@lifeaitools/clauth 0.3.6 → 0.3.7

package/cli/commands/serve.js

@@ -110,6 +110,11 @@ function dashboardHtml(port, whitelist) {
   .btn-cancel{background:transparent;color:#64748b;padding:6px 10px}.btn-cancel:hover{color:#94a3b8}
   .btn-check{background:#0f2d2d;color:#34d399;border:1px solid #064e3b;padding:7px 16px;font-size:.85rem;border-radius:7px;cursor:pointer;font-weight:500;transition:all .15s}
   .btn-check:hover{background:#134e4a;border-color:#34d399}.btn-check:disabled{opacity:.5;cursor:not-allowed}
+  .btn-enable{background:#14291a;color:#4ade80;border:1px solid #166534}.btn-enable:hover{background:#1a3d22;border-color:#4ade80}
+  .btn-disable{background:#2d1f1f;color:#f87171;border:1px solid #7f1d1d}.btn-disable:hover{background:#3d2525;border-color:#f87171}
+  .svc-badge{font-size:.7rem;font-weight:600;padding:2px 7px;border-radius:4px;letter-spacing:.4px;text-transform:uppercase}
+  .svc-badge.on{background:rgba(74,222,128,.12);color:#4ade80;border:1px solid rgba(74,222,128,.25)}
+  .svc-badge.off{background:rgba(248,113,113,.1);color:#f87171;border:1px solid rgba(248,113,113,.2)}
   .status-dot{width:8px;height:8px;border-radius:50%;flex-shrink:0;opacity:0;transition:opacity .3s;margin-top:4px;cursor:default}
   .status-dot.checking{background:#f59e0b;opacity:1;animation:pulse 1s infinite}
   .status-dot.ok{background:#22c55e;opacity:1}
@@ -294,7 +299,10 @@ async function loadServices() {
         <div style="display:flex;align-items:flex-start;justify-content:space-between">
           <div>
             <div class="card-name">\${s.name}</div>
-            <div class="card-type">\${s.key_type || "secret"}</div>
+            <div style="display:flex;align-items:center;gap:6px;margin-top:2px">
+              <div class="card-type">\${s.key_type || "secret"}</div>
+              <span class="svc-badge \${s.enabled === false ? "off" : "on"}" id="badge-\${s.name}">\${s.enabled === false ? "disabled" : "enabled"}</span>
+            </div>
             \${KEY_URLS[s.name] ? \`<a class="card-getkey" href="\${KEY_URLS[s.name]}" target="_blank" rel="noopener">↗ Get / rotate key</a>\` : ""}
           </div>
           <div class="status-dot" id="sdot-\${s.name}" title=""></div>
@@ -304,6 +312,7 @@ async function loadServices() {
           <button class="btn btn-reveal" onclick="reveal('\${s.name}', this)">Reveal</button>
           <button class="btn btn-copy" id="copybtn-\${s.name}" style="display:none" onclick="copyKey('\${s.name}')">Copy</button>
           <button class="btn btn-set" onclick="toggleSet('\${s.name}')">Set</button>
+          <button class="btn \${s.enabled === false ? "btn-enable" : "btn-disable"}" id="togbtn-\${s.name}" onclick="toggleService('\${s.name}')">\${s.enabled === false ? "Enable" : "Disable"}</button>
         </div>
         <div class="set-panel" id="set-panel-\${s.name}">
           <label>New value for <strong>\${s.name}</strong> — paste here, never in chat</label>
@@ -392,6 +401,39 @@ async function saveKey(name) {
   }
 }
 
+// ── Enable / Disable service ────────────────
+async function toggleService(name) {
+  const badge  = document.getElementById("badge-" + name);
+  const btn    = document.getElementById("togbtn-" + name);
+  const currently = badge.classList.contains("on");
+  const newState  = !currently;
+
+  btn.disabled = true; btn.textContent = "…";
+
+  try {
+    const r = await fetch(BASE + "/toggle/" + name, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ enabled: newState })
+    }).then(r => r.json());
+
+    if (r.locked) { showLockScreen(); return; }
+    if (r.error) throw new Error(r.error);
+
+    badge.className = "svc-badge " + (newState ? "on" : "off");
+    badge.textContent = newState ? "enabled" : "disabled";
+    btn.className = "btn " + (newState ? "btn-disable" : "btn-enable");
+    btn.textContent = newState ? "Disable" : "Enable";
+  } catch (e) {
+    btn.textContent = "Error";
+    setTimeout(() => {
+      btn.textContent = currently ? "Disable" : "Enable";
+    }, 2000);
+  } finally {
+    btn.disabled = false;
+  }
+}
+
 // ── Check all credentials ───────────────────
 async function checkAll() {
   const btn = document.getElementById("check-btn");
@@ -674,6 +716,34 @@ function createServer(initPassword, whitelist, port) {
       return ok(res, { ok: true, locked: true });
     }
 
+    // POST /toggle/:service — enable or disable a service
+    const toggleMatch = reqPath.match(/^\/toggle\/([a-zA-Z0-9_-]+)$/);
+    if (method === "POST" && toggleMatch) {
+      if (lockedGuard(res)) return;
+      const service = toggleMatch[1].toLowerCase();
+
+      let body;
+      try { body = await readBody(req); } catch {
+        res.writeHead(400, { "Content-Type": "application/json", ...CORS });
+        return res.end(JSON.stringify({ error: "Invalid JSON body" }));
+      }
+
+      const { enabled } = body;
+      if (typeof enabled !== "boolean") {
+        res.writeHead(400, { "Content-Type": "application/json", ...CORS });
+        return res.end(JSON.stringify({ error: "enabled must be boolean" }));
+      }
+
+      try {
+        const { token, timestamp } = deriveToken(password, machineHash);
+        const result = await api.enable(password, machineHash, token, timestamp, service, enabled);
+        if (result.error) return strike(res, 502, result.error);
+        return ok(res, { ok: true, service, enabled });
+      } catch (err) {
+        return strike(res, 502, err.message);
+      }
+    }
+
     // GET /check-all — soft health check, no strikes for missing/disabled keys
     if (method === "GET" && reqPath === "/check-all") {
       if (lockedGuard(res)) return;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lifeaitools/clauth",
-  "version": "0.3.6",
+  "version": "0.3.7",
   "description": "Hardware-bound credential vault for the LIFEAI infrastructure stack",
   "type": "module",
   "bin": {