npm - @myrialabs/clopen - Versions diffs - 0.2.0 → 0.2.1 - Mend

@myrialabs/clopen 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/backend/lib/utils/ws.ts +22 -0
package/backend/ws/auth/index.ts +4 -0
package/backend/ws/auth/login.ts +14 -0
package/frontend/lib/stores/features/auth.svelte.ts +12 -0
package/package.json +1 -1

package/backend/lib/utils/ws.ts CHANGED Viewed

@@ -580,6 +580,28 @@ class WSServer {
 		debug.log('websocket', `Connection ${id} auth cleared`);
 	}
+	/**
+	 * Clear authentication state for ALL active connections.
+	 * Used when switching auth mode to 'required' — invalidates every
+	 * connection's in-memory auth so the auth gate blocks subsequent messages.
+	 * Returns the number of connections that were cleared.
+	 */
+	clearAllAuth(): number {
+		let cleared = 0;
+		for (const [id, state] of this.connectionState) {
+			if (state.authenticated) {
+				state.authenticated = false;
+				state.role = null;
+				state.sessionTokenHash = null;
+				cleared++;
+			}
+		}
+		if (cleared > 0) {
+			debug.log('websocket', `Cleared auth on ${cleared} active connection(s)`);
+		}
+		return cleared;
+	}
 	/**
 	 * Check if connection can receive data (backpressure check)
 	 */

package/backend/ws/auth/index.ts CHANGED Viewed

@@ -14,4 +14,8 @@ export const authRouter = createRouter()
 	.emit('auth:error', t.Object({
 		error: t.String(),
 		blockedAction: t.String()
+	}))
+	// Declare auth:force-logout event (emitted when auth mode switches to required)
+	.emit('auth:force-logout', t.Object({
+		reason: t.String()
 	}));

package/backend/ws/auth/login.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import { t } from 'elysia';
 import { createRouter } from '$shared/utils/ws-server';
 import {
 	createAdmin,
+	getAuthMode,
 	loginWithToken,
 	createUserFromInvite,
 	logout,
@@ -96,6 +97,10 @@ export const loginHandler = createRouter()
 			expiresAt: t.String()
 		})
 	}, async ({ conn }) => {
+		if (getAuthMode() !== 'none') {
+			throw new Error('Auto-login is only available in no-auth mode');
+		}
 		const result = createOrGetNoAuthAdmin();
 		// Set auth on connection
@@ -254,6 +259,15 @@ export const loginHandler = createRouter()
 		})
 	}, async () => {
 		const count = logoutAllSessions();
+		// Broadcast force-logout to ALL connected clients before clearing auth.
+		// This ensures clients receive the event while still connected.
+		ws.emit.global('auth:force-logout', { reason: 'Auth mode changed' });
+		// Clear in-memory auth state on all active WebSocket connections.
+		// After this, the auth gate will block any further messages.
+		ws.clearAllAuth();
 		return { count };
 	})

package/frontend/lib/stores/features/auth.svelte.ts CHANGED Viewed

@@ -31,6 +31,18 @@ let sessionToken = $state<string | null>(null);
 let personalAccessToken = $state<string | null>(null);
 let authMode = $state<AuthMode>('required');
+// Listen for server-side force-logout (auth mode switched to required)
+ws.on('auth:force-logout', (payload) => {
+	debug.log('auth', `Force logout received: ${payload.reason}`);
+	currentUser = null;
+	sessionToken = null;
+	personalAccessToken = null;
+	localStorage.removeItem(SESSION_TOKEN_KEY);
+	ws.setSessionToken(null);
+	authMode = 'required';
+	authState = 'login';
+});
 export const authStore = {
 	get authState() { return authState; },
 	get currentUser() { return currentUser; },

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@myrialabs/clopen",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "All-in-one web workspace for Claude Code & OpenCode — chat, terminal, git, browser preview, checkpoints, and real-time collaboration",
   "author": "Myria Labs",
   "license": "MIT",