npm - @lifeaitools/clauth - Versions diffs - 1.9.1 → 1.9.2 - Mend

@lifeaitools/clauth 1.9.1 → 1.9.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/cli/commands/serve.js +185 -91
package/package.json +1 -1
package/scripts/bin/bootstrap-linux +0 -0
package/scripts/bin/bootstrap-macos +0 -0
package/scripts/bin/bootstrap-win.exe +0 -0
package/supabase/functions/auth-vault/index.ts +127 -126

package/cli/commands/serve.js CHANGED Viewed

@@ -1148,44 +1148,93 @@ const OAUTH_IMPORT = {
   }
 };
-function renderSetPanel(name) {
+function serviceDomId(name) {
+  return encodeURIComponent(String(name)).replace(/%/g, "_");
+}
+function htmlEscape(value) {
+  return String(value ?? "")
+    .replace(/&/g, "&amp;")
+    .replace(/</g, "&lt;")
+    .replace(/>/g, "&gt;")
+    .replace(/"/g, "&quot;")
+    .replace(/'/g, "&#39;");
+}
+function jsArg(value) {
+  return JSON.stringify(String(value ?? ""))
+    .replace(/</g, "\\u003c")
+    .replace(/>/g, "\\u003e")
+    .replace(/&/g, "\\u0026")
+    .replace(/'/g, "\\u0027");
+}
+function renderSetPanel(serviceOrName) {
+  const service = typeof serviceOrName === "object" && serviceOrName ? serviceOrName : { name: serviceOrName };
+  const name = service.name;
+  const keyType = String(service.key_type || "").toLowerCase();
+  const id = serviceDomId(name);
+  const arg = jsArg(name);
+  const displayName = htmlEscape(name);
   const imp = OAUTH_IMPORT[name];
   if (imp) {
     const extraHtml = imp.extra.map(f => \`
       <div class="oauth-field">
         <label class="oauth-label">\${f.label}</label>
         \${f.hint ? \`<div class="oauth-hint">\${f.hint}</div>\` : ""}
-        <input type="text" class="oauth-input" id="ofield-\${name}-\${f.key}" placeholder="Paste \${f.label}…" spellcheck="false" autocomplete="off">
+        <input type="text" class="oauth-input" id="ofield-\${id}-\${f.key}" placeholder="Paste \${htmlEscape(f.label)}…" spellcheck="false" autocomplete="off">
       </div>
     \`).join("");
     return \`
-      <div class="set-panel" id="set-panel-\${name}">
-        <label>Set <strong>\${name}</strong> credentials — paste directly from Google, never in chat</label>
+      <div class="set-panel" id="set-panel-\${id}">
+        <label>Set <strong>\${displayName}</strong> credentials — paste directly from Google, never in chat</label>
         <div class="oauth-fields">
           <div class="oauth-field">
             <label class="oauth-label">OAuth JSON from Google Cloud Console</label>
             <div class="oauth-hint">Download from APIs & Services → Credentials → your OAuth client → ↓ Download JSON</div>
-            <textarea class="set-input" id="ofield-\${name}-json" placeholder='{"installed":{"client_id":"…","client_secret":"…",...}}' spellcheck="false" rows="3"></textarea>
+            <textarea class="set-input" id="ofield-\${id}-json" placeholder='{"installed":{"client_id":"…","client_secret":"…",...}}' spellcheck="false" rows="3"></textarea>
           </div>
           \${extraHtml}
         </div>
         <div class="set-foot">
-          <button class="btn btn-save" onclick="saveKey('\${name}')">Save</button>
-          <button class="btn btn-cancel" onclick="toggleSet('\${name}')">Cancel</button>
-          <span class="set-msg" id="set-msg-\${name}"></span>
+          <button class="btn btn-save" type="button" onclick='saveKey(\${arg})'>Save</button>
+          <button class="btn btn-cancel" type="button" onclick='toggleSet(\${arg})'>Cancel</button>
+          <span class="set-msg" id="set-msg-\${id}"></span>
+        </div>
+      </div>
+    \`;
+  }
+  if (keyType === "keypair") {
+    return \`
+      <div class="set-panel" id="set-panel-\${id}">
+        <label>New user/pass pair for <strong>\${displayName}</strong> — paste here, never in chat</label>
+        <div class="oauth-fields">
+          <div class="oauth-field">
+            <label class="oauth-label">User / Key</label>
+            <input type="text" class="oauth-input" id="kp-key-\${id}" placeholder="Username, key id, access key id…" spellcheck="false" autocomplete="off">
+          </div>
+          <div class="oauth-field">
+            <label class="oauth-label">Password / Secret</label>
+            <textarea class="set-input" id="kp-value-\${id}" placeholder="Password, API key, private key, secret…" spellcheck="false" rows="3"></textarea>
+          </div>
+        </div>
+        <div class="set-foot">
+          <button class="btn btn-save" type="button" onclick='saveKey(\${arg})'>Save</button>
+          <button class="btn btn-cancel" type="button" onclick='toggleSet(\${arg})'>Cancel</button>
+          <span class="set-msg" id="set-msg-\${id}"></span>
         </div>
       </div>
     \`;
   }
   return \`
-    <div class="set-panel" id="set-panel-\${name}">
-      <label>New value for <strong>\${name}</strong> — paste here, never in chat</label>
-      <textarea class="set-input" id="set-input-\${name}" placeholder="\${SERVICE_HINTS[name] || "Paste credential…"}" spellcheck="false"></textarea>
-      \${SERVICE_HINTS[name] ? \`<div style="font-size:.72rem;color:#475569;margin-top:4px;font-family:'Courier New',monospace">\${SERVICE_HINTS[name]}</div>\` : ""}
+    <div class="set-panel" id="set-panel-\${id}">
+      <label>New value for <strong>\${displayName}</strong> — paste here, never in chat</label>
+      <textarea class="set-input" id="set-input-\${id}" placeholder="\${htmlEscape(SERVICE_HINTS[name] || "Paste credential…")}" spellcheck="false"></textarea>
+      \${SERVICE_HINTS[name] ? \`<div style="font-size:.72rem;color:#475569;margin-top:4px;font-family:'Courier New',monospace">\${htmlEscape(SERVICE_HINTS[name])}</div>\` : ""}
       <div class="set-foot">
-        <button class="btn btn-save" onclick="saveKey('\${name}')">Save</button>
-        <button class="btn btn-cancel" onclick="toggleSet('\${name}')">Cancel</button>
-        <span class="set-msg" id="set-msg-\${name}"></span>
+        <button class="btn btn-save" type="button" onclick='saveKey(\${arg})'>Save</button>
+        <button class="btn btn-cancel" type="button" onclick='toggleSet(\${arg})'>Cancel</button>
+        <span class="set-msg" id="set-msg-\${id}"></span>
       </div>
     </div>
   \`;
@@ -1626,60 +1675,64 @@ function renderServiceGrid(services) {
       : '<p class="loading">No services in this group.</p>';
     return;
   }
-  grid.innerHTML = filtered.map(s => \`
+  grid.innerHTML = filtered.map(s => {
+    const id = serviceDomId(s.name);
+    const nameArg = jsArg(s.name);
+    return \`
     <div class="card">
       <div style="display:flex;align-items:flex-start;justify-content:space-between">
         <div style="flex:1;min-width:0">
           <div style="display:flex;align-items:baseline;gap:8px;flex-wrap:wrap">
-            <span class="card-name" id="label-display-\${s.name}">\${s.label && s.label !== s.name ? s.label : s.name}</span>
-            <code style="font-family:'Courier New',monospace;font-size:.75rem;color:#64748b;background:rgba(100,116,139,.1);padding:1px 6px;border-radius:3px;letter-spacing:.3px">\${s.name}</code>
+            <span class="card-name" id="label-display-\${id}">\${htmlEscape(s.label && s.label !== s.name ? s.label : s.name)}</span>
+            <code style="font-family:'Courier New',monospace;font-size:.75rem;color:#64748b;background:rgba(100,116,139,.1);padding:1px 6px;border-radius:3px;letter-spacing:.3px">\${htmlEscape(s.name)}</code>
           </div>
           <div style="display:flex;align-items:center;gap:6px;margin-top:2px">
-            <div class="card-type">\${s.key_type || "secret"}</div>
-            <span class="svc-badge \${s.enabled === false ? "off" : "on"}" id="badge-\${s.name}">\${s.enabled === false ? "disabled" : "enabled"}</span>
-            <span class="expiry-badge" id="expiry-\${s.name}" style="font-size:.65rem;border-radius:3px;padding:1px 6px;display:none"></span>
-            \${s.project ? \`<span style="font-size:.68rem;color:#3b82f6;background:rgba(59,130,246,.1);border:1px solid rgba(59,130,246,.2);border-radius:3px;padding:1px 6px">\${s.project}</span>\` : ""}
+            <div class="card-type">\${htmlEscape(s.key_type || "secret")}</div>
+            <span class="svc-badge \${s.enabled === false ? "off" : "on"}" id="badge-\${id}">\${s.enabled === false ? "disabled" : "enabled"}</span>
+            <span class="expiry-badge" id="expiry-\${id}" style="font-size:.65rem;border-radius:3px;padding:1px 6px;display:none"></span>
+            \${s.project ? \`<span style="font-size:.68rem;color:#3b82f6;background:rgba(59,130,246,.1);border:1px solid rgba(59,130,246,.2);border-radius:3px;padding:1px 6px">\${htmlEscape(s.project)}</span>\` : ""}
           </div>
-          \${s.description ? \`<div style="font-size:.78rem;color:#64748b;margin-top:4px;line-height:1.3">\${s.description}</div>\` : ""}
+          \${s.description ? \`<div style="font-size:.78rem;color:#64748b;margin-top:4px;line-height:1.3">\${htmlEscape(s.description)}</div>\` : ""}
           \${KEY_URLS[s.name] ? \`<a class="card-getkey" href="\${KEY_URLS[s.name]}" target="_blank" rel="noopener">↗ Get / rotate key</a>\` : ""}
-          \${(EXTRA_LINKS[s.name] || []).map(l => \`<a class="card-getkey" href="\${l.url}" target="_blank" rel="noopener" style="margin-left:0">\${l.label}</a>\`).join("")}
+          \${(EXTRA_LINKS[s.name] || []).map(l => \`<a class="card-getkey" href="\${l.url}" target="_blank" rel="noopener" style="margin-left:0">\${htmlEscape(l.label)}</a>\`).join("")}
         </div>
-        <div class="status-dot" id="sdot-\${s.name}" title=""></div>
+        <div class="status-dot" id="sdot-\${id}" title=""></div>
       </div>
-      <div class="card-value" id="val-\${s.name}"></div>
+      <div class="card-value" id="val-\${id}"></div>
       <div class="card-actions">
-        <button class="btn btn-reveal" onclick="reveal('\${s.name}', this)">Reveal</button>
-        <button class="btn btn-copy" id="copybtn-\${s.name}" style="display:none" onclick="copyKey('\${s.name}')">Copy</button>
-        <button class="btn btn-set" onclick="toggleSet('\${s.name}')">Set</button>
-        <button class="btn-project" onclick="toggleProjectEdit('\${s.name}')">\${s.project ? "✎ Project" : "+ Project"}</button>
-        <button class="btn \${s.enabled === false ? "btn-enable" : "btn-disable"}" id="togbtn-\${s.name}" onclick="toggleService('\${s.name}')">\${s.enabled === false ? "Enable" : "Disable"}</button>
-        <button class="btn-rotate" id="rotbtn-\${s.name}" style="display:none;background:#0e7490;border:1px solid #06b6d4;color:#cffafe;font-size:.75rem;padding:3px 8px;border-radius:4px;cursor:pointer" onclick="rotateKey('\${s.name}')">↻ Rotate</button>
-        <button class="btn-rename" onclick="toggleLabelEdit('\${s.name}')" title="Edit display label">✏️</button>
-        <button class="btn-delete" onclick="deleteService('\${s.name}')" title="Delete service">✕</button>
+        <button class="btn btn-reveal" type="button" onclick='reveal(\${nameArg}, this)'>Reveal</button>
+        <button class="btn btn-copy" id="copybtn-\${id}" style="display:none" type="button" onclick='copyKey(\${nameArg})'>Copy</button>
+        <button class="btn btn-set" type="button" onclick='toggleSet(\${nameArg})'>Set</button>
+        <button class="btn-project" type="button" onclick='toggleProjectEdit(\${nameArg})'>\${s.project ? "✎ Project" : "+ Project"}</button>
+        <button class="btn \${s.enabled === false ? "btn-enable" : "btn-disable"}" id="togbtn-\${id}" type="button" onclick='toggleService(\${nameArg})'>\${s.enabled === false ? "Enable" : "Disable"}</button>
+        <button class="btn-rotate" id="rotbtn-\${id}" style="display:none;background:#0e7490;border:1px solid #06b6d4;color:#cffafe;font-size:.75rem;padding:3px 8px;border-radius:4px;cursor:pointer" type="button" onclick='rotateKey(\${nameArg})'>↻ Rotate</button>
+        <button class="btn-rename" type="button" onclick='toggleLabelEdit(\${nameArg})' title="Edit display label">✏️</button>
+        <button class="btn-delete" type="button" onclick='deleteService(\${nameArg})' title="Delete service">✕</button>
       </div>
-      <div class="rename-panel" id="rn-\${s.name}">
+      <div class="rename-panel" id="rn-\${id}">
         <div style="display:flex;align-items:center;gap:8px;margin-bottom:4px">
           <span style="font-size:.72rem;color:#64748b">Edit label for</span>
-          <code style="font-family:'Courier New',monospace;font-size:.75rem;color:#94a3b8;background:rgba(100,116,139,.1);padding:1px 5px;border-radius:3px">\${s.name}</code>
+          <code style="font-family:'Courier New',monospace;font-size:.75rem;color:#94a3b8;background:rgba(100,116,139,.1);padding:1px 5px;border-radius:3px">\${htmlEscape(s.name)}</code>
           <span style="font-size:.68rem;color:#475569">(slug unchanged)</span>
         </div>
         <div style="display:flex;gap:6px;align-items:center">
-          <input class="rename-input" id="rn-input-\${s.name}" value="\${s.label || s.name}" spellcheck="false" autocomplete="off" placeholder="Human-readable label…"
-            onkeydown="if(event.key==='Enter')saveLabel('\${s.name}');if(event.key==='Escape')toggleLabelEdit('\${s.name}')">
-          <button class="btn" onclick="saveLabel('\${s.name}')" style="padding:4px 10px;font-size:.8rem">Save</button>
-          <button class="btn" onclick="toggleLabelEdit('\${s.name}')" style="padding:4px 10px;font-size:.8rem;background:#1e293b">Cancel</button>
-          <span class="rename-msg" id="rn-msg-\${s.name}"></span>
+          <input class="rename-input" id="rn-input-\${id}" value="\${htmlEscape(s.label || s.name)}" spellcheck="false" autocomplete="off" placeholder="Human-readable label…"
+            onkeydown='if(event.key==="Enter")saveLabel(\${nameArg});if(event.key==="Escape")toggleLabelEdit(\${nameArg})'>
+          <button class="btn" type="button" onclick='saveLabel(\${nameArg})' style="padding:4px 10px;font-size:.8rem">Save</button>
+          <button class="btn" type="button" onclick='toggleLabelEdit(\${nameArg})' style="padding:4px 10px;font-size:.8rem;background:#1e293b">Cancel</button>
+          <span class="rename-msg" id="rn-msg-\${id}"></span>
         </div>
       </div>
-      <div class="project-edit" id="pe-\${s.name}">
-        <input type="text" id="pe-input-\${s.name}" value="\${s.project || ""}" placeholder="Project name…" spellcheck="false" autocomplete="off">
-        <button onclick="saveProject('\${s.name}')">Save</button>
-        <button onclick="clearProject('\${s.name}')">Clear</button>
-        <span class="pe-msg" id="pe-msg-\${s.name}"></span>
+      <div class="project-edit" id="pe-\${id}">
+        <input type="text" id="pe-input-\${id}" value="\${htmlEscape(s.project || "")}" placeholder="Project name…" spellcheck="false" autocomplete="off">
+        <button type="button" onclick='saveProject(\${nameArg})'>Save</button>
+        <button type="button" onclick='clearProject(\${nameArg})'>Clear</button>
+        <span class="pe-msg" id="pe-msg-\${id}"></span>
       </div>
-      \${renderSetPanel(s.name)}
+      \${renderSetPanel(s)}
     </div>
-  \`).join("");
+  \`;
+  }).join("");
 }
 async function loadServices() {
@@ -1733,8 +1786,9 @@ async function loadExpiry() {
     const data = await fetch(BASE + "/expiry").then(r => r.json());
     if (!data.services) return;
     for (const [name, info] of Object.entries(data.services)) {
-      const el = document.getElementById("expiry-" + name);
-      const rotBtn = document.getElementById("rotbtn-" + name);
+      const id = serviceDomId(name);
+      const el = document.getElementById("expiry-" + id);
+      const rotBtn = document.getElementById("rotbtn-" + id);
       if (!el) continue;
       // Show rotate button for auto-capable services
@@ -1780,10 +1834,10 @@ async function loadExpiry() {
 async function rotateKey(name) {
   if (!confirm("Rotate " + name + " key?\\n\\nA new key will be created and the old one deleted.")) return;
-  const rotBtn = document.getElementById("rotbtn-" + name);
+  const rotBtn = document.getElementById("rotbtn-" + serviceDomId(name));
   if (rotBtn) { rotBtn.disabled = true; rotBtn.textContent = "rotating…"; }
   try {
-    const r = await fetch(BASE + "/rotate/" + name, { method: "POST", headers: writeHeaders() }).then(r => r.json());
+    const r = await fetch(BASE + "/rotate/" + encodeURIComponent(name), { method: "POST", headers: writeHeaders() }).then(r => r.json());
     if (r.ok) {
       if (rotBtn) { rotBtn.textContent = "✓ rotated"; rotBtn.style.background = "#166534"; }
       loadExpiry(); // refresh badges
@@ -1802,7 +1856,7 @@ async function setExpiry(name) {
   if (!days) return;
   const expiresAt = new Date(Date.now() + parseInt(days) * 86400000).toISOString();
   try {
-    await fetch(BASE + "/set-expiry/" + name, {
+    await fetch(BASE + "/set-expiry/" + encodeURIComponent(name), {
       method: "POST",
       headers: writeHeaders({ "Content-Type": "application/json" }),
       body: JSON.stringify({ expires_at: expiresAt, rotation_days: parseInt(days) }),
@@ -1813,15 +1867,17 @@ async function setExpiry(name) {
 // ── Reveal ──────────────────────────────────
 async function reveal(name, btn) {
-  const valEl   = document.getElementById("val-" + name);
-  const copyBtn = document.getElementById("copybtn-" + name);
+  const id = serviceDomId(name);
+  const valEl   = document.getElementById("val-" + id);
+  const copyBtn = document.getElementById("copybtn-" + id);
+  if (!valEl || !copyBtn) return;
   if (valEl.style.display === "block") {
     valEl.style.display = "none"; copyBtn.style.display = "none";
     btn.textContent = "Reveal"; return;
   }
   valEl.textContent = "fetching…"; valEl.style.display = "block"; btn.textContent = "Hide";
   try {
-    const r = await fetch(BASE + "/get/" + name).then(r => r.json());
+    const r = await fetch(BASE + "/get/" + encodeURIComponent(name)).then(r => r.json());
     if (r.locked) { showLockScreen(); return; }
     if (r.error) throw new Error(r.error);
     const imp = OAUTH_IMPORT[name];
@@ -1843,30 +1899,34 @@ async function reveal(name, btn) {
 }
 async function copyKey(name) {
-  const val = document.getElementById("val-" + name).textContent;
+  const id = serviceDomId(name);
+  const val = document.getElementById("val-" + id).textContent;
   try {
     await navigator.clipboard.writeText(val);
-    const btn = document.getElementById("copybtn-" + name);
+    const btn = document.getElementById("copybtn-" + id);
     btn.textContent = "Copied!"; setTimeout(() => btn.textContent = "Copy", 1500);
   } catch {}
 }
 // ── Project edit ────────────────────────────
 function toggleProjectEdit(name) {
-  const panel = document.getElementById("pe-" + name);
+  const id = serviceDomId(name);
+  const panel = document.getElementById("pe-" + id);
+  if (!panel) return;
   const open = panel.classList.contains("open");
   panel.classList.toggle("open");
   if (!open) {
     const svc = allServices.find(s => s.name === name);
-    document.getElementById("pe-input-" + name).value = svc ? (svc.project || "") : "";
-    document.getElementById("pe-msg-" + name).textContent = "";
-    document.getElementById("pe-input-" + name).focus();
+    document.getElementById("pe-input-" + id).value = svc ? (svc.project || "") : "";
+    document.getElementById("pe-msg-" + id).textContent = "";
+    document.getElementById("pe-input-" + id).focus();
   }
 }
 async function saveProject(name) {
-  const input = document.getElementById("pe-input-" + name);
-  const msg = document.getElementById("pe-msg-" + name);
+  const id = serviceDomId(name);
+  const input = document.getElementById("pe-input-" + id);
+  const msg = document.getElementById("pe-msg-" + id);
   const project = input.value.trim();
   msg.textContent = "Saving…"; msg.style.color = "#94a3b8";
   try {
@@ -1888,27 +1948,30 @@ async function saveProject(name) {
 }
 async function clearProject(name) {
-  document.getElementById("pe-input-" + name).value = "";
+  document.getElementById("pe-input-" + serviceDomId(name)).value = "";
   await saveProject(name);
 }
 // ── Rename service ───────────────────────────
 function toggleLabelEdit(name) {
-  const panel = document.getElementById("rn-" + name);
+  const id = serviceDomId(name);
+  const panel = document.getElementById("rn-" + id);
+  if (!panel) return;
   const open  = panel.style.display === "block";
   panel.style.display = open ? "none" : "block";
   if (!open) {
-    const inp = document.getElementById("rn-input-" + name);
+    const inp = document.getElementById("rn-input-" + id);
     const svc = allServices.find(s => s.name === name);
     inp.value = (svc && svc.label) ? svc.label : name;
     inp.focus(); inp.select();
-    document.getElementById("rn-msg-" + name).textContent = "";
+    document.getElementById("rn-msg-" + id).textContent = "";
   }
 }
 async function saveLabel(name) {
-  const inp  = document.getElementById("rn-input-" + name);
-  const msg  = document.getElementById("rn-msg-" + name);
+  const id = serviceDomId(name);
+  const inp  = document.getElementById("rn-input-" + id);
+  const msg  = document.getElementById("rn-msg-" + id);
   const newLabel = inp.value.trim();
   if (!newLabel) { toggleLabelEdit(name); return; }
   const svc = allServices.find(s => s.name === name);
@@ -1925,7 +1988,7 @@ async function saveLabel(name) {
     msg.style.color = "#4ade80"; msg.textContent = "✓ Label updated";
     // Update in-memory and DOM immediately
     if (svc) svc.label = newLabel;
-    const labelEl = document.getElementById("label-display-" + name);
+    const labelEl = document.getElementById("label-display-" + id);
     if (labelEl) labelEl.textContent = newLabel;
     setTimeout(() => { toggleLabelEdit(name); }, 800);
   } catch (e) {
@@ -1941,7 +2004,7 @@ async function saveRename(oldName) { await saveLabel(oldName); }
 async function deleteService(name) {
   if (!confirm(\`Delete service "\${name}"? This cannot be undone.\`)) return;
   try {
-    const r = await fetch(BASE + "/delete/" + name, { method: "POST", headers: writeHeaders() }).then(r => r.json());
+    const r = await fetch(BASE + "/delete/" + encodeURIComponent(name), { method: "POST", headers: writeHeaders() }).then(r => r.json());
     if (r.locked) { showLockScreen(false); return; }
     if (r.error) throw new Error(r.error);
     loadServices();
@@ -1952,31 +2015,46 @@ async function deleteService(name) {
 // ── Set key ─────────────────────────────────
 function toggleSet(name) {
-  const panel = document.getElementById("set-panel-" + name);
-  const msg   = document.getElementById("set-msg-" + name);
+  const id = serviceDomId(name);
+  const panel = document.getElementById("set-panel-" + id);
+  const msg   = document.getElementById("set-msg-" + id);
+  if (!panel) return;
   const open  = panel.style.display === "block";
   panel.style.display = open ? "none" : "block";
   if (!open) {
     if (msg) msg.textContent = "";
     const imp = OAUTH_IMPORT[name];
     if (imp) {
-      const jsonEl = document.getElementById("ofield-" + name + "-json");
+      const jsonEl = document.getElementById("ofield-" + id + "-json");
       if (jsonEl) { jsonEl.value = ""; jsonEl.focus(); }
-      imp.extra.forEach(f => { const el = document.getElementById("ofield-" + name + "-" + f.key); if (el) el.value = ""; });
+      imp.extra.forEach(f => { const el = document.getElementById("ofield-" + id + "-" + f.key); if (el) el.value = ""; });
+    } else if (getServiceKeyType(name) === "keypair") {
+      const keyEl = document.getElementById("kp-key-" + id);
+      const valueEl = document.getElementById("kp-value-" + id);
+      if (keyEl) { keyEl.value = ""; keyEl.focus(); }
+      if (valueEl) valueEl.value = "";
     } else {
-      const input = document.getElementById("set-input-" + name);
+      const input = document.getElementById("set-input-" + id);
       if (input) { input.value = ""; input.focus(); }
     }
   }
 }
+function getServiceKeyType(name) {
+  const svc = allServices.find(s => s.name === name);
+  return String(svc?.key_type || "").toLowerCase();
+}
 async function saveKey(name) {
-  const msg = document.getElementById("set-msg-" + name);
+  const id = serviceDomId(name);
+  const msg = document.getElementById("set-msg-" + id);
+  if (!msg) return;
   const imp = OAUTH_IMPORT[name];
+  const keyType = getServiceKeyType(name);
   let value;
   if (imp) {
-    const jsonEl = document.getElementById("ofield-" + name + "-json");
+    const jsonEl = document.getElementById("ofield-" + id + "-json");
     const raw = jsonEl ? jsonEl.value.trim() : "";
     if (!raw) { msg.className = "set-msg fail"; msg.textContent = "Paste the OAuth JSON first."; return; }
     let parsed;
@@ -1989,21 +2067,29 @@ async function saveKey(name) {
       obj[k] = src[k];
     }
     for (const f of imp.extra) {
-      const el = document.getElementById("ofield-" + name + "-" + f.key);
+      const el = document.getElementById("ofield-" + id + "-" + f.key);
       const v = el ? el.value.trim() : "";
       if (!v) { msg.className = "set-msg fail"; msg.textContent = f.label + " is required."; return; }
       obj[f.key] = v;
     }
     value = JSON.stringify(obj);
+  } else if (keyType === "keypair") {
+    const keyEl = document.getElementById("kp-key-" + id);
+    const valueEl = document.getElementById("kp-value-" + id);
+    const user = keyEl ? keyEl.value.trim() : "";
+    const pass = valueEl ? valueEl.value : "";
+    if (!user) { msg.className = "set-msg fail"; msg.textContent = "User / key is required."; return; }
+    if (!pass.trim()) { msg.className = "set-msg fail"; msg.textContent = "Password / secret is required."; return; }
+    value = JSON.stringify({ user, pass, username: user, password: pass, key: user, value: pass });
   } else {
-    const input = document.getElementById("set-input-" + name);
+    const input = document.getElementById("set-input-" + id);
     value = input ? input.value : "";
     if (!value.trim()) { msg.className = "set-msg fail"; msg.textContent = "Value is empty."; return; }
   }
   msg.className = "set-msg"; msg.textContent = "Saving…";
   try {
-    const r = await fetch(BASE + "/set/" + name, {
+    const r = await fetch(BASE + "/set/" + encodeURIComponent(name), {
       method: "POST",
       headers: writeHeaders({ "Content-Type": "application/json" }),
       body: JSON.stringify({ value })
@@ -2013,17 +2099,23 @@ async function saveKey(name) {
     if (r.error) throw new Error(r.error);
     msg.className = "set-msg ok"; msg.textContent = "✓ Saved";
     if (imp) {
-      const jsonEl = document.getElementById("ofield-" + name + "-json");
+      const jsonEl = document.getElementById("ofield-" + id + "-json");
       if (jsonEl) jsonEl.value = "";
-      imp.extra.forEach(f => { const el = document.getElementById("ofield-" + name + "-" + f.key); if (el) el.value = ""; });
+      imp.extra.forEach(f => { const el = document.getElementById("ofield-" + id + "-" + f.key); if (el) el.value = ""; });
+    } else if (keyType === "keypair") {
+      const keyEl = document.getElementById("kp-key-" + id);
+      const valueEl = document.getElementById("kp-value-" + id);
+      if (keyEl) keyEl.value = "";
+      if (valueEl) valueEl.value = "";
     } else {
-      const inp = document.getElementById("set-input-" + name);
+      const inp = document.getElementById("set-input-" + id);
       if (inp) inp.value = "";
     }
-    const dot = document.getElementById("sdot-" + name);
+    const dot = document.getElementById("sdot-" + id);
     if (dot) { dot.className = "status-dot"; dot.title = ""; }
     setTimeout(() => {
-      document.getElementById("set-panel-" + name).style.display = "none";
+      const panel = document.getElementById("set-panel-" + id);
+      if (panel) panel.style.display = "none";
       msg.textContent = "";
     }, 1800);
   } catch (e) {
@@ -2033,15 +2125,17 @@ async function saveKey(name) {
 // ── Enable / Disable service ────────────────
 async function toggleService(name) {
-  const badge  = document.getElementById("badge-" + name);
-  const btn    = document.getElementById("togbtn-" + name);
+  const id = serviceDomId(name);
+  const badge  = document.getElementById("badge-" + id);
+  const btn    = document.getElementById("togbtn-" + id);
+  if (!badge || !btn) return;
   const currently = badge.classList.contains("on");
   const newState  = !currently;
   btn.disabled = true; btn.textContent = "…";
   try {
-    const r = await fetch(BASE + "/toggle/" + name, {
+    const r = await fetch(BASE + "/toggle/" + encodeURIComponent(name), {
       method: "POST",
       headers: writeHeaders({ "Content-Type": "application/json" }),
       body: JSON.stringify({ enabled: newState })
@@ -2097,7 +2191,7 @@ async function checkAll() {
         }
         continue;
       }
-      const dot = document.getElementById("sdot-" + name);
+      const dot = document.getElementById("sdot-" + serviceDomId(name));
       if (!dot) continue;
       if (result.ok) {
         dot.className = "status-dot ok"; dot.title = "OK";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lifeaitools/clauth",
-  "version": "1.9.1",
+  "version": "1.9.2",
   "description": "Hardware-bound credential vault for the LIFEAI infrastructure stack",
   "type": "module",
   "bin": {

package/scripts/bin/bootstrap-linux CHANGED Viewed

Binary file

package/scripts/bin/bootstrap-macos CHANGED Viewed

Binary file

package/scripts/bin/bootstrap-win.exe CHANGED Viewed

Binary file

package/supabase/functions/auth-vault/index.ts CHANGED Viewed

@@ -12,36 +12,36 @@ const ALLOWED_IPS: string[] = (Deno.env.get("CLAUTH_ALLOWED_IPS") || "")
   .split(",").map(s => s.trim()).filter(Boolean);
 const RATE_LIMIT_MAX    = 30;
-const RATE_LIMIT_WINDOW = 60;
-const REPLAY_WINDOW_MS  = 5 * 60 * 1000;
-const MAX_FAIL_COUNT    = 5;
-const DEFAULT_INSTALL_ID = "default";
+const RATE_LIMIT_WINDOW = 60;
+const REPLAY_WINDOW_MS  = 5 * 60 * 1000;
+const MAX_FAIL_COUNT    = 5;
+const DEFAULT_INSTALL_ID = "default";
-async function hmacSha256(key: string, message: string): Promise<string> {
+async function hmacSha256(key: string, message: string): Promise<string> {
   const cryptoKey = await crypto.subtle.importKey(
     "raw", new TextEncoder().encode(key),
     { name: "HMAC", hash: "SHA-256" }, false, ["sign"]
   );
   const sig = await crypto.subtle.sign("HMAC", cryptoKey, new TextEncoder().encode(message));
   return Array.from(new Uint8Array(sig)).map(b => b.toString(16).padStart(2, "0")).join("");
-}
-async function sha256Hex(value: string): Promise<string> {
-  const digest = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(value));
-  return Array.from(new Uint8Array(digest)).map(b => b.toString(16).padStart(2, "0")).join("");
-}
-function randomToken(bytes = 24): string {
-  const data = new Uint8Array(bytes);
-  crypto.getRandomValues(data);
-  return Array.from(data).map(b => b.toString(16).padStart(2, "0")).join("");
-}
-function normalizeInstallId(value: unknown): string {
-  const text = String(value || "").trim().toLowerCase();
-  const normalized = text.replace(/[^a-z0-9_.-]+/g, "-").replace(/^-+|-+$/g, "");
-  return normalized || DEFAULT_INSTALL_ID;
-}
+}
+async function sha256Hex(value: string): Promise<string> {
+  const digest = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(value));
+  return Array.from(new Uint8Array(digest)).map(b => b.toString(16).padStart(2, "0")).join("");
+}
+function randomToken(bytes = 24): string {
+  const data = new Uint8Array(bytes);
+  crypto.getRandomValues(data);
+  return Array.from(data).map(b => b.toString(16).padStart(2, "0")).join("");
+}
+function normalizeInstallId(value: unknown): string {
+  const text = String(value || "").trim().toLowerCase();
+  const normalized = text.replace(/[^a-z0-9_.-]+/g, "-").replace(/^-+|-+$/g, "");
+  return normalized || DEFAULT_INSTALL_ID;
+}
 function getClientIP(req: Request): string {
   return req.headers.get("cf-connecting-ip") ||
@@ -71,23 +71,23 @@ async function validateHMAC(sb: any, body: any): Promise<{ valid: boolean; reaso
   const now = Date.now();
   if (Math.abs(now - body.timestamp) > REPLAY_WINDOW_MS) return { valid: false, reason: "timestamp_expired" };
-  const { data: machine, error } = await sb.from("clauth_machines")
-    .select("hmac_seed_hash, enabled, fail_count, locked")
-    .eq("machine_hash", body.machine_hash).single();
+  const { data: machine, error } = await sb.from("clauth_machines")
+    .select("hmac_seed_hash, enabled, fail_count, locked")
+    .eq("machine_hash", body.machine_hash).single();
   if (error || !machine) return { valid: false, reason: "machine_not_found" };
   if (!machine.enabled)   return { valid: false, reason: "machine_disabled" };
   if (machine.locked)     return { valid: false, reason: "machine_locked" };
   const window   = Math.floor(body.timestamp / REPLAY_WINDOW_MS);
-  const message  = `${body.machine_hash}:${window}`;
-  const expected = await hmacSha256(body.password, message);
-  const seedHash = await sha256Hex(`seed:${body.machine_hash}:${body.password}`);
-  if (seedHash !== machine.hmac_seed_hash || expected !== body.token) {
-    const newCount   = (machine.fail_count || 0) + 1;
-    const shouldLock = newCount >= MAX_FAIL_COUNT;
-    await sb.from("clauth_machines")
+  const message  = `${body.machine_hash}:${window}`;
+  const expected = await hmacSha256(body.password, message);
+  const seedHash = await sha256Hex(`seed:${body.machine_hash}:${body.password}`);
+  if (seedHash !== machine.hmac_seed_hash || expected !== body.token) {
+    const newCount   = (machine.fail_count || 0) + 1;
+    const shouldLock = newCount >= MAX_FAIL_COUNT;
+    await sb.from("clauth_machines")
       .update({ fail_count: newCount, locked: shouldLock })
       .eq("machine_hash", body.machine_hash);
     return { valid: false, reason: shouldLock ? `machine_locked after ${newCount} failures` : `invalid_token (${newCount}/${MAX_FAIL_COUNT})` };
@@ -197,7 +197,7 @@ async function handleStatus(sb: any, body: any, mh: string) {
   return { services: services || [] };
 }
-async function handleChangePassword(sb: any, body: any, mh: string) {
+async function handleChangePassword(sb: any, body: any, mh: string) {
   const { new_hmac_seed_hash } = body;
   if (!new_hmac_seed_hash) return { error: "new_hmac_seed_hash required" };
   const { error } = await sb.from("clauth_machines")
@@ -206,91 +206,92 @@ async function handleChangePassword(sb: any, body: any, mh: string) {
   if (error) return { error: error.message };
   await auditLog(sb, mh, "system", "change-password", "success");
   return { success: true };
-}
-async function getMachineInstallId(sb: any, machine_hash: string): Promise<string> {
-  const { data: machine } = await sb.from("clauth_machines")
-    .select("install_id")
-    .eq("machine_hash", machine_hash)
-    .single();
-  return normalizeInstallId(machine?.install_id);
-}
-async function handleCreateEnrollment(sb: any, body: any, mh: string) {
-  const install_id = normalizeInstallId(body.install_id || await getMachineInstallId(sb, mh));
-  const ttl_minutes = Math.max(5, Math.min(Number(body.ttl_minutes || 60), 24 * 60));
-  const code = `ce_${randomToken(24)}`;
-  const token_hash = await sha256Hex(code);
-  const expires_at = new Date(Date.now() + ttl_minutes * 60 * 1000).toISOString();
-  const label = body.label ? String(body.label).slice(0, 120) : null;
-  const { error } = await sb.from("clauth_machine_enrollments").insert({
-    install_id,
-    token_hash,
-    label,
-    created_by_machine_hash: mh,
-    expires_at,
-  });
-  if (error) {
-    await auditLog(sb, mh, "system", "create-enrollment", "fail", error.message);
-    return { error: error.message };
-  }
-  await auditLog(sb, mh, "system", "create-enrollment", "success", `install_id=${install_id}`);
-  return { success: true, enrollment_code: code, install_id, expires_at, label };
-}
-async function handleRedeemEnrollment(sb: any, body: any) {
-  const { machine_hash, hmac_seed_hash, enrollment_code } = body;
-  if (!machine_hash || !hmac_seed_hash || !enrollment_code) {
-    return { error: "machine_hash, hmac_seed_hash, enrollment_code required" };
-  }
-  const token_hash = await sha256Hex(String(enrollment_code).trim());
-  const nowIso = new Date().toISOString();
-  const { data: enrollment, error: lookupError } = await sb.from("clauth_machine_enrollments")
-    .select("id, install_id, label, expires_at, consumed_at")
-    .eq("token_hash", token_hash)
-    .single();
-  if (lookupError || !enrollment) return { error: "enrollment_not_found" };
-  if (enrollment.consumed_at) return { error: "enrollment_already_used" };
-  if (new Date(enrollment.expires_at).getTime() < Date.now()) return { error: "enrollment_expired" };
-  const label = body.label || enrollment.label || null;
-  const install_id = normalizeInstallId(enrollment.install_id);
-  const { data: consumedRows, error: consumeError } = await sb.from("clauth_machine_enrollments")
-    .update({ consumed_at: nowIso, redeemed_by_machine_hash: machine_hash })
-    .eq("id", enrollment.id)
-    .is("consumed_at", null)
-    .select("id");
-  if (consumeError) return { error: consumeError.message };
-  if (!consumedRows || consumedRows.length !== 1) return { error: "enrollment_already_used" };
-  const { error: machineError } = await sb.from("clauth_machines").upsert(
-    { machine_hash, hmac_seed_hash, label, install_id, enabled: true, fail_count: 0, locked: false },
-    { onConflict: "machine_hash" }
-  );
-  if (machineError) return { error: machineError.message };
-  await auditLog(sb, machine_hash, "system", "redeem-enrollment", "success", `install_id=${install_id}`);
-  return { success: true, machine_hash, install_id };
-}
-async function handleRegisterMachine(sb: any, body: any) {
-  const { machine_hash, hmac_seed_hash, label, admin_token } = body;
-  if (body.enrollment_code || body.invite_code) {
-    return handleRedeemEnrollment(sb, { ...body, enrollment_code: body.enrollment_code || body.invite_code });
-  }
-  if (admin_token !== ADMIN_BOOTSTRAP_TOKEN) return { error: "invalid_admin_token" };
-  const install_id = normalizeInstallId(body.install_id);
-  const { error } = await sb.from("clauth_machines").upsert(
-    { machine_hash, hmac_seed_hash, label, install_id, enabled: true, fail_count: 0, locked: false },
-    { onConflict: "machine_hash" }
-  );
-  if (error) return { error: error.message };
-  return { success: true, machine_hash, install_id };
-}
+}
+async function getMachineInstallId(sb: any, machine_hash: string): Promise<string> {
+  const { data: machine } = await sb.from("clauth_machines")
+    .select("install_id")
+    .eq("machine_hash", machine_hash)
+    .single();
+  return normalizeInstallId(machine?.install_id);
+}
+async function handleCreateEnrollment(sb: any, body: any, mh: string) {
+  const install_id = normalizeInstallId(body.install_id || await getMachineInstallId(sb, mh));
+  const ttl_minutes = Math.max(5, Math.min(Number(body.ttl_minutes || 60), 24 * 60));
+  const code = `ce_${randomToken(24)}`;
+  const token_hash = await sha256Hex(code);
+  const expires_at = new Date(Date.now() + ttl_minutes * 60 * 1000).toISOString();
+  const label = body.label ? String(body.label).slice(0, 120) : null;
+  const { error } = await sb.from("clauth_machine_enrollments").insert({
+    install_id,
+    token_hash,
+    label,
+    created_by_machine_hash: mh,
+    expires_at,
+  });
+  if (error) {
+    await auditLog(sb, mh, "system", "create-enrollment", "fail", error.message);
+    return { error: error.message };
+  }
+  await auditLog(sb, mh, "system", "create-enrollment", "success", `install_id=${install_id}`);
+  return { success: true, enrollment_code: code, install_id, expires_at, label };
+}
+async function handleRedeemEnrollment(sb: any, body: any) {
+  const { machine_hash, hmac_seed_hash, enrollment_code } = body;
+  if (!machine_hash || !hmac_seed_hash || !enrollment_code) {
+    return { error: "machine_hash, hmac_seed_hash, enrollment_code required" };
+  }
+  const token_hash = await sha256Hex(String(enrollment_code).trim());
+  const nowIso = new Date().toISOString();
+  const { data: enrollment, error: lookupError } = await sb.from("clauth_machine_enrollments")
+    .select("id, install_id, label, expires_at, consumed_at")
+    .eq("token_hash", token_hash)
+    .single();
+  if (lookupError || !enrollment) return { error: "enrollment_not_found" };
+  if (enrollment.consumed_at) return { error: "enrollment_already_used" };
+  if (new Date(enrollment.expires_at).getTime() < Date.now()) return { error: "enrollment_expired" };
+  const label = body.label || enrollment.label || null;
+  const install_id = normalizeInstallId(enrollment.install_id);
+  const { error: machineError } = await sb.from("clauth_machines").upsert(
+    { machine_hash, hmac_seed_hash, label, install_id, enabled: true, fail_count: 0, locked: false },
+    { onConflict: "machine_hash" }
+  );
+  if (machineError) return { error: machineError.message };
+  const { data: consumedRows, error: consumeError } = await sb.from("clauth_machine_enrollments")
+    .update({ consumed_at: nowIso, redeemed_by_machine_hash: machine_hash })
+    .eq("id", enrollment.id)
+    .is("consumed_at", null)
+    .select("id");
+  if (consumeError) return { error: consumeError.message };
+  if (!consumedRows || consumedRows.length !== 1) return { error: "enrollment_already_used" };
+  await auditLog(sb, machine_hash, "system", "redeem-enrollment", "success", `install_id=${install_id}`);
+  return { success: true, machine_hash, install_id };
+}
+async function handleRegisterMachine(sb: any, body: any) {
+  const { machine_hash, hmac_seed_hash, label, admin_token } = body;
+  if (body.enrollment_code || body.invite_code) {
+    return handleRedeemEnrollment(sb, { ...body, enrollment_code: body.enrollment_code || body.invite_code });
+  }
+  if (admin_token !== ADMIN_BOOTSTRAP_TOKEN) return { error: "invalid_admin_token" };
+  const install_id = normalizeInstallId(body.install_id);
+  const { error } = await sb.from("clauth_machines").upsert(
+    { machine_hash, hmac_seed_hash, label, install_id, enabled: true, fail_count: 0, locked: false },
+    { onConflict: "machine_hash" }
+  );
+  if (error) return { error: error.message };
+  return { success: true, machine_hash, install_id };
+}
 Deno.serve(async (req: Request) => {
   if (req.method === "OPTIONS") {
@@ -308,8 +309,8 @@ Deno.serve(async (req: Request) => {
   const sb    = createClient(SUPABASE_URL, SERVICE_ROLE_KEY);
   const ip    = getClientIP(req);
-  if (route === "register-machine") return Response.json(await handleRegisterMachine(sb, body));
-  if (route === "redeem-enrollment") return Response.json(await handleRedeemEnrollment(sb, body));
+  if (route === "register-machine") return Response.json(await handleRegisterMachine(sb, body));
+  if (route === "redeem-enrollment") return Response.json(await handleRedeemEnrollment(sb, body));
   const ipCheck = checkIP(ip);
   if (!ipCheck.allowed) {
@@ -340,10 +341,10 @@ Deno.serve(async (req: Request) => {
     case "update":   return Response.json(await handleUpdate(sb, body, mh));
     case "remove":   return Response.json(await handleRemove(sb, body, mh));
     case "revoke":   return Response.json(await handleRevoke(sb, body, mh));
-    case "status":          return Response.json(await handleStatus(sb, body, mh));
-    case "change-password": return Response.json(await handleChangePassword(sb, body, mh));
-    case "create-enrollment": return Response.json(await handleCreateEnrollment(sb, body, mh));
-    case "test":            return Response.json({ valid: true, machine_hash: mh, timestamp: body.timestamp, ip });
+    case "status":          return Response.json(await handleStatus(sb, body, mh));
+    case "change-password": return Response.json(await handleChangePassword(sb, body, mh));
+    case "create-enrollment": return Response.json(await handleCreateEnrollment(sb, body, mh));
+    case "test":            return Response.json({ valid: true, machine_hash: mh, timestamp: body.timestamp, ip });
     default:         return Response.json({ error: "unknown_route", route }, { status: 404 });
   }
 });