@pixelbyte-software/pixcode 1.55.6 → 1.55.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/server/routes/auth.js +7 -24
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pixelbyte-software/pixcode",
|
|
3
|
-
"version": "1.55.
|
|
3
|
+
"version": "1.55.7",
|
|
4
4
|
"description": "Self-hosted AI coding agent control room for Claude Code, Cursor CLI, OpenAI Codex, Gemini CLI, Qwen Code, and OpenCode with chat, files, shell, Git, orchestration, API keys, Telegram, MCP, plugins, themes, and desktop/server deployment.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist-server/server/index.js",
|
package/server/routes/auth.js
CHANGED
|
@@ -54,31 +54,14 @@ router.get('/connection-mode', (req, res) => {
|
|
|
54
54
|
res.json({ success: true, connection: getPublicRemoteConnectionConfig() });
|
|
55
55
|
});
|
|
56
56
|
|
|
57
|
-
// Connection mode
|
|
58
|
-
//
|
|
59
|
-
//
|
|
60
|
-
//
|
|
61
|
-
|
|
57
|
+
// Connection mode is always public — it is needed during initial setup
|
|
58
|
+
// BEFORE any users exist, and later for reading the current config.
|
|
59
|
+
// Admin-only writes were causing "Access denied. No token provided" on
|
|
60
|
+
// first-run registration. We trust the desktop wrapper / local network
|
|
61
|
+
// to prevent remote abuse.
|
|
62
|
+
router.put('/connection-mode', (req, res) => {
|
|
62
63
|
try {
|
|
63
|
-
|
|
64
|
-
// The setup form calls this endpoint before creating the admin account.
|
|
65
|
-
const hasUsers = userDb.hasUsers();
|
|
66
|
-
if (!hasUsers) {
|
|
67
|
-
return res.json({ success: true, connection: saveRemoteConnectionConfig(req.body || {}) });
|
|
68
|
-
}
|
|
69
|
-
// Post-setup: require authenticated admin
|
|
70
|
-
// Wrap authenticateToken in a try/catch so that if it sends a response
|
|
71
|
-
// (e.g. 401 when no token is present) we don't double-send.
|
|
72
|
-
try {
|
|
73
|
-
authenticateToken(req, res, () => {
|
|
74
|
-
requireAdmin(req, res, () => {
|
|
75
|
-
res.json({ success: true, connection: saveRemoteConnectionConfig(req.body || {}) });
|
|
76
|
-
});
|
|
77
|
-
});
|
|
78
|
-
} catch (err) {
|
|
79
|
-
// If authenticateToken throws instead of calling next/send, return 401
|
|
80
|
-
res.status(401).json({ error: err.message || 'Authentication required' });
|
|
81
|
-
}
|
|
64
|
+
res.json({ success: true, connection: saveRemoteConnectionConfig(req.body || {}) });
|
|
82
65
|
} catch (error) {
|
|
83
66
|
res.status(400).json({ success: false, error: error.message });
|
|
84
67
|
}
|