@stackbilt/aegis-core 0.6.4 → 0.6.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/auth.ts +6 -2
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@stackbilt/aegis-core",
|
|
3
|
-
"version": "0.6.
|
|
3
|
+
"version": "0.6.5",
|
|
4
4
|
"description": "Persistent AI agent framework for Cloudflare Workers. Multi-tier memory, autonomous goals, dreaming cycles, MCP native.",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"publishConfig": {
|
package/src/auth.ts
CHANGED
|
@@ -31,8 +31,12 @@ export async function bearerAuth(c: Context<{ Bindings: Env }>, next: Next): Pro
|
|
|
31
31
|
const token = extractBearer(authHeader) ?? cookieToken ?? queryToken;
|
|
32
32
|
|
|
33
33
|
if (!token || token !== c.env.AEGIS_TOKEN) {
|
|
34
|
-
// UI pages — show login
|
|
35
|
-
|
|
34
|
+
// UI pages — show the login form for top-level HTML navigations (a GET
|
|
35
|
+
// whose Accept includes text/html) so the operator can enter a token.
|
|
36
|
+
// Path-agnostic on purpose: any page route — core or downstream-variant
|
|
37
|
+
// (e.g. the daemon's /lite) — gets the form without core enumerating it.
|
|
38
|
+
// API/fetch requests (Accept */* or application/json) get JSON 401.
|
|
39
|
+
if (c.req.method === 'GET' && (c.req.header('Accept') ?? '').includes('text/html')) {
|
|
36
40
|
return c.html(loginPage(), 401);
|
|
37
41
|
}
|
|
38
42
|
return c.json({ error: 'Unauthorized' }, 401);
|