? Not sure how jupyter handles this...
• Toggle-able, let people expose a dev server if they really want to