@lifeaitools/clauth 1.5.58 → 1.5.59
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli/commands/serve.js +30 -1
- package/package.json +1 -1
package/cli/commands/serve.js
CHANGED
|
@@ -4902,7 +4902,36 @@ async function verifyAuth(password) {
|
|
|
4902
4902
|
async function actionStart(opts) {
|
|
4903
4903
|
const isStaged = !!opts.staged || process.env.__CLAUTH_STAGED === "1";
|
|
4904
4904
|
const port = isStaged ? STAGED_PORT : parseInt(opts.port || String(LIVE_PORT), 10);
|
|
4905
|
-
|
|
4905
|
+
let password = opts.pw || null;
|
|
4906
|
+
|
|
4907
|
+
// Auto-unlock: if no --pw flag, try to decrypt boot.key (DPAPI on Windows, openssl on Linux)
|
|
4908
|
+
if (!password) {
|
|
4909
|
+
const bootKeyPath = getBootKeyPath();
|
|
4910
|
+
if (bootKeyPath && fs.existsSync(bootKeyPath)) {
|
|
4911
|
+
try {
|
|
4912
|
+
if (os.platform() === "win32") {
|
|
4913
|
+
const psExe = process.env.SystemRoot
|
|
4914
|
+
? `${process.env.SystemRoot}\\System32\\WindowsPowerShell\\v1.0\\powershell.exe`
|
|
4915
|
+
: "powershell.exe";
|
|
4916
|
+
const escaped = bootKeyPath.replace(/'/g, "''");
|
|
4917
|
+
const psExpr = `Add-Type -AssemblyName System.Security; [Text.Encoding]::UTF8.GetString([Security.Cryptography.ProtectedData]::Unprotect([Convert]::FromBase64String((Get-Content '${escaped}' -Raw).Trim()),\$null,'CurrentUser'))`;
|
|
4918
|
+
password = execSyncTop(`"${psExe}" -NoProfile -Command "${psExpr}"`, { encoding: "utf8", timeout: 5000 }).trim();
|
|
4919
|
+
if (!password) password = null;
|
|
4920
|
+
} else if (os.platform() !== "darwin") {
|
|
4921
|
+
// Linux: openssl decrypt with machine-id
|
|
4922
|
+
const machineId = execSyncTop("cat /etc/machine-id", { encoding: "utf8", timeout: 3000 }).trim();
|
|
4923
|
+
password = execSyncTop(`openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -pass pass:"${machineId}" -base64 -d < "${bootKeyPath}"`, { encoding: "utf8", timeout: 5000 }).trim();
|
|
4924
|
+
if (!password) password = null;
|
|
4925
|
+
}
|
|
4926
|
+
if (password) {
|
|
4927
|
+
console.log(chalk.green(" \u2713 Auto-unlocked from boot.key"));
|
|
4928
|
+
}
|
|
4929
|
+
} catch {
|
|
4930
|
+
password = null; // decrypt failed — fall through to locked mode
|
|
4931
|
+
}
|
|
4932
|
+
}
|
|
4933
|
+
}
|
|
4934
|
+
|
|
4906
4935
|
const tunnelHostname = opts.tunnel || null;
|
|
4907
4936
|
const whitelist = opts.services
|
|
4908
4937
|
? opts.services.split(",").map(s => s.trim().toLowerCase())
|