@pixelbyte-software/pixcode 1.55.2 → 1.55.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/server/routes/auth.js +13 -6
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pixelbyte-software/pixcode",
|
|
3
|
-
"version": "1.55.
|
|
3
|
+
"version": "1.55.3",
|
|
4
4
|
"description": "Self-hosted AI coding agent control room for Claude Code, Cursor CLI, OpenAI Codex, Gemini CLI, Qwen Code, and OpenCode with chat, files, shell, Git, orchestration, API keys, Telegram, MCP, plugins, themes, and desktop/server deployment.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist-server/server/index.js",
|
package/server/routes/auth.js
CHANGED
|
@@ -36,7 +36,7 @@ function publicUser(user) {
|
|
|
36
36
|
// Check auth status and setup requirements
|
|
37
37
|
router.get('/status', async (req, res) => {
|
|
38
38
|
try {
|
|
39
|
-
const hasUsers =
|
|
39
|
+
const hasUsers = userDb.hasUsers();
|
|
40
40
|
res.json({
|
|
41
41
|
needsSetup: !hasUsers,
|
|
42
42
|
isAuthenticated: false // Will be overridden by frontend if token exists
|
|
@@ -62,16 +62,23 @@ router.put('/connection-mode', async (req, res) => {
|
|
|
62
62
|
try {
|
|
63
63
|
// During first-run setup no users exist yet, so we skip auth.
|
|
64
64
|
// The setup form calls this endpoint before creating the admin account.
|
|
65
|
-
const hasUsers =
|
|
65
|
+
const hasUsers = userDb.hasUsers();
|
|
66
66
|
if (!hasUsers) {
|
|
67
67
|
return res.json({ success: true, connection: saveRemoteConnectionConfig(req.body || {}) });
|
|
68
68
|
}
|
|
69
69
|
// Post-setup: require authenticated admin
|
|
70
|
-
authenticateToken
|
|
71
|
-
|
|
72
|
-
|
|
70
|
+
// Wrap authenticateToken in a try/catch so that if it sends a response
|
|
71
|
+
// (e.g. 401 when no token is present) we don't double-send.
|
|
72
|
+
try {
|
|
73
|
+
authenticateToken(req, res, () => {
|
|
74
|
+
requireAdmin(req, res, () => {
|
|
75
|
+
res.json({ success: true, connection: saveRemoteConnectionConfig(req.body || {}) });
|
|
76
|
+
});
|
|
73
77
|
});
|
|
74
|
-
})
|
|
78
|
+
} catch (err) {
|
|
79
|
+
// If authenticateToken throws instead of calling next/send, return 401
|
|
80
|
+
res.status(401).json({ error: err.message || 'Authentication required' });
|
|
81
|
+
}
|
|
75
82
|
} catch (error) {
|
|
76
83
|
res.status(400).json({ success: false, error: error.message });
|
|
77
84
|
}
|