thevoidforge 21.0.8 → 21.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/wizard/api/auth.js +4 -4
  2. package/dist/wizard/server.js +4 -5
  3. package/dist/wizard/ui/lobby.js +2 -2
  4. package/package.json +1 -1
package/dist/wizard/api/auth.js CHANGED
@@ -4,7 +4,7 @@
4
4
  */
5
5
  import { addRoute } from '../router.js';
6
6
  import { parseJsonBody } from '../lib/body-parser.js';
7
- import { hasUsers, createUser, login, logout, validateSession, parseSessionCookie, buildSessionCookie, clearSessionCookie, isRemoteMode, checkRateLimit, getClientIp, getUserRole, isValidUsername, } from '../lib/tower-auth.js';
7
+ import { hasUsers, createUser, login, logout, validateSession, parseSessionCookie, buildSessionCookie, clearSessionCookie, isRemoteMode, isLanMode, checkRateLimit, getClientIp, getUserRole, isValidUsername, } from '../lib/tower-auth.js';
8
8
  import { audit } from '../lib/audit-log.js';
9
9
  import { sendJson } from '../lib/http-helpers.js';
10
10
  // POST /api/auth/setup — Create initial admin user (only when no users exist)
@@ -114,8 +114,8 @@ addRoute('POST', '/api/auth/logout', async (req, res) => {
114
114
  });
115
115
  // GET /api/auth/session — Check if current session is valid
116
116
  addRoute('GET', '/api/auth/session', async (req, res) => {
117
- if (!isRemoteMode()) {
118
- sendJson(res, 200, { success: true, data: { authenticated: true, username: 'local', role: 'admin', remoteMode: false } });
117
+ if (!isRemoteMode() && !isLanMode()) {
118
+ sendJson(res, 200, { success: true, data: { authenticated: true, username: 'local', role: 'admin', remoteMode: false, lanMode: false } });
119
119
  return;
120
120
  }
121
121
  const token = parseSessionCookie(req.headers.cookie);
@@ -129,5 +129,5 @@ addRoute('GET', '/api/auth/session', async (req, res) => {
129
129
  sendJson(res, 200, { success: true, data: { authenticated: false, needsSetup: false } });
130
130
  return;
131
131
  }
132
- sendJson(res, 200, { success: true, data: { authenticated: true, username: session.username, role: session.role, remoteMode: true } });
132
+ sendJson(res, 200, { success: true, data: { authenticated: true, username: session.username, role: session.role, remoteMode: isRemoteMode(), lanMode: isLanMode() } });
133
133
  });
package/dist/wizard/server.js CHANGED
@@ -159,11 +159,10 @@ async function handleRequest(req, res) {
159
159
  sendJson(res, 403, { success: false, error: 'Missing X-VoidForge-Request header' });
160
160
  return;
161
161
  }
162
- // LAN modefull access. LAN is a private network (ZeroTier, local subnet),
163
- // inherently more secure than remote. No endpoint restrictions.
164
- // Auth: optional password (no TOTP). All features available.
165
- // Auth middleware in remote mode, require valid session for non-exempt paths
166
- if (isRemoteMode()) {
162
+ // Auth middlewarein remote and LAN modes, require valid session for non-exempt paths.
163
+ // LAN mode has full access (same as remote) but simpler auth (password only, no TOTP).
164
+ // Local mode (127.0.0.1) has no auth it's your own machine.
165
+ if (isRemoteMode() || isLanMode()) {
167
166
  const url = new URL(req.url ?? '/', `http://${req.headers.host ?? 'localhost'}`);
168
167
  if (!isAuthExempt(url.pathname)) {
169
168
  const token = parseSessionCookie(req.headers.cookie);
package/dist/wizard/ui/lobby.js CHANGED
@@ -710,14 +710,14 @@
710
710
  const res = await fetch('/api/auth/session');
711
711
  const body = await res.json();
712
712
  const data = body.data || {};
713
- if (data.remoteMode && data.authenticated) {
713
+ if ((data.remoteMode || data.lanMode) && data.authenticated) {
714
714
  currentUser = { username: data.username || '', role: data.role || 'viewer' };
715
715
  const roleLabel = { admin: 'Admin', deployer: 'Deployer', viewer: 'Viewer' }[data.role] || '';
716
716
  authUser.textContent = data.username + (roleLabel ? ' (' + roleLabel + ')' : '');
717
717
  authUser.style.display = '';
718
718
  btnLogout.style.display = '';
719
719
  }
720
- if (data.remoteMode && !data.authenticated) {
720
+ if ((data.remoteMode || data.lanMode) && !data.authenticated) {
721
721
  window.location.href = '/login.html';
722
722
  }
723
723
  } catch { /* local mode — no auth needed */ }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "thevoidforge",
3
- "version": "21.0.8",
3
+ "version": "21.0.9",
4
4
  "description": "From nothing, everything. A methodology framework for building with Claude Code.",
5
5
  "type": "module",
6
6
  "engines": {