@wizzlethorpe/vaults 0.1.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/dist/auth.js +1 -1
- package/dist/auth.js.map +1 -1
- package/dist/build.js +108 -28
- package/dist/build.js.map +1 -1
- package/dist/commands/init.js +4 -4
- package/dist/commands/init.js.map +1 -1
- package/dist/commands/preview.js +2 -2
- package/dist/commands/preview.js.map +1 -1
- package/dist/commands/push.js +7 -7
- package/dist/commands/push.js.map +1 -1
- package/dist/commands/role.js +3 -3
- package/dist/commands/role.js.map +1 -1
- package/dist/favicon.js +1 -1
- package/dist/obsidian.js +1 -1
- package/dist/render/auth-template.js +20 -20
- package/dist/render/bases.js +807 -0
- package/dist/render/bases.js.map +1 -0
- package/dist/render/callouts.js +2 -2
- package/dist/render/callouts.js.map +1 -1
- package/dist/render/embed.js +14 -4
- package/dist/render/embed.js.map +1 -1
- package/dist/render/layout.js +86 -8
- package/dist/render/layout.js.map +1 -1
- package/dist/render/pipeline.js +19 -1
- package/dist/render/pipeline.js.map +1 -1
- package/dist/render/preview.js +1 -1
- package/dist/render/preview.js.map +1 -1
- package/dist/render/styles.js +198 -34
- package/dist/render/styles.js.map +1 -1
- package/dist/render/wikilink.js +1 -1
- package/dist/render/wikilink.js.map +1 -1
- package/dist/settings.js +1 -6
- package/dist/settings.js.map +1 -1
- package/package.json +9 -4
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"push.js","sourceRoot":"","sources":["../../src/commands/push.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAoB,MAAM,cAAc,CAAC;AAC3F,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAWnD,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,SAAiB,EAAE,IAAiB;IAC7D,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE;QACtC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9D,GAAG,CAAC,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC1E,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,OAAO,CAAC;IAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,cAAc,EAAE,UAAU,CAAC,CAAC;IAE9D,OAAO,CAAC,GAAG,CAAC,sBAAsB,SAAS,KAAK,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC;QAC7B,SAAS;QACT,SAAS;QACT,SAAS;QACT,YAAY,EAAE,GAAG,CAAC,YAAY;QAC9B,YAAY,EAAE,GAAG,CAAC,YAAY;QAC9B,WAAW,EAAE,IAAI,CAAC,WAAW;KAC9B,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC;SACpD,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;SAC7B,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,WAAW,MAAM,CAAC,UAAU,YAAY,MAAM,CAAC,UAAU,cAAc,CAAC,CAAC;IAEjG,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,2CAA2C,SAAS,GAAG,CAAC,CAAC;QACrE,OAAO;IACT,CAAC;IAED,uEAAuE;IACvE,yEAAyE;IACzE,wEAAwE;IACxE,MAAM,WAAW,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAElC,yEAAyE;IACzE,2EAA2E;IAC3E,wEAAwE;IACxE,kBAAkB;IAClB,EAAE;IACF,wEAAwE;IACxE,sEAAsE;IACtE,4DAA4D;IAC5D,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,IAAI,MAAM,GAAG,GAAG,CAAC,aAAa,CAAC;QAC/B,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,MAAM,EAAE,CAAC;YACjC,MAAM,GAAG,qBAAqB,EAAE,CAAC;YACjC,MAAM,iBAAiB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY;gBAC3B,CAAC,CAAC
|
|
1
|
+
{"version":3,"file":"push.js","sourceRoot":"","sources":["../../src/commands/push.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAoB,MAAM,cAAc,CAAC;AAC3F,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAWnD,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,SAAiB,EAAE,IAAiB;IAC7D,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE;QACtC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9D,GAAG,CAAC,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC1E,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,OAAO,CAAC;IAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,cAAc,EAAE,UAAU,CAAC,CAAC;IAE9D,OAAO,CAAC,GAAG,CAAC,sBAAsB,SAAS,KAAK,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC;QAC7B,SAAS;QACT,SAAS;QACT,SAAS;QACT,YAAY,EAAE,GAAG,CAAC,YAAY;QAC9B,YAAY,EAAE,GAAG,CAAC,YAAY;QAC9B,WAAW,EAAE,IAAI,CAAC,WAAW;KAC9B,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC;SACpD,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;SAC7B,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,WAAW,MAAM,CAAC,UAAU,YAAY,MAAM,CAAC,UAAU,cAAc,CAAC,CAAC;IAEjG,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,2CAA2C,SAAS,GAAG,CAAC,CAAC;QACrE,OAAO;IACT,CAAC;IAED,uEAAuE;IACvE,yEAAyE;IACzE,wEAAwE;IACxE,MAAM,WAAW,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAElC,yEAAyE;IACzE,2EAA2E;IAC3E,wEAAwE;IACxE,kBAAkB;IAClB,EAAE;IACF,wEAAwE;IACxE,sEAAsE;IACtE,4DAA4D;IAC5D,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,IAAI,MAAM,GAAG,GAAG,CAAC,aAAa,CAAC;QAC/B,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,MAAM,EAAE,CAAC;YACjC,MAAM,GAAG,qBAAqB,EAAE,CAAC;YACjC,MAAM,iBAAiB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY;gBAC3B,CAAC,CAAC,8DAA8D;gBAChE,CAAC,CAAC,oDAAoD,CAAC,CAAC;QAC5D,CAAC;QACD,MAAM,cAAc,CAAC,GAAG,CAAC,WAAY,EAAE,gBAAgB,EAAE,MAAM,CAAC,CAAC;IACnE,CAAC;IACD,MAAM,cAAc,CAAC,SAAS,EAAE,GAAG,CAAC,WAAY,CAAC,CAAC;AACpD,CAAC;AAED,4EAA4E;AAE5E,KAAK,UAAU,WAAW,CAAC,SAAiB,EAAE,GAAgB;IAC5D,0EAA0E;IAC1E,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;QACrB,MAAM,SAAS,GAAG,mBAAmB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;QAC3D,MAAM,IAAI,GAAG,MAAM,WAAW,CAC5B,kCAAkC,SAAS,KAAK,EAChD,SAAS,EACT,0FAA0F,CAC3F,CAAC;QACF,GAAG,CAAC,WAAW,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,UAAU,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,wBAAwB,GAAG,CAAC,WAAW,oBAAoB,CAAC,CAAC;IAC3E,CAAC;IAED,4EAA4E;IAC5E,IAAI,CAAC,MAAM,kBAAkB,EAAE,EAAE,CAAC;QAChC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;QACxF,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;QACxE,MAAM,sBAAsB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1C,CAAC;IAED,yEAAyE;IACzE,2DAA2D;IAC3D,IAAI,CAAC,MAAM,kBAAkB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,CAAC,WAAW,IAAI,CAAC,CAAC;QAC5D,MAAM,sBAAsB,CAAC;YAC3B,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,WAAW;YAC7C,0BAA0B;SAC3B,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACf,oEAAoE;YACpE,oDAAoD;YACpD,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC;gBAAE,MAAM,GAAG,CAAC;QAC9C,CAAC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAY;IACvC,iEAAiE;IACjE,MAAM,OAAO,GAAG,IAAI;SACjB,WAAW,EAAE;SACb,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC;SAC3B,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;SACvB,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAChB,OAAO,OAAO,IAAI,OAAO,CAAC;AAC5B,CAAC;AAED,KAAK,UAAU,kBAAkB;IAC/B,IAAI,CAAC;QACH,MAAM,mBAAmB,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,IAAY;IAC5C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,mBAAmB,CAAC,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;QACpE,uEAAuE;QACvE,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,cAAc,QAAQ,CAAC,IAAI,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;QACtE,OAAO,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,2EAA2E;QAC3E,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS;IACzB,OAAO,CAAC,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AAClD,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAgB,EAAE,QAAgB,EAAE,WAAmB;IAChF,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACjB,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,QAAQ,GAAG,QAAQ,GAAG,oBAAoB,CAAC,CAAC;YACxD,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC;IAC/B,CAAC;IACD,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7D,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACpD,OAAO,MAAM,IAAI,QAAQ,CAAC;IAC5B,CAAC;YAAS,CAAC;QACT,EAAE,CAAC,KAAK,EAAE,CAAC;IACb,CAAC;AACH,CAAC;AAED,4EAA4E;AAE5E,KAAK,UAAU,cAAc,CAAC,SAAiB,EAAE,WAAmB;IAClE,OAAO,CAAC,GAAG,CAAC,0CAA0C,WAAW,IAAI,CAAC,CAAC;IACvE,0EAA0E;IAC1E,oEAAoE;IACpE,iEAAiE;IACjE,kEAAkE;IAClE,gCAAgC;IAChC,MAAM,sBAAsB,CAC1B,CAAC,OAAO,EAAE,QAAQ,EAAE,GAAG,EAAE,kBAAkB,WAAW,EAAE,EAAE,eAAe,EAAE,qBAAqB,CAAC,EACjG,SAAS,CACV,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,WAAmB,EAAE,IAAY,EAAE,KAAa;IAC5E,OAAO,CAAC,GAAG,CAAC,2BAA2B,IAAI,GAAG,CAAC,CAAC;IAChD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,IAAI,GAAG,KAAK,CAChB,KAAK,EACL,CAAC,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,kBAAkB,WAAW,EAAE,CAAC,EAC7E,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAC/E,CAAC;QACF,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC;QAC/B,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QACjB,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,8BAA8B,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9G,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAc,EAAE,GAAY;IAC1D,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC,UAAU,EAAE,GAAG,IAAI,CAAC,EAAE;YAC/C,KAAK,EAAE,SAAS;YAChB,KAAK,EAAE,OAAO,CAAC,QAAQ,KAAK,OAAO;YACnC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACxB,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,YAAY,IAAI,CAAC,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9G,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAc;IACzC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC,UAAU,EAAE,GAAG,IAAI,CAAC,EAAE;YAC/C,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;YACjC,KAAK,EAAE,OAAO,CAAC,QAAQ,KAAK,OAAO;SACpC,CAAC,CAAC;QACH,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,GAAG,SAAS,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9D,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,GAAG,SAAS,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9D,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YACvB,IAAI,IAAI,KAAK,CAAC;gBAAE,OAAO,CAAC,SAAS,CAAC,CAAC;;gBAC9B,MAAM,CAAC,IAAI,KAAK,CAAC,YAAY,IAAI,CAAC,CAAC,CAAC,WAAW,IAAI,KAAK,SAAS,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC;QAC1F,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC"}
|
package/dist/commands/role.js
CHANGED
|
@@ -9,7 +9,7 @@ export async function roleAdd(name, vaultPath) {
|
|
|
9
9
|
const cfg = await loadConfig(vaultPath, {});
|
|
10
10
|
if (cfg.roles.includes(name))
|
|
11
11
|
throw new Error(`Role '${name}' already exists.`);
|
|
12
|
-
// First role added (or first ever role) is the default
|
|
12
|
+
// First role added (or first ever role) is the default; no password.
|
|
13
13
|
// Subsequent roles need a password to gate access.
|
|
14
14
|
const isDefault = cfg.roles.length === 0;
|
|
15
15
|
cfg.roles.push(name);
|
|
@@ -28,7 +28,7 @@ export async function roleRemove(name, vaultPath) {
|
|
|
28
28
|
throw new Error(`Role '${name}' is not configured (${cfg.roles.join(", ") || "empty"}).`);
|
|
29
29
|
}
|
|
30
30
|
if (cfg.roles[0] === name && cfg.roles.length > 1) {
|
|
31
|
-
throw new Error(`Can't remove '${name}'
|
|
31
|
+
throw new Error(`Can't remove '${name}'; it's the default role. Remove the other roles first.`);
|
|
32
32
|
}
|
|
33
33
|
cfg.roles = cfg.roles.filter((r) => r !== name);
|
|
34
34
|
delete cfg.rolePasswords[name];
|
|
@@ -49,7 +49,7 @@ async function reorderRole(name, vaultPath, delta) {
|
|
|
49
49
|
if (i === -1)
|
|
50
50
|
throw new Error(`Role '${name}' is not configured (${roles.join(", ") || "empty"}).`);
|
|
51
51
|
if (i === 0)
|
|
52
|
-
throw new Error(`Can't reorder '${name}'
|
|
52
|
+
throw new Error(`Can't reorder '${name}'; it's the default role.`);
|
|
53
53
|
const j = i + delta;
|
|
54
54
|
if (j < 1 || j >= roles.length) {
|
|
55
55
|
throw new Error(`'${name}' is already at the ${delta > 0 ? "highest" : "lowest non-default"} rank.`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"role.js","sourceRoot":"","sources":["../../src/commands/role.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAEtD,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAY,EAAE,SAAiB;IAC3D,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,sBAAsB,IAAI,gEAAgE,CAAC,CAAC;IAC9G,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC5C,IAAI,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,SAAS,IAAI,mBAAmB,CAAC,CAAC;IAEhF,
|
|
1
|
+
{"version":3,"file":"role.js","sourceRoot":"","sources":["../../src/commands/role.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAEtD,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,IAAY,EAAE,SAAiB;IAC3D,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,sBAAsB,IAAI,gEAAgE,CAAC,CAAC;IAC9G,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC5C,IAAI,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,SAAS,IAAI,mBAAmB,CAAC,CAAC;IAEhF,qEAAqE;IACrE,mDAAmD;IACnD,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC;IACzC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAErB,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,mCAAmC,CAAC,CAAC;QACrE,MAAM,EAAE,GAAG,MAAM,YAAY,EAAE,CAAC;QAChC,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,MAAM,YAAY,CAAC,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,MAAM,UAAU,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IACjC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,IAAI,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACrE,OAAO,CAAC,GAAG,CAAC,4BAA4B,IAAI,uCAAuC,IAAI,kBAAkB,CAAC,CAAC;AAC7G,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,IAAY,EAAE,SAAiB;IAC9D,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC5C,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,SAAS,IAAI,wBAAwB,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,OAAO,IAAI,CAAC,CAAC;IAC5F,CAAC;IACD,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,yDAAyD,CAAC,CAAC;IAClG,CAAC;IAED,GAAG,CAAC,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;IAChD,OAAO,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,UAAU,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IACjC,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,IAAI,CAAC,CAAC;IACvC,OAAO,CAAC,GAAG,CAAC,yBAAyB,IAAI,qDAAqD,CAAC,CAAC;AAClG,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,IAAY,EAAE,SAAiB;IAC/D,MAAM,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,IAAY,EAAE,SAAiB;IAC9D,MAAM,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC;AACzC,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,IAAY,EAAE,SAAiB,EAAE,KAAa;IACvE,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC5C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;IACxB,MAAM,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9B,IAAI,CAAC,KAAK,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,SAAS,IAAI,wBAAwB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,OAAO,IAAI,CAAC,CAAC;IACpG,IAAI,CAAC,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,IAAI,2BAA2B,CAAC,CAAC;IAEhF,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACpB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,IAAI,IAAI,uBAAuB,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,oBAAoB,QAAQ,CAAC,CAAC;IACvG,CAAC;IACD,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;IAC9C,MAAM,UAAU,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAEjC,MAAM,MAAM,GAAG,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,KAAK,IAAI,aAAa,CAAC,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC;IACxE,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;AACnD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,SAAiB;IAC9C,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC5C,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;QAC7E,OAAO;IACT,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;IACzC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACzB,MAAM,SAAS,GAAG,CAAC,KAAK,CAAC,CAAC;QAC1B,MAAM,KAAK,GAAG,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAC3C,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,qBAAqB,CAAC;QAClF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,YAAY;IACzB,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC;IAC5B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,KAAK;YAAE,MAAM,CAAC,IAAI,CAAC,KAAe,CAAC,CAAC;QAC9D,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACpE,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC1B,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC/B,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAC5C,IAAI,EAAE,KAAK,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC9D,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7D,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,MAAM,UAAU,CAAC,EAAE,EAAE,YAAY,CAAC,CAAC;QAC9C,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAC5C,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,EAAE,EAAE,YAAY,CAAC,CAAC;QACnD,IAAI,EAAE,KAAK,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC9D,OAAO,EAAE,CAAC;IACZ,CAAC;YAAS,CAAC;QACT,EAAE,CAAC,KAAK,EAAE,CAAC;IACb,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,EAAsC,EAAE,MAAc;IAC9E,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5C,IAAI,KAAK,GAAG,IAAI,CAAC;IACjB,8DAA8D;IAC7D,MAAc,CAAC,KAAK,GAAG,CAAC,CAAC,KAAc,EAAE,GAAG,IAAe,EAAE,EAAE,CAC9D,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,KAAc,EAAE,GAAG,IAAU,CAAC,CAAqB,CAAC;IAC/E,IAAI,CAAC;QACH,OAAO,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC/B,CAAC;YAAS,CAAC;QACT,KAAK,GAAG,KAAK,CAAC;QACd,8DAA8D;QAC7D,MAAc,CAAC,KAAK,GAAG,SAAS,CAAC;QAClC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACrB,CAAC;AACH,CAAC"}
|
package/dist/favicon.js
CHANGED
|
@@ -5,7 +5,7 @@ const ICON_SIZE = 32;
|
|
|
5
5
|
/**
|
|
6
6
|
* Render the favicon for a vault to an ICO buffer. If the user pointed
|
|
7
7
|
* `settings.favicon` at a real file, we resize that image; otherwise we
|
|
8
|
-
* generate a default
|
|
8
|
+
* generate a default; a rounded square in the vault's accent colour with
|
|
9
9
|
* a single uppercase letter centred on it.
|
|
10
10
|
*/
|
|
11
11
|
export async function buildFavicon(opts) {
|
package/dist/obsidian.js
CHANGED
|
@@ -5,7 +5,7 @@ import { join } from "node:path";
|
|
|
5
5
|
*
|
|
6
6
|
* If .obsidian/appearance.json exists, only snippets listed in
|
|
7
7
|
* `enabledCssSnippets` are included. If it's missing, all snippets are
|
|
8
|
-
* included
|
|
8
|
+
* included; matches Obsidian's behaviour when the user hasn't configured
|
|
9
9
|
* anything, and gives users a "drop a CSS file in and it works" workflow.
|
|
10
10
|
*
|
|
11
11
|
* Returns a single concatenated CSS string, or empty if no snippets.
|
|
@@ -13,7 +13,7 @@ export function renderAuthMiddleware(cfg) {
|
|
|
13
13
|
const ROLES = ${rolesLiteral};
|
|
14
14
|
const PASSWORDS = ${passwordsLiteral};
|
|
15
15
|
const COOKIE_NAME = "vault_role";
|
|
16
|
-
// Non-HttpOnly companion cookie carrying the role name only
|
|
16
|
+
// Non-HttpOnly companion cookie carrying the role name only; the auth check
|
|
17
17
|
// uses COOKIE_NAME (which is signed and HttpOnly), this one is purely for UI.
|
|
18
18
|
const DISPLAY_COOKIE_NAME = "vault_role_display";
|
|
19
19
|
const COOKIE_MAX_AGE = 60 * 60 * 24 * 7; // 7 days
|
|
@@ -28,7 +28,7 @@ export const onRequest = async (ctx) => {
|
|
|
28
28
|
const { request, env, next } = ctx;
|
|
29
29
|
const url = new URL(request.url);
|
|
30
30
|
|
|
31
|
-
// CORS preflight
|
|
31
|
+
// CORS preflight. Foundry, the MCP server, and AI tooling fetch the
|
|
32
32
|
// manifest / source / search endpoints from a different origin with an
|
|
33
33
|
// 'Authorization: Bearer' header, which triggers a preflight OPTIONS.
|
|
34
34
|
// Allow * because the resource is gated by the bearer token, not by
|
|
@@ -37,14 +37,14 @@ export const onRequest = async (ctx) => {
|
|
|
37
37
|
return new Response(null, { status: 204, headers: corsHeaders() });
|
|
38
38
|
}
|
|
39
39
|
|
|
40
|
-
// Block direct access to /_variants/<role
|
|
40
|
+
// Block direct access to /_variants/<role>/*; those paths exist in storage
|
|
41
41
|
// for the rewrite below, but exposing them would let anyone fetch any
|
|
42
42
|
// variant's manifest, page, or markdown source by guessing the role name.
|
|
43
43
|
if (url.pathname.startsWith("/_variants/")) {
|
|
44
44
|
return withCors(new Response("Not found", { status: 404 }), request);
|
|
45
45
|
}
|
|
46
46
|
|
|
47
|
-
// /login
|
|
47
|
+
// /login. POST validates a password and sets the session cookie. GET
|
|
48
48
|
// serves the static login page from the deploy root; we have to pass it
|
|
49
49
|
// through explicitly because the variant-rewrite below would otherwise
|
|
50
50
|
// try to fetch /_variants/<role>/login (which doesn't exist).
|
|
@@ -66,7 +66,7 @@ export const onRequest = async (ctx) => {
|
|
|
66
66
|
return new Response(null, { status: 302, headers });
|
|
67
67
|
}
|
|
68
68
|
|
|
69
|
-
// /connect
|
|
69
|
+
// /connect. OAuth-style approval flow for Foundry / MCP clients to obtain
|
|
70
70
|
// a long-lived bearer token. GET shows the approval page; POST signs the
|
|
71
71
|
// token and redirects back to the requesting app.
|
|
72
72
|
if (url.pathname === "/connect" && request.method === "GET") {
|
|
@@ -76,7 +76,7 @@ export const onRequest = async (ctx) => {
|
|
|
76
76
|
return handleConnectApprove(request, env);
|
|
77
77
|
}
|
|
78
78
|
|
|
79
|
-
// /_batch
|
|
79
|
+
// /_batch; bulk source fetch for sync clients (Foundry). Body is
|
|
80
80
|
// newline-separated paths under text/plain so the request stays CORS-
|
|
81
81
|
// simple (no preflight per file → no OPTIONS rate-limit). Response is
|
|
82
82
|
// JSON: { files: { path: content }, missing: [path, ...] }.
|
|
@@ -84,7 +84,7 @@ export const onRequest = async (ctx) => {
|
|
|
84
84
|
return withCors(await handleBatch(request, env), request);
|
|
85
85
|
}
|
|
86
86
|
|
|
87
|
-
// /_batch-images
|
|
87
|
+
// /_batch-images; bulk *binary* fetch (images, etc). Same input shape as
|
|
88
88
|
// /_batch but each file is base64-encoded so it can ride in JSON. Used by
|
|
89
89
|
// the Foundry image cache so a 300-image sync is a handful of HTTP calls
|
|
90
90
|
// instead of 300 GETs that hit Cloudflare's per-IP rate limit.
|
|
@@ -101,7 +101,7 @@ export const onRequest = async (ctx) => {
|
|
|
101
101
|
const role = await readRole(request, env);
|
|
102
102
|
|
|
103
103
|
// env.ASSETS canonicalizes URLs (strips .html, strips index.html, redirects
|
|
104
|
-
// with 308s)
|
|
104
|
+
// with 308s); passing those redirects through to the browser would expose
|
|
105
105
|
// the /_variants/<role>/ path, which the guard at the top of this function
|
|
106
106
|
// explicitly blocks. So: rewrite to a clean URL, and if ASSETS still returns
|
|
107
107
|
// a redirect, follow it server-side instead of leaking it to the client.
|
|
@@ -144,7 +144,7 @@ function corsHeaders() {
|
|
|
144
144
|
|
|
145
145
|
function withCors(response, request) {
|
|
146
146
|
if (!request.headers.get("Origin")) return response;
|
|
147
|
-
// Response from env.ASSETS.fetch is immutable
|
|
147
|
+
// Response from env.ASSETS.fetch is immutable; clone before mutating.
|
|
148
148
|
const headers = new Headers(response.headers);
|
|
149
149
|
for (const [k, v] of Object.entries(corsHeaders())) headers.set(k, v);
|
|
150
150
|
return new Response(response.body, { status: response.status, statusText: response.statusText, headers });
|
|
@@ -179,7 +179,7 @@ async function handleLogin(request, env) {
|
|
|
179
179
|
}
|
|
180
180
|
|
|
181
181
|
// Sanitise a 'next' redirect target. Only same-origin relative paths are
|
|
182
|
-
// allowed
|
|
182
|
+
// allowed; anything else (absolute URLs, protocol-relative '//evil.com',
|
|
183
183
|
// the protected /_variants/ tree) is replaced with '/'. Prevents the login
|
|
184
184
|
// and logout endpoints from being weaponised as open redirects.
|
|
185
185
|
function safeNext(value) {
|
|
@@ -199,7 +199,7 @@ function loginRedirect(next, error) {
|
|
|
199
199
|
//
|
|
200
200
|
// Bulk-read endpoint used by sync clients to avoid making one HTTP request
|
|
201
201
|
// per .md file. The body is newline-separated paths (text/plain, so the
|
|
202
|
-
// request stays CORS-simple
|
|
202
|
+
// request stays CORS-simple; no preflight). The handler resolves each
|
|
203
203
|
// path against the caller's role variant and bundles the results into a
|
|
204
204
|
// single JSON response.
|
|
205
205
|
//
|
|
@@ -209,7 +209,7 @@ function loginRedirect(next, error) {
|
|
|
209
209
|
// (would escape the variant or hit metadata files)
|
|
210
210
|
|
|
211
211
|
const BATCH_MAX_PATHS = 200;
|
|
212
|
-
// Smaller cap for binary
|
|
212
|
+
// Smaller cap for binary; base64 inflates ~4/3x and we don't want to
|
|
213
213
|
// blow the worker response budget. ~30 images at 200KB avg ≈ 8MB JSON.
|
|
214
214
|
const BATCH_BINARY_MAX_PATHS = 30;
|
|
215
215
|
|
|
@@ -301,7 +301,7 @@ async function handleConnectGet(request, env) {
|
|
|
301
301
|
return new Response("Invalid or missing return_to. Must be an http(s) URL.", { status: 400 });
|
|
302
302
|
}
|
|
303
303
|
|
|
304
|
-
// Require login first
|
|
304
|
+
// Require login first; the user's role is what we're authorising.
|
|
305
305
|
const role = await readRole(request, env);
|
|
306
306
|
const isLoggedIn = role !== ROLES[0] || PASSWORDS[role] != null;
|
|
307
307
|
if (!isLoggedIn || role === ROLES[0]) {
|
|
@@ -336,7 +336,7 @@ async function handleConnectApprove(request, env) {
|
|
|
336
336
|
|
|
337
337
|
const token = await signToken(role, env.SESSION_SECRET, BEARER_MAX_AGE);
|
|
338
338
|
// Render a page that delivers the token via postMessage when running
|
|
339
|
-
// inside an iframe or popup
|
|
339
|
+
// inside an iframe or popup; that avoids a cross-site top-level
|
|
340
340
|
// navigation back to the host app, which can blow away SPA sessions
|
|
341
341
|
// (Foundry logs the user out on full reloads). Falls back to a top-
|
|
342
342
|
// level redirect with the token in the query string for CLI / direct
|
|
@@ -393,7 +393,7 @@ function renderConnectDeliveryPage({ token, state, returnTo }) {
|
|
|
393
393
|
} catch (e) { /* fall through to redirect */ }
|
|
394
394
|
}
|
|
395
395
|
|
|
396
|
-
// No parent or opener
|
|
396
|
+
// No parent or opener; fall back to the original redirect flow.
|
|
397
397
|
var sep = returnTo.indexOf("?") === -1 ? "?" : "&";
|
|
398
398
|
var target = returnTo + sep + "token=" + encodeURIComponent(token)
|
|
399
399
|
+ (state ? "&state=" + encodeURIComponent(state) : "");
|
|
@@ -486,7 +486,7 @@ async function readRole(request, env) {
|
|
|
486
486
|
const fallback = ROLES[0];
|
|
487
487
|
if (!env.SESSION_SECRET) return fallback;
|
|
488
488
|
|
|
489
|
-
// Authorization: Bearer <token
|
|
489
|
+
// Authorization: Bearer <token>; used by curl / the MCP server / any
|
|
490
490
|
// client that can set request headers freely. Same signed-token format
|
|
491
491
|
// as the cookie, so verification is shared.
|
|
492
492
|
const auth = request.headers.get("Authorization") || "";
|
|
@@ -496,7 +496,7 @@ async function readRole(request, env) {
|
|
|
496
496
|
if (role && ROLES.includes(role)) return role;
|
|
497
497
|
}
|
|
498
498
|
|
|
499
|
-
// ?_token=<token
|
|
499
|
+
// ?_token=<token>; used by the Foundry module so cross-origin GETs stay
|
|
500
500
|
// CORS-simple and don't trigger a preflight per file (Cloudflare rate-
|
|
501
501
|
// limits OPTIONS bursts and a sync is hundreds of unique URLs).
|
|
502
502
|
const queryToken = new URL(request.url).searchParams.get("_token");
|
|
@@ -521,7 +521,7 @@ async function signToken(role, secret, maxAgeSeconds) {
|
|
|
521
521
|
|
|
522
522
|
async function signSessionCookie(role, secret) {
|
|
523
523
|
const value = await signToken(role, secret, COOKIE_MAX_AGE);
|
|
524
|
-
// SameSite=None + Partitioned (CHIPS)
|
|
524
|
+
// SameSite=None + Partitioned (CHIPS); required so the cookie persists
|
|
525
525
|
// when the vault is loaded inside a cross-origin iframe (the Foundry
|
|
526
526
|
// connect dialog). Partitioned scopes the cookie per parent origin, so
|
|
527
527
|
// it isn't a general third-party tracking cookie. Top-level browsing
|
|
@@ -543,7 +543,7 @@ async function verifyToken(token, secret) {
|
|
|
543
543
|
function clearCookieVariants(name) {
|
|
544
544
|
// Browsers match cookies for deletion on (Path, Domain, Secure, SameSite,
|
|
545
545
|
// Partitioned). A single Set-Cookie attempt only matches one configuration,
|
|
546
|
-
// so we emit two
|
|
546
|
+
// so we emit two; one that matches cookies set by the current
|
|
547
547
|
// (SameSite=None+Partitioned) signSessionCookie, and one that matches the
|
|
548
548
|
// older Lax form. Both are safe to send; the unmatched one is a no-op.
|
|
549
549
|
const httpOnly = name === COOKIE_NAME ? "HttpOnly; " : "";
|
|
@@ -610,7 +610,7 @@ function parseCookie(header) {
|
|
|
610
610
|
|
|
611
611
|
function isSharedAsset(pathname) {
|
|
612
612
|
// Allowlist of root-served files that are intentionally public to every
|
|
613
|
-
// visitor (no role gate). Everything else
|
|
613
|
+
// visitor (no role gate). Everything else (including images) goes
|
|
614
614
|
// through the variant rewrite so role-restricted content is structurally
|
|
615
615
|
// unreachable on under-tier deploys.
|
|
616
616
|
if (pathname === "/styles.css") return true;
|