@selvajs/cli 2.0.8 → 2.0.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/prompts.js +23 -0
package/package.json
CHANGED
package/src/prompts.js
CHANGED
|
@@ -123,6 +123,7 @@ export function collectConfigFromEnv(env = process.env) {
|
|
|
123
123
|
'ALLOW_ORG_CREATION',
|
|
124
124
|
'ALLOW_CROSS_ORG_PUBLIC',
|
|
125
125
|
'ALLOW_ORG_COMPUTE_OVERRIDE',
|
|
126
|
+
'ENABLE_PLATFORM_PROJECTS',
|
|
126
127
|
'ENABLE_SHARING'
|
|
127
128
|
];
|
|
128
129
|
for (const f of flagNames) {
|
|
@@ -474,6 +475,23 @@ export async function collectConfig({ defaults = {}, mode = 'create' } = {}) {
|
|
|
474
475
|
});
|
|
475
476
|
cancelOn(value);
|
|
476
477
|
origin = String(value);
|
|
478
|
+
|
|
479
|
+
// Plain HTTP + NODE_ENV=production drops the session cookie (Secure
|
|
480
|
+
// flag on, browser refuses to send over http://). Login appears to
|
|
481
|
+
// succeed but the next request is anonymous. Warn loudly here — the
|
|
482
|
+
// fix is either TLS or ALLOW_INSECURE_COOKIES=true in .env.
|
|
483
|
+
if (origin.startsWith('http://')) {
|
|
484
|
+
p.note(
|
|
485
|
+
'Sessions use Secure cookies in production; browsers will silently\n' +
|
|
486
|
+
'drop them over http://, so login will appear to succeed but the\n' +
|
|
487
|
+
'next request will be anonymous.\n\n' +
|
|
488
|
+
'Fix one of:\n' +
|
|
489
|
+
' • put TLS in front (recommended) — e.g. a domain + Caddy auto-cert\n' +
|
|
490
|
+
' • set ALLOW_INSECURE_COOKIES=true in .env (testing only — password\n' +
|
|
491
|
+
' auth over plain HTTP sends credentials in cleartext)',
|
|
492
|
+
pc.yellow('⚠ Plain HTTP origin')
|
|
493
|
+
);
|
|
494
|
+
}
|
|
477
495
|
}
|
|
478
496
|
|
|
479
497
|
// ── Platform flags ─────────────────────────────────────────────────
|
|
@@ -493,6 +511,11 @@ export async function collectConfig({ defaults = {}, mode = 'create' } = {}) {
|
|
|
493
511
|
label: 'Orgs can configure their own Rhino.Compute server',
|
|
494
512
|
hint: 'BYO compute'
|
|
495
513
|
},
|
|
514
|
+
{
|
|
515
|
+
value: 'ENABLE_PLATFORM_PROJECTS',
|
|
516
|
+
label: 'Platform projects (admin-owned, granted to orgs/users)',
|
|
517
|
+
hint: 'cross-org sharing without membership'
|
|
518
|
+
},
|
|
496
519
|
{
|
|
497
520
|
value: 'ENABLE_SHARING',
|
|
498
521
|
label: 'Per-definition share links (anonymous external access)',
|