@lifeaitools/clauth 0.3.0 → 0.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/cli/api.js +4 -0
  2. package/cli/commands/serve.js +678 -33
  3. package/cli/index.js +492 -500
  4. package/package.json +1 -1
  5. package/supabase/functions/auth-vault/index.ts +14 -2
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lifeaitools/clauth",
3
- "version": "0.3.0",
3
+ "version": "0.3.5",
4
4
  "description": "Hardware-bound credential vault for the LIFEAI infrastructure stack",
5
5
  "type": "module",
6
6
  "bin": {
package/supabase/functions/auth-vault/index.ts CHANGED
@@ -159,6 +159,17 @@ async function handleStatus(sb: any, mh: string) {
159
159
  return { services: services || [] };
160
160
  }
161
161
 
162
+ async function handleChangePassword(sb: any, body: any, mh: string) {
163
+ const { new_hmac_seed_hash } = body;
164
+ if (!new_hmac_seed_hash) return { error: "new_hmac_seed_hash required" };
165
+ const { error } = await sb.from("clauth_machines")
166
+ .update({ hmac_seed_hash: new_hmac_seed_hash, fail_count: 0, locked: false })
167
+ .eq("machine_hash", mh);
168
+ if (error) return { error: error.message };
169
+ await auditLog(sb, mh, "system", "change-password", "success");
170
+ return { success: true };
171
+ }
172
+
162
173
  async function handleRegisterMachine(sb: any, body: any) {
163
174
  const { machine_hash, hmac_seed_hash, label, admin_token } = body;
164
175
  if (admin_token !== ADMIN_BOOTSTRAP_TOKEN) return { error: "invalid_admin_token" };
@@ -216,8 +227,9 @@ Deno.serve(async (req: Request) => {
216
227
  case "add": return Response.json(await handleAdd(sb, body, mh));
217
228
  case "remove": return Response.json(await handleRemove(sb, body, mh));
218
229
  case "revoke": return Response.json(await handleRevoke(sb, body, mh));
219
- case "status": return Response.json(await handleStatus(sb, mh));
220
- case "test": return Response.json({ valid: true, machine_hash: mh, timestamp: body.timestamp, ip });
230
+ case "status": return Response.json(await handleStatus(sb, mh));
231
+ case "change-password": return Response.json(await handleChangePassword(sb, body, mh));
232
+ case "test": return Response.json({ valid: true, machine_hash: mh, timestamp: body.timestamp, ip });
221
233
  default: return Response.json({ error: "unknown_route", route }, { status: 404 });
222
234
  }
223
235
  });