npm - @inetafrica/open-claudia - Versions diffs - 1.8.0 → 1.9.0 - Mend

@inetafrica/open-claudia 1.8.0 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/web.js +53 -2

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@inetafrica/open-claudia",
-  "version": "1.8.0",
+  "version": "1.9.0",
   "description": "Your always-on AI coding assistant — Claude Code via Telegram",
   "main": "bot.js",
   "bin": {

package/web.js CHANGED Viewed

@@ -30,8 +30,24 @@ function getPassword() {
   return initial;
 }
+const PASSWORD_CHANGED_FILE = path.join(CONFIG_DIR, ".password-changed");
+function isPasswordChanged() {
+  return fs.existsSync(PASSWORD_CHANGED_FILE);
+}
+function validatePasswordComplexity(pw) {
+  if (pw.length < 12) return "Password must be at least 12 characters";
+  if (!/[A-Z]/.test(pw)) return "Must contain at least one uppercase letter";
+  if (!/[a-z]/.test(pw)) return "Must contain at least one lowercase letter";
+  if (!/[0-9]/.test(pw)) return "Must contain at least one number";
+  if (!/[^A-Za-z0-9]/.test(pw)) return "Must contain at least one symbol (!@#$%^&*)";
+  return null;
+}
 function setPassword(newPassword) {
   fs.writeFileSync(WEB_PASSWORD_FILE, newPassword);
+  fs.writeFileSync(PASSWORD_CHANGED_FILE, new Date().toISOString());
 }
 function checkAuth(req) {
@@ -122,7 +138,7 @@ async function handleAPI(req, res, body) {
         "Content-Type": "application/json",
         "Set-Cookie": `oc_session=${authToken()}; Path=/; HttpOnly; SameSite=Strict; Max-Age=86400`,
       });
-      return res.end(JSON.stringify({ ok: true }));
+      return res.end(JSON.stringify({ ok: true, mustChangePassword: !isPasswordChanged() }));
     }
     res.writeHead(401, { "Content-Type": "application/json" });
     return res.end(JSON.stringify({ ok: false, error: "Wrong password" }));
@@ -309,6 +325,11 @@ async function handleAPI(req, res, body) {
       res.writeHead(400, { "Content-Type": "application/json" });
       return res.end(JSON.stringify({ error: "Wrong current password" }));
     }
+    const complexityError = validatePasswordComplexity(newPassword);
+    if (complexityError) {
+      res.writeHead(400, { "Content-Type": "application/json" });
+      return res.end(JSON.stringify({ error: complexityError }));
+    }
     setPassword(newPassword);
     res.writeHead(200, {
       "Content-Type": "application/json",
@@ -409,10 +430,40 @@ function showLogin() {
 async function doLogin() {
   const pw = $("#pw").value;
   const r = await api("/api/login", { method: "POST", body: { password: pw } });
-  if (r?.ok) init();
+  if (r?.ok && r.mustChangePassword) showForceChangePassword(pw);
+  else if (r?.ok) init();
   else $("#login-msg").innerHTML = '<div class="msg err">Wrong password</div>';
 }
+function showForceChangePassword(currentPw) {
+  $("#app").innerHTML = \`
+    <div class="login-page"><div class="login-box">
+      <h1>Change Password</h1>
+      <p class="subtitle">You must set a secure password before continuing</p>
+      <div id="change-msg"></div>
+      <div class="card">
+        <div class="form-group">
+          <input type="password" id="new-pw-1" placeholder="New password">
+        </div>
+        <div class="form-group">
+          <input type="password" id="new-pw-2" placeholder="Confirm password" onkeydown="if(event.key==='Enter')doForceChange()">
+        </div>
+        <p style="font-size:11px;color:#888;margin:8px 0">Min 12 chars, uppercase, lowercase, number, and symbol</p>
+        <button onclick="doForceChange()" style="width:100%">Set Password</button>
+      </div>
+    </div></div>\`;
+  window._forceChangePw = currentPw;
+  setTimeout(() => $("#new-pw-1")?.focus(), 100);
+}
+async function doForceChange() {
+  const p1 = $("#new-pw-1").value, p2 = $("#new-pw-2").value;
+  if (p1 !== p2) { $("#change-msg").innerHTML = '<div class="msg err">Passwords do not match</div>'; return; }
+  const r = await api("/api/password", { method: "POST", body: { current: window._forceChangePw, newPassword: p1 } });
+  if (r?.ok) { delete window._forceChangePw; init(); }
+  else $("#change-msg").innerHTML = '<div class="msg err">' + (r?.error || "Failed") + '</div>';
+}
 function render() {
   const tabs = [
     { id: "dashboard", label: "Dashboard" },