@lifeaitools/clauth 1.8.0 → 1.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli/commands/serve.js +16 -3
- package/package.json +1 -1
package/cli/commands/serve.js
CHANGED
|
@@ -492,7 +492,7 @@ function openBrowser(url) {
|
|
|
492
492
|
}
|
|
493
493
|
|
|
494
494
|
// ── Dashboard HTML ───────────────────────────────────────────
|
|
495
|
-
function dashboardHtml(port, whitelist, isStaged = false) {
|
|
495
|
+
function dashboardHtml(port, whitelist, isStaged = false, initWriteToken = null) {
|
|
496
496
|
return `<!DOCTYPE html>
|
|
497
497
|
<html lang="en">
|
|
498
498
|
<head>
|
|
@@ -1001,7 +1001,9 @@ function renderSetPanel(name) {
|
|
|
1001
1001
|
}
|
|
1002
1002
|
|
|
1003
1003
|
// ── Boot: check lock state ──────────────────
|
|
1004
|
-
|
|
1004
|
+
// Injected by the daemon when it serves the page on an unlocked vault, so a
|
|
1005
|
+
// fresh load (incl. when auto-unlocked via --pw/boot.key) is write-ready.
|
|
1006
|
+
let writeToken = ${JSON.stringify(initWriteToken)};
|
|
1005
1007
|
|
|
1006
1008
|
function writeHeaders(extra) {
|
|
1007
1009
|
if (!writeToken) throw new Error("Write access requires password unlock in this browser session.");
|
|
@@ -3447,8 +3449,19 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
|
|
|
3447
3449
|
|
|
3448
3450
|
// GET / — built-in web dashboard
|
|
3449
3451
|
if (method === "GET" && reqPath === "/") {
|
|
3452
|
+
// When unlocked, ensure a non-expired write session exists and hand its
|
|
3453
|
+
// token to the page so the dashboard is write-ready on load — fixes the
|
|
3454
|
+
// --pw/boot.key auto-unlock case where the page never saw the unlock
|
|
3455
|
+
// screen and so held no write token. (Consistent with the existing trust
|
|
3456
|
+
// model: /v/<service> already serves raw credentials to localhost when
|
|
3457
|
+
// unlocked, so a same-origin write token is no broader.)
|
|
3458
|
+
let initWriteToken = null;
|
|
3459
|
+
if (password) {
|
|
3460
|
+
if (!writeSession || Date.now() > writeSession.expiresAt) writeSession = makeWriteToken();
|
|
3461
|
+
initWriteToken = writeSession.token;
|
|
3462
|
+
}
|
|
3450
3463
|
res.writeHead(200, { "Content-Type": "text/html", ...CORS });
|
|
3451
|
-
return res.end(dashboardHtml(port, whitelist, isStaged));
|
|
3464
|
+
return res.end(dashboardHtml(port, whitelist, isStaged, initWriteToken));
|
|
3452
3465
|
}
|
|
3453
3466
|
|
|
3454
3467
|
// GET /ping
|