npm - @lamalibre/create-portlama - Versions diffs - 1.0.21 → 1.0.22 - Mend

@lamalibre/create-portlama 1.0.21 → 1.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +1 -1
package/vendor/panel-server/src/lib/invite-page.js +32 -7
package/vendor/panel-server/src/routes/invite.js +13 -1

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lamalibre/create-portlama",
-  "version": "1.0.21",
+  "version": "1.0.22",
   "description": "One-command setup for secure reverse tunnels with a management dashboard",
   "type": "module",
   "license": "SEE LICENSE IN LICENSE.md",

package/vendor/panel-server/src/lib/invite-page.js CHANGED Viewed

@@ -224,14 +224,39 @@ function generateInvitePageHtml() {
       function showSuccess(result) {
         app.className = 'card success-card';
         var loginBtn = result.loginUrl
-          ? '<a href="' + escapeHtml(result.loginUrl) + '" class="btn" style="text-decoration:none;text-align:center;display:block">Go to Login</a>'
+          ? '<a href="' + escapeHtml(result.loginUrl) + '" class="btn" style="text-decoration:none;text-align:center;display:block;margin-top:1rem">Go to Login</a>'
           : '';
-        app.innerHTML =
-          '<div class="icon">\\u2705</div>' +
-          '<h1>Account Created</h1>' +
-          '<p>Your account <strong style="color:#22d3ee">' + escapeHtml(result.username) + '</strong> has been created successfully.</p>' +
-          '<p>On your first login, you will be asked to set up two-factor authentication (TOTP) using an authenticator app.</p>' +
-          loginBtn;
+        if (result.totpUri) {
+          app.innerHTML =
+            '<div class="icon">\\u2705</div>' +
+            '<h1>Account Created</h1>' +
+            '<p>Your account <strong style="color:#22d3ee">' + escapeHtml(result.username) + '</strong> has been created.</p>' +
+            '<p style="margin-bottom:1.5rem">Scan this QR code with your authenticator app (Google Authenticator, Authy, etc.) to set up two-factor authentication.</p>' +
+            '<div id="qr-container" style="display:flex;justify-content:center;margin-bottom:1.5rem;background:#fff;border-radius:0.5rem;padding:1rem;max-width:220px;margin-left:auto;margin-right:auto"></div>' +
+            '<p style="font-size:0.75rem;color:#52525b;margin-bottom:1rem;word-break:break-all"><strong style="color:#a1a1aa">Manual entry:</strong> ' + escapeHtml(result.totpUri.match(/secret=([^&]+)/)?.[1] || '') + '</p>' +
+            '<div class="error-msg" style="background:#0f1c1c;border-color:#134e4a;color:#5eead4;text-align:center">\\u26A0\\uFE0F Save this before navigating away — it cannot be shown again.</div>' +
+            loginBtn;
+          // Load QR code library and render
+          var script = document.createElement('script');
+          script.src = 'https://cdn.jsdelivr.net/npm/qrcode-generator@1.4.4/qrcode.min.js';
+          script.onload = function() {
+            var qr = qrcode(0, 'M');
+            qr.addData(result.totpUri);
+            qr.make();
+            var container = document.getElementById('qr-container');
+            if (container) container.innerHTML = qr.createSvgTag(4, 0);
+          };
+          document.head.appendChild(script);
+        } else {
+          app.innerHTML =
+            '<div class="icon">\\u2705</div>' +
+            '<h1>Account Created</h1>' +
+            '<p>Your account <strong style="color:#22d3ee">' + escapeHtml(result.username) + '</strong> has been created successfully.</p>' +
+            '<p>Contact your administrator to set up two-factor authentication.</p>' +
+            loginBtn;
+        }
       }
       function escapeHtml(str) {

package/vendor/panel-server/src/routes/invite.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { z } from 'zod';
 import { readInvitations, writeInvitations } from '../lib/state.js';
-import { createUserFromInvitation, hashPassword, readUsersRaw } from '../lib/authelia.js';
+import { createUserFromInvitation, hashPassword, readUsersRaw, generateTotpSecret, writeTotpToDatabase } from '../lib/authelia.js';
 import { getConfig } from '../lib/config.js';
 const AcceptInvitationSchema = z.object({
@@ -101,6 +101,17 @@ export default async function inviteRoutes(fastify, _opts) {
       return reply.code(500).send({ error: 'Failed to create user account' });
     }
+    // Generate TOTP so the user can scan the QR code immediately
+    let totpUri = null;
+    try {
+      const { secret, uri } = generateTotpSecret(invitation.username);
+      await writeTotpToDatabase(invitation.username, secret);
+      totpUri = uri;
+    } catch (err) {
+      request.log.error(err, 'Failed to generate TOTP for invited user');
+      // Non-fatal: user was created, they can have admin reset TOTP later
+    }
     // Mark invitation as used
     invitation.used = true;
     invitation.acceptedAt = new Date().toISOString();
@@ -118,6 +129,7 @@ export default async function inviteRoutes(fastify, _opts) {
       ok: true,
       username: invitation.username,
       loginUrl,
+      totpUri,
     };
   });
 }