@axhub/genie 0.2.1 → 0.2.3

package/server/index.js

@@ -155,52 +155,29 @@ function compareSemver(v1, v2) {
 }
 
 function readLatestVersionFromNpmRegistry() {
-    return new Promise((resolve, reject) => {
-        const npmCommand = getNpmCommand();
-        const child = spawn(npmCommand, ['view', UPDATE_PACKAGE_NAME, 'version', 'time', '--json'], {
-            cwd: path.join(__dirname, '..'),
-            env: process.env
-        });
-
-        let output = '';
-        let errorOutput = '';
-
-        child.stdout.on('data', (data) => {
-            output += data.toString();
-        });
-
-        child.stderr.on('data', (data) => {
-            errorOutput += data.toString();
-        });
-
-        child.on('close', (code) => {
-            if (code !== 0) {
-                reject(new Error(errorOutput || `npm view exited with code ${code}`));
-                return;
+    return (async () => {
+        const registryUrl = `https://registry.npmjs.org/${encodeURIComponent(UPDATE_PACKAGE_NAME)}`;
+        const response = await fetch(registryUrl, {
+            headers: {
+                Accept: 'application/json'
             }
+        });
 
-            try {
-                const parsed = JSON.parse(output.trim());
-                const latestVersion = parsed?.version;
-                if (!latestVersion) {
-                    reject(new Error('npm view returned no version'));
-                    return;
-                }
+        if (!response.ok) {
+            throw new Error(`npm registry request failed: ${response.status}`);
+        }
 
-                const publishedAt = parsed?.time?.[latestVersion] || parsed?.time?.modified || null;
-                resolve({
-                    latestVersion,
-                    publishedAt
-                });
-            } catch (error) {
-                reject(new Error(`failed to parse npm view output: ${error.message}`));
-            }
-        });
+        const parsed = await response.json();
+        const latestVersion = parsed?.['dist-tags']?.latest;
+        if (!latestVersion) {
+            throw new Error('npm registry returned no latest version');
+        }
 
-        child.on('error', (error) => {
-            reject(error);
-        });
-    });
+        return {
+            latestVersion,
+            publishedAt: parsed?.time?.[latestVersion] || parsed?.time?.modified || null
+        };
+    })();
 }
 
 async function getSystemVersionInfo(forceRefresh = false) {
@@ -579,7 +556,8 @@ app.post('/api/system/update', authenticateToken, async (req, res) => {
         // Run npm global update command
         const child = spawn(npmCommand, updateArgs, {
             cwd: projectRoot,
-            env: process.env
+            env: process.env,
+            stdio: ['ignore', 'pipe', 'pipe']
         });
 
         let output = '';

package/server/middleware/auth.js

@@ -5,6 +5,11 @@ import { IS_PLATFORM } from '../constants/config.js';
 // Get JWT secret from environment or use default (for development)
 const JWT_SECRET = process.env.JWT_SECRET || 'claude-ui-dev-secret-change-in-production';
 
+const PUBLIC_GET_ROUTE_PATTERNS = [
+  /^\/api\/system\/version\/?$/i,
+  /^\/api\/session-core\/providers(?:\/[^/]+)?\/?$/i,
+];
+
 // Optional API key middleware
 const validateApiKey = (req, res, next) => {
   // Skip API key validation if not configured
@@ -21,6 +26,15 @@ const validateApiKey = (req, res, next) => {
 
 // JWT authentication middleware
 const authenticateToken = async (req, res, next) => {
+  const requestPath = String(req.originalUrl || req.url || req.path || '').split('?')[0];
+
+  if (
+    req.method === 'GET'
+    && PUBLIC_GET_ROUTE_PATTERNS.some((pattern) => pattern.test(requestPath))
+  ) {
+    return next();
+  }
+
   // Platform mode:  use single database user
   if (IS_PLATFORM) {
     try {
@@ -114,4 +128,4 @@ export {
   generateToken,
   authenticateWebSocket,
   JWT_SECRET
-};
+};