lobstakit-cloud 1.0.7 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/server.js +5 -2
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "lobstakit-cloud",
3
- "version": "1.0.7",
3
+ "version": "1.0.8",
4
4
  "description": "LobstaKit Cloud — Setup wizard and management for LobstaCloud gateways",
5
5
  "main": "server.js",
6
6
  "bin": {
package/server.js CHANGED
@@ -307,14 +307,17 @@ app.get('/api/provision', (req, res) => {
307
307
  if (provision) {
308
308
  const token = req.headers.authorization?.replace('Bearer ', '');
309
309
  const isAuthenticated = token && activeSessions.has(token);
310
+ const lobstaConfig = getLobstaKitConfig();
311
+ const setupNotComplete = !lobstaConfig.passwordHash;
310
312
  const response = {
311
313
  provisioned: true,
312
314
  email: isAuthenticated ? (provision.email || null) : maskEmail(provision.email || ''),
313
315
  subdomain: provision.subdomain || null,
314
316
  plan: provision.plan || null,
315
317
  };
316
- // Only expose setupToken to authenticated sessions
317
- if (isAuthenticated && provision.setupToken) {
318
+ // Return setupToken during initial setup (before password is set) OR to authenticated sessions
319
+ // This is safe because setupToken is only useful ONCE (to set the initial password)
320
+ if (provision.setupToken && (setupNotComplete || isAuthenticated)) {
318
321
  response.setupToken = provision.setupToken;
319
322
  }
320
323
  res.json(response);