npm - vibora - Versions diffs - 1.0.7 → 1.0.9 - Mend

vibora 1.0.7 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -38,10 +38,7 @@ bunx vibora@latest status  # Check if running
 ## Configuration
-Settings are stored in `.vibora/settings.json`. The vibora directory is resolved in this order:
-1. `VIBORA_DIR` environment variable (explicit override)
-2. `.vibora` in current working directory (per-worktree isolation)
-3. `~/.vibora` (default)
+Settings are stored in `.vibora/settings.json`.
 | Setting | Env Var | Default |
 |---------|---------|---------|

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "vibora",
-  "version": "1.0.7",
+  "version": "1.0.9",
   "description": "The Vibe Engineer's Cockpit",
   "license": "PolyForm-Shield-1.0.0",
   "repository": {

package/server/index.js CHANGED Viewed

@@ -3682,14 +3682,17 @@ function updateNotificationSettings(updates) {
 // server/middleware/auth.ts
 var SESSION_COOKIE_NAME = "vibora_session";
-var PUBLIC_PATHS = ["/health", "/api/auth/login", "/api/auth/check"];
+var PUBLIC_API_PATHS = ["/health", "/api/auth/login", "/api/auth/check"];
 var sessionAuthMiddleware = createMiddleware(async (c, next) => {
   const settings = getSettings();
   if (!settings.basicAuthUsername || !settings.basicAuthPassword) {
     return next();
   }
   const path2 = c.req.path;
-  if (PUBLIC_PATHS.some((p) => path2 === p || path2.startsWith(p + "/"))) {
+  if (!path2.startsWith("/api/") && !path2.startsWith("/ws/")) {
+    return next();
+  }
+  if (PUBLIC_API_PATHS.some((p) => path2 === p || path2.startsWith(p + "/"))) {
     return next();
   }
   const secret = getSessionSecret();