@atercates/claude-deck 0.2.2 → 0.2.4

package/app/api/auth/login/route.ts

@@ -0,0 +1,57 @@
+import { NextRequest, NextResponse } from "next/server";
+import { queries } from "@/lib/db";
+import {
+  verifyPassword,
+  verifyTotpCode,
+  createSession,
+  buildSessionCookie,
+  checkRateLimit,
+} from "@/lib/auth";
+
+export async function POST(request: NextRequest) {
+  const ip =
+    request.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ||
+    request.headers.get("x-real-ip") ||
+    "unknown";
+
+  const rateCheck = checkRateLimit(ip);
+  if (!rateCheck.allowed) {
+    return NextResponse.json(
+      { error: "Too many login attempts. Try again later." },
+      {
+        status: 429,
+        headers: { "Retry-After": String(rateCheck.retryAfterSeconds) },
+      }
+    );
+  }
+
+  const body = await request.json();
+  const { username, password, totpCode } = body;
+
+  const INVALID = NextResponse.json(
+    { error: "Invalid credentials" },
+    { status: 401 }
+  );
+
+  if (!username || !password) return INVALID;
+
+  const user = queries.getUserByUsername(username);
+  if (!user) return INVALID;
+
+  const validPassword = await verifyPassword(password, user.password_hash);
+  if (!validPassword) return INVALID;
+
+  if (user.totp_secret) {
+    if (!totpCode) {
+      return NextResponse.json({ requiresTotp: true });
+    }
+    if (!verifyTotpCode(user.totp_secret, totpCode)) {
+      return INVALID;
+    }
+  }
+
+  const { token } = createSession(user.id);
+  const response = NextResponse.json({ ok: true });
+  response.headers.set("Set-Cookie", buildSessionCookie(token));
+  return response;
+}

package/app/api/auth/logout/route.ts

@@ -0,0 +1,13 @@
+import { NextRequest, NextResponse } from "next/server";
+import { deleteSession, buildClearCookie, COOKIE_NAME } from "@/lib/auth";
+
+export async function POST(request: NextRequest) {
+  const token = request.cookies.get(COOKIE_NAME)?.value;
+  if (token) {
+    deleteSession(token);
+  }
+
+  const response = NextResponse.json({ ok: true });
+  response.headers.set("Set-Cookie", buildClearCookie());
+  return response;
+}

package/app/api/auth/session/route.ts

@@ -0,0 +1,29 @@
+import { NextRequest, NextResponse } from "next/server";
+import {
+  validateSession,
+  renewSession,
+  COOKIE_NAME,
+  hasUsers,
+} from "@/lib/auth";
+
+export async function GET(request: NextRequest) {
+  if (!hasUsers()) {
+    return NextResponse.json({ authenticated: false, needsSetup: true });
+  }
+
+  const token = request.cookies.get(COOKIE_NAME)?.value;
+  if (!token) {
+    return NextResponse.json({ authenticated: false }, { status: 401 });
+  }
+
+  const user = validateSession(token);
+  if (!user) {
+    return NextResponse.json({ authenticated: false }, { status: 401 });
+  }
+
+  renewSession(token);
+  return NextResponse.json({
+    authenticated: true,
+    username: user.username,
+  });
+}

package/app/api/auth/setup/route.ts

@@ -0,0 +1,67 @@
+import { NextRequest, NextResponse } from "next/server";
+import { randomBytes } from "crypto";
+import { queries } from "@/lib/db";
+import {
+  hashPassword,
+  verifyTotpCode,
+  createSession,
+  buildSessionCookie,
+  hasUsers,
+} from "@/lib/auth";
+
+export async function POST(request: NextRequest) {
+  if (hasUsers()) {
+    return NextResponse.json(
+      { error: "Setup already completed" },
+      { status: 403 }
+    );
+  }
+
+  const body = await request.json();
+  const { username, password, totpSecret, totpCode } = body;
+
+  if (
+    !username ||
+    typeof username !== "string" ||
+    username.length < 3 ||
+    username.length > 32 ||
+    !/^[a-zA-Z0-9_]+$/.test(username)
+  ) {
+    return NextResponse.json(
+      {
+        error:
+          "Username must be 3-32 characters, alphanumeric and underscore only",
+      },
+      { status: 400 }
+    );
+  }
+
+  if (!password || typeof password !== "string" || password.length < 8) {
+    return NextResponse.json(
+      { error: "Password must be at least 8 characters" },
+      { status: 400 }
+    );
+  }
+
+  if (totpSecret) {
+    if (!totpCode || !verifyTotpCode(totpSecret, totpCode)) {
+      return NextResponse.json(
+        {
+          error:
+            "Invalid TOTP code. Scan the QR code again and enter the current code.",
+        },
+        { status: 400 }
+      );
+    }
+  }
+
+  const id = randomBytes(16).toString("hex");
+  const passwordHash = await hashPassword(password);
+
+  queries.createUser(id, username, passwordHash, totpSecret || null);
+
+  const { token } = createSession(id);
+  const response = NextResponse.json({ ok: true });
+  response.headers.set("Set-Cookie", buildSessionCookie(token));
+  return response;
+}

package/app/api/sessions/status/acknowledge/route.ts

@@ -0,0 +1,8 @@
+import { NextResponse } from "next/server";
+
+export async function POST() {
+  // With JSONL-based detection, acknowledge is a no-op.
+  // Status is determined by file content, not by a flag.
+  // The endpoint exists for API compatibility.
+  return NextResponse.json({ ok: true });
+}

package/app/api/sessions/status/route.ts

@@ -1,237 +1,6 @@
 import { NextResponse } from "next/server";
-import { exec } from "child_process";
-import { promisify } from "util";
-import * as fs from "fs";
-import * as path from "path";
-import * as os from "os";
-import { statusDetector, type SessionStatus } from "@/lib/status-detector";
-import type { AgentType } from "@/lib/providers";
-import {
-  getManagedSessionPattern,
-  getProviderIdFromSessionName,
-  getSessionIdFromName,
-} from "@/lib/providers/registry";
-import { getDb } from "@/lib/db";
-
-const execAsync = promisify(exec);
-
-interface SessionStatusResponse {
-  sessionName: string;
-  status: SessionStatus;
-  lastLine?: string;
-  claudeSessionId?: string | null;
-  agentType?: AgentType;
-}
-
-async function getTmuxSessions(): Promise<string[]> {
-  try {
-    const { stdout } = await execAsync(
-      "tmux list-sessions -F '#{session_name}' 2>/dev/null || true"
-    );
-    return stdout.trim().split("\n").filter(Boolean);
-  } catch {
-    return [];
-  }
-}
-
-async function getTmuxSessionCwd(sessionName: string): Promise<string | null> {
-  try {
-    const { stdout } = await execAsync(
-      `tmux display-message -t "${sessionName}" -p "#{pane_current_path}" 2>/dev/null || echo ""`
-    );
-    const cwd = stdout.trim();
-    return cwd || null;
-  } catch {
-    return null;
-  }
-}
-
-// Get Claude session ID from tmux environment variable
-async function getClaudeSessionIdFromEnv(
-  sessionName: string
-): Promise<string | null> {
-  try {
-    const { stdout } = await execAsync(
-      `tmux show-environment -t "${sessionName}" CLAUDE_SESSION_ID 2>/dev/null || echo ""`
-    );
-    const line = stdout.trim();
-    if (line.startsWith("CLAUDE_SESSION_ID=")) {
-      const sessionId = line.replace("CLAUDE_SESSION_ID=", "");
-      if (sessionId && sessionId !== "null") {
-        return sessionId;
-      }
-    }
-    return null;
-  } catch {
-    return null;
-  }
-}
-
-// Get Claude session ID by looking at session files on disk
-function getClaudeSessionIdFromFiles(projectPath: string): string | null {
-  const home = os.homedir();
-  const claudeDir = process.env.CLAUDE_CONFIG_DIR || path.join(home, ".claude");
-  const projectDirName = projectPath.replace(/\//g, "-");
-  const projectDir = path.join(claudeDir, "projects", projectDirName);
-
-  if (!fs.existsSync(projectDir)) {
-    return null;
-  }
-
-  const uuidPattern =
-    /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\.jsonl$/;
-
-  try {
-    const files = fs.readdirSync(projectDir);
-    let mostRecent: string | null = null;
-    let mostRecentTime = 0;
-
-    for (const file of files) {
-      if (file.startsWith("agent-")) continue;
-      if (!uuidPattern.test(file)) continue;
-
-      const filePath = path.join(projectDir, file);
-      const stat = fs.statSync(filePath);
-
-      if (stat.mtimeMs > mostRecentTime) {
-        mostRecentTime = stat.mtimeMs;
-        mostRecent = file.replace(".jsonl", "");
-      }
-    }
-
-    if (mostRecent && Date.now() - mostRecentTime < 5 * 60 * 1000) {
-      return mostRecent;
-    }
-
-    const configFile = path.join(claudeDir, ".claude.json");
-    if (fs.existsSync(configFile)) {
-      try {
-        const config = JSON.parse(fs.readFileSync(configFile, "utf-8"));
-        if (config.projects?.[projectPath]?.lastSessionId) {
-          return config.projects[projectPath].lastSessionId;
-        }
-      } catch {
-        // Ignore config parse errors
-      }
-    }
-
-    return null;
-  } catch {
-    return null;
-  }
-}
-
-async function getClaudeSessionId(sessionName: string): Promise<string | null> {
-  const envId = await getClaudeSessionIdFromEnv(sessionName);
-  if (envId) {
-    return envId;
-  }
-
-  const cwd = await getTmuxSessionCwd(sessionName);
-  if (cwd) {
-    return getClaudeSessionIdFromFiles(cwd);
-  }
-
-  return null;
-}
-
-async function getLastLine(sessionName: string): Promise<string> {
-  try {
-    const { stdout } = await execAsync(
-      `tmux capture-pane -t "${sessionName}" -p -S -5 2>/dev/null || echo ""`
-    );
-    const lines = stdout.trim().split("\n").filter(Boolean);
-    return lines.pop() || "";
-  } catch {
-    return "";
-  }
-}
-
-// UUID pattern for claude-deck managed sessions (derived from registry)
-const UUID_PATTERN = getManagedSessionPattern();
-
-// Track previous statuses to detect changes
-const previousStatuses = new Map<string, SessionStatus>();
-
-function getAgentTypeFromSessionName(sessionName: string): AgentType {
-  return getProviderIdFromSessionName(sessionName) || "claude";
-}
+import { getStatusSnapshot } from "@/lib/status-monitor";
 
 export async function GET() {
-  try {
-    const sessions = await getTmuxSessions();
-
-    // Get status for claude-deck managed sessions
-    const managedSessions = sessions.filter((s) => UUID_PATTERN.test(s));
-
-    // Use the new status detector
-    const statusMap: Record<string, SessionStatusResponse> = {};
-
-    const db = getDb();
-    const sessionsToUpdate: string[] = [];
-
-    // Process all sessions in parallel for speed
-    const sessionPromises = managedSessions.map(async (sessionName) => {
-      const [status, claudeSessionId, lastLine] = await Promise.all([
-        statusDetector.getStatus(sessionName),
-        getClaudeSessionId(sessionName),
-        getLastLine(sessionName),
-      ]);
-      const id = getSessionIdFromName(sessionName);
-      const agentType = getAgentTypeFromSessionName(sessionName);
-
-      return { sessionName, id, status, claudeSessionId, lastLine, agentType };
-    });
-
-    const results = await Promise.all(sessionPromises);
-
-    for (const {
-      sessionName,
-      id,
-      status,
-      claudeSessionId,
-      lastLine,
-      agentType,
-    } of results) {
-      // Track status changes - update DB when session becomes active
-      const prevStatus = previousStatuses.get(id);
-      if (status === "running" || status === "waiting") {
-        if (prevStatus !== status) {
-          sessionsToUpdate.push(id);
-        }
-      }
-      previousStatuses.set(id, status);
-
-      statusMap[id] = {
-        sessionName,
-        status,
-        lastLine,
-        claudeSessionId,
-        agentType,
-      };
-    }
-
-    // Batch update sessions and claude_session_id
-    for (const id of sessionsToUpdate) {
-      db.prepare(
-        "UPDATE sessions SET updated_at = datetime('now') WHERE id = ?"
-      ).run(id);
-    }
-
-    for (const { id, claudeSessionId } of results) {
-      if (claudeSessionId) {
-        db.prepare(
-          "UPDATE sessions SET claude_session_id = ? WHERE id = ? AND (claude_session_id IS NULL OR claude_session_id != ?)"
-        ).run(claudeSessionId, id, claudeSessionId);
-      }
-    }
-
-    // Cleanup old trackers
-    statusDetector.cleanup();
-
-    return NextResponse.json({ statuses: statusMap });
-  } catch (error) {
-    console.error("Error getting session statuses:", error);
-    return NextResponse.json({ statuses: {} });
-  }
+  return NextResponse.json({ statuses: getStatusSnapshot() });
 }

package/app/login/page.tsx

@@ -0,0 +1,192 @@
+"use client";
+
+import { useState, useRef, useEffect } from "react";
+import { useRouter } from "next/navigation";
+import { Button } from "@/components/ui/button";
+import { Input } from "@/components/ui/input";
+import { Loader2, Lock, Eye, EyeOff } from "lucide-react";
+
+export default function LoginPage() {
+  const router = useRouter();
+  const [username, setUsername] = useState("");
+  const [password, setPassword] = useState("");
+  const [totpCode, setTotpCode] = useState("");
+  const [showPassword, setShowPassword] = useState(false);
+  const [error, setError] = useState("");
+  const [loading, setLoading] = useState(false);
+  const [step, setStep] = useState<"credentials" | "totp">("credentials");
+  const totpInputRef = useRef<HTMLInputElement>(null);
+
+  useEffect(() => {
+    if (step === "totp" && totpInputRef.current) {
+      totpInputRef.current.focus();
+    }
+  }, [step]);
+
+  const handleSubmit = async (e: React.FormEvent) => {
+    e.preventDefault();
+    setError("");
+    setLoading(true);
+
+    try {
+      const res = await fetch("/api/auth/login", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          username,
+          password,
+          ...(step === "totp" ? { totpCode } : {}),
+        }),
+      });
+
+      const data = await res.json();
+
+      if (res.status === 429) {
+        setError(
+          `Too many attempts. Try again in ${data.retryAfterSeconds || 60}s.`
+        );
+        return;
+      }
+
+      if (data.requiresTotp) {
+        setStep("totp");
+        return;
+      }
+
+      if (!res.ok) {
+        setError(data.error || "Invalid credentials");
+        if (step === "totp") setTotpCode("");
+        return;
+      }
+
+      router.push("/");
+      router.refresh();
+    } catch {
+      setError("Connection error");
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  useEffect(() => {
+    if (step === "totp" && totpCode.length === 6) {
+      const form = document.getElementById("login-form") as HTMLFormElement;
+      form?.requestSubmit();
+    }
+  }, [totpCode, step]);
+
+  return (
+    <div className="bg-background flex min-h-screen items-center justify-center p-4">
+      <div className="border-border bg-card w-full max-w-sm rounded-xl border p-8 shadow-lg">
+        <div className="mb-8 text-center">
+          <div className="bg-primary/10 text-primary mx-auto mb-4 flex h-12 w-12 items-center justify-center rounded-full">
+            <Lock className="h-6 w-6" />
+          </div>
+          <h1 className="text-foreground text-2xl font-semibold">ClaudeDeck</h1>
+          <p className="text-muted-foreground mt-1 text-sm">
+            {step === "credentials"
+              ? "Sign in to continue"
+              : "Enter your 2FA code"}
+          </p>
+        </div>
+
+        <form id="login-form" onSubmit={handleSubmit} className="space-y-4">
+          {step === "credentials" ? (
+            <>
+              <div className="space-y-2">
+                <label
+                  htmlFor="username"
+                  className="text-foreground text-sm font-medium"
+                >
+                  Username
+                </label>
+                <Input
+                  id="username"
+                  type="text"
+                  value={username}
+                  onChange={(e) => setUsername(e.target.value)}
+                  autoComplete="username"
+                  autoFocus
+                  required
+                />
+              </div>
+              <div className="space-y-2">
+                <label
+                  htmlFor="password"
+                  className="text-foreground text-sm font-medium"
+                >
+                  Password
+                </label>
+                <div className="relative">
+                  <Input
+                    id="password"
+                    type={showPassword ? "text" : "password"}
+                    value={password}
+                    onChange={(e) => setPassword(e.target.value)}
+                    autoComplete="current-password"
+                    required
+                  />
+                  <button
+                    type="button"
+                    onClick={() => setShowPassword(!showPassword)}
+                    className="text-muted-foreground hover:text-foreground absolute top-1/2 right-3 -translate-y-1/2"
+                    tabIndex={-1}
+                  >
+                    {showPassword ? (
+                      <EyeOff className="h-4 w-4" />
+                    ) : (
+                      <Eye className="h-4 w-4" />
+                    )}
+                  </button>
+                </div>
+              </div>
+            </>
+          ) : (
+            <div className="space-y-2">
+              <label
+                htmlFor="totp"
+                className="text-foreground text-sm font-medium"
+              >
+                Authentication code
+              </label>
+              <Input
+                ref={totpInputRef}
+                id="totp"
+                type="text"
+                inputMode="numeric"
+                pattern="[0-9]*"
+                maxLength={6}
+                value={totpCode}
+                onChange={(e) => setTotpCode(e.target.value.replace(/\D/g, ""))}
+                placeholder="000000"
+                className="text-center text-2xl tracking-[0.5em]"
+                autoComplete="one-time-code"
+                required
+              />
+              <button
+                type="button"
+                onClick={() => {
+                  setStep("credentials");
+                  setTotpCode("");
+                  setError("");
+                }}
+                className="text-muted-foreground hover:text-foreground text-xs underline"
+              >
+                Back to login
+              </button>
+            </div>
+          )}
+
+          {error && (
+            <p className="text-destructive text-center text-sm">{error}</p>
+          )}
+
+          <Button type="submit" className="w-full" disabled={loading}>
+            {loading && <Loader2 className="h-4 w-4 animate-spin" />}
+            {step === "credentials" ? "Sign in" : "Verify"}
+          </Button>
+        </form>
+      </div>
+    </div>
+  );
+}

package/app/page.tsx

@@ -296,6 +296,37 @@ function HomeContent() {
     [addTab, focusedPaneId, buildSessionCommand, runSessionInTerminal]
   );
 
+  // Attach to an already-running tmux session (non-destructive)
+  const attachToActiveTmux = useCallback(
+    (sessionId: string, tmuxSessionName: string) => {
+      const terminalInfo = getTerminalWithFallback();
+      if (!terminalInfo) return;
+
+      const { terminal, paneId } = terminalInfo;
+      const activeTab = getActiveTab(paneId);
+      const isInTmux = !!activeTab?.attachedTmux;
+
+      if (isInTmux) {
+        terminal.sendInput("\x02d");
+      }
+
+      setTimeout(
+        () => {
+          terminal.sendInput("\x03");
+          setTimeout(() => {
+            terminal.sendCommand(
+              `tmux attach -t ${tmuxSessionName} 2>/dev/null`
+            );
+            attachSession(paneId, sessionId, tmuxSessionName);
+            terminal.focus();
+          }, 50);
+        },
+        isInTmux ? 100 : 0
+      );
+    },
+    [getTerminalWithFallback, getActiveTab, attachSession]
+  );
+
   const resumeClaudeSession = useCallback(
     (
       claudeSessionId: string,
@@ -464,6 +495,7 @@ function HomeContent() {
         paneId={paneId}
         sessions={sessions}
         projects={projects}
+        sessionStatuses={sessionStatuses}
         onRegisterTerminal={registerTerminalRef}
         onMenuClick={isMobile ? () => setSidebarOpen(true) : undefined}
         onSelectSession={handleSelectSession}
@@ -473,6 +505,7 @@ function HomeContent() {
     [
       sessions,
       projects,
+      sessionStatuses,
       registerTerminalRef,
       isMobile,
       handleSelectSession,
@@ -586,6 +619,7 @@ function HomeContent() {
     updateSettings,
     requestPermission,
     attachToSession,
+    attachToActiveTmux,
     openSessionInNewTab,
     handleNewSessionInProject,
     handleOpenTerminal,