mirror of
https://github.com/sipeed/picoclaw.git
synced 2026-06-12 18:08:54 +00:00
sky5454
06023c79fa
* feat(launcher): replace token-in-logs auth with standard HTTP login flow
## Problem
Previously users had to find the one-time token from console logs or
log files to access the dashboard - a non-standard, error-prone workflow
with no clear path for changing credentials.
## Solution: standard HTTP API login with bcrypt-backed password store
### Auth flow (new)
1. First run: browser opens, session guard detects uninitialized state,
redirects to /launcher-setup
2. User sets a password (min 8 chars) via POST /api/auth/setup {password, confirm},
bcrypt(cost=12) hash stored in ~/.picoclaw/launcher-auth.db (SQLite)
3. Subsequent logins: POST /api/auth/login {password}, HttpOnly cookie
picoclaw_launcher_auth (HMAC-SHA256 signed, 7-day expiry)
4. 401 on any API call, frontend redirects to /launcher-login
5. Logout: POST /api/auth/logout, cookie cleared, redirect to login
### Backend changes
- web/backend/api/auth.go: renamed Token to Password; added handleSetup;
launcherAuthStatusResponse now includes Initialized bool; PasswordStore
interface wires bcrypt store into handlers
- web/backend/dashboardauth/: new package - Store with New(dir) / Open(path);
SetPassword (bcrypt cost=12), VerifyPassword, IsInitialized
- sql.go: all DB-layer constants (DBFilename, sqliteDriver, bcryptCost,
four SQL query strings) - compile-time constants, zero runtime overhead
- web/backend/middleware/launcher_dashboard_auth.go: /launcher-setup and
/api/auth/setup added to public paths
- web/backend/main.go:
- dashboardauth.New(picoHome) replaces manual path construction
- maskSecret(): suffix only revealed when >=5 chars hidden (length >= 12),
preventing 8-char minimum passwords from leaking their tail
- web/backend/main_test.go: TestMaskSecret updated with boundary cases
### Forward-compatibility: pkg/credential integration
If the dashboard password is later reused as the enc:// passphrase,
the bcrypt hash in launcher-auth.db becomes an offline oracle.
Recommended mitigation (not yet implemented): derive two independent
subkeys via HKDF before use:
bcrypt(HKDF(password, info="picoclaw-dashboard-login-v1")) stored in DB
HKDF(password, info="picoclaw-credential-enc-v1") passed to PassphraseProvider
This isolates the two domains: cracking the bcrypt hash yields only the
login subkey, which is computationally independent of the enc:// subkey.
* fix(auth): replace wastedassign ok := false with var ok bool
* refactor(tray): remove copy-token clipboard feature
Dashboard login now uses standard web auth (bcrypt + session cookie).
The system tray 'Copy dashboard token' menu item is no longer needed.
- Delete tray_offers_copy.go and tray_offers_copy_stub.go
- Remove mCopyTok menu item and clipboard handler from systray.go
- Remove launcherDashboardTokenForClipboard var from main.go
- Remove MenuCopyToken/MenuCopyTokenHint keys from i18n.go
* feat(launcher-ui): standard HTTP login/setup/logout flow for dashboard
Replaces the previous "find token in logs" workflow with a proper
browser-based authentication UI backed by the new /api/auth/* endpoints.
### New pages
- /launcher-setup: first-run password initialization form (password +
confirm, min 8 chars); calls POST /api/auth/setup; redirects to login
on success
- /launcher-login: standard password login form; calls POST /api/auth/login;
sets HttpOnly session cookie on success
### Session guard (src/routes/__root.tsx)
A useEffect on every non-auth page load calls GET /api/auth/status:
- initialized=false -> redirect to /launcher-setup
- authenticated=false -> redirect to /launcher-login
This ensures the setup/login UI is shown even when the ?token= URL
mechanism auto-logs in (first-run case).
### Logout button (src/components/app-header.tsx)
IconLogout button added to the header with a confirm AlertDialog;
calls POST /api/auth/logout then redirects to /launcher-login.
### API layer
- src/api/launcher-auth.ts: LauncherAuthStatus gains initialized bool;
postLauncherDashboardSetup() added; LauncherAuthTokenHelp removed
- src/api/http.ts: 401 guard uses isLauncherAuthPathname() (covers both
/launcher-login and /launcher-setup) to prevent redirect loops
- src/lib/launcher-login-path.ts: isLauncherSetupPathname() and
isLauncherAuthPathname() added
### Routing
- src/routeTree.gen.ts: /launcher-setup route registered throughout
- src/routes/launcher-login.tsx: tokenHelp UI removed; useEffect added
to redirect to setup when initialized=false
### i18n
- en.json / zh.json: launcherSetup block added; launcherLogin keys
updated to use passwordLabel/passwordPlaceholder
* fix(lint): ts lint fixed 1
* fix(auth): detail auth error handle
* fix(login): frontend web auth error handle
* fix(frontend): auth error handler 5xx
364 lines
10 KiB
TypeScript
364 lines
10 KiB
TypeScript
/* eslint-disable */
|
|
|
|
// @ts-nocheck
|
|
|
|
// noinspection JSUnusedGlobalSymbols
|
|
|
|
// This file was automatically generated by TanStack Router.
|
|
// You should NOT make any changes in this file as it will be overwritten.
|
|
// Additionally, you should also exclude this file from your linter and/or formatter to prevent it from being checked or modified.
|
|
|
|
import { Route as rootRouteImport } from './routes/__root'
|
|
import { Route as ModelsRouteImport } from './routes/models'
|
|
import { Route as LogsRouteImport } from './routes/logs'
|
|
import { Route as LauncherSetupRouteImport } from './routes/launcher-setup'
|
|
import { Route as LauncherLoginRouteImport } from './routes/launcher-login'
|
|
import { Route as CredentialsRouteImport } from './routes/credentials'
|
|
import { Route as ConfigRouteImport } from './routes/config'
|
|
import { Route as AgentRouteImport } from './routes/agent'
|
|
import { Route as ChannelsRouteRouteImport } from './routes/channels/route'
|
|
import { Route as IndexRouteImport } from './routes/index'
|
|
import { Route as ConfigRawRouteImport } from './routes/config.raw'
|
|
import { Route as ChannelsNameRouteImport } from './routes/channels/$name'
|
|
import { Route as AgentToolsRouteImport } from './routes/agent/tools'
|
|
import { Route as AgentSkillsRouteImport } from './routes/agent/skills'
|
|
import { Route as AgentHubRouteImport } from './routes/agent/hub'
|
|
|
|
const ModelsRoute = ModelsRouteImport.update({
|
|
id: '/models',
|
|
path: '/models',
|
|
getParentRoute: () => rootRouteImport,
|
|
} as any)
|
|
const LogsRoute = LogsRouteImport.update({
|
|
id: '/logs',
|
|
path: '/logs',
|
|
getParentRoute: () => rootRouteImport,
|
|
} as any)
|
|
const LauncherSetupRoute = LauncherSetupRouteImport.update({
|
|
id: '/launcher-setup',
|
|
path: '/launcher-setup',
|
|
getParentRoute: () => rootRouteImport,
|
|
} as any)
|
|
const LauncherLoginRoute = LauncherLoginRouteImport.update({
|
|
id: '/launcher-login',
|
|
path: '/launcher-login',
|
|
getParentRoute: () => rootRouteImport,
|
|
} as any)
|
|
const CredentialsRoute = CredentialsRouteImport.update({
|
|
id: '/credentials',
|
|
path: '/credentials',
|
|
getParentRoute: () => rootRouteImport,
|
|
} as any)
|
|
const ConfigRoute = ConfigRouteImport.update({
|
|
id: '/config',
|
|
path: '/config',
|
|
getParentRoute: () => rootRouteImport,
|
|
} as any)
|
|
const AgentRoute = AgentRouteImport.update({
|
|
id: '/agent',
|
|
path: '/agent',
|
|
getParentRoute: () => rootRouteImport,
|
|
} as any)
|
|
const ChannelsRouteRoute = ChannelsRouteRouteImport.update({
|
|
id: '/channels',
|
|
path: '/channels',
|
|
getParentRoute: () => rootRouteImport,
|
|
} as any)
|
|
const IndexRoute = IndexRouteImport.update({
|
|
id: '/',
|
|
path: '/',
|
|
getParentRoute: () => rootRouteImport,
|
|
} as any)
|
|
const ConfigRawRoute = ConfigRawRouteImport.update({
|
|
id: '/raw',
|
|
path: '/raw',
|
|
getParentRoute: () => ConfigRoute,
|
|
} as any)
|
|
const ChannelsNameRoute = ChannelsNameRouteImport.update({
|
|
id: '/$name',
|
|
path: '/$name',
|
|
getParentRoute: () => ChannelsRouteRoute,
|
|
} as any)
|
|
const AgentToolsRoute = AgentToolsRouteImport.update({
|
|
id: '/tools',
|
|
path: '/tools',
|
|
getParentRoute: () => AgentRoute,
|
|
} as any)
|
|
const AgentSkillsRoute = AgentSkillsRouteImport.update({
|
|
id: '/skills',
|
|
path: '/skills',
|
|
getParentRoute: () => AgentRoute,
|
|
} as any)
|
|
const AgentHubRoute = AgentHubRouteImport.update({
|
|
id: '/hub',
|
|
path: '/hub',
|
|
getParentRoute: () => AgentRoute,
|
|
} as any)
|
|
|
|
export interface FileRoutesByFullPath {
|
|
'/': typeof IndexRoute
|
|
'/channels': typeof ChannelsRouteRouteWithChildren
|
|
'/agent': typeof AgentRouteWithChildren
|
|
'/config': typeof ConfigRouteWithChildren
|
|
'/credentials': typeof CredentialsRoute
|
|
'/launcher-login': typeof LauncherLoginRoute
|
|
'/launcher-setup': typeof LauncherSetupRoute
|
|
'/logs': typeof LogsRoute
|
|
'/models': typeof ModelsRoute
|
|
'/agent/hub': typeof AgentHubRoute
|
|
'/agent/skills': typeof AgentSkillsRoute
|
|
'/agent/tools': typeof AgentToolsRoute
|
|
'/channels/$name': typeof ChannelsNameRoute
|
|
'/config/raw': typeof ConfigRawRoute
|
|
}
|
|
export interface FileRoutesByTo {
|
|
'/': typeof IndexRoute
|
|
'/channels': typeof ChannelsRouteRouteWithChildren
|
|
'/agent': typeof AgentRouteWithChildren
|
|
'/config': typeof ConfigRouteWithChildren
|
|
'/credentials': typeof CredentialsRoute
|
|
'/launcher-login': typeof LauncherLoginRoute
|
|
'/launcher-setup': typeof LauncherSetupRoute
|
|
'/logs': typeof LogsRoute
|
|
'/models': typeof ModelsRoute
|
|
'/agent/hub': typeof AgentHubRoute
|
|
'/agent/skills': typeof AgentSkillsRoute
|
|
'/agent/tools': typeof AgentToolsRoute
|
|
'/channels/$name': typeof ChannelsNameRoute
|
|
'/config/raw': typeof ConfigRawRoute
|
|
}
|
|
export interface FileRoutesById {
|
|
__root__: typeof rootRouteImport
|
|
'/': typeof IndexRoute
|
|
'/channels': typeof ChannelsRouteRouteWithChildren
|
|
'/agent': typeof AgentRouteWithChildren
|
|
'/config': typeof ConfigRouteWithChildren
|
|
'/credentials': typeof CredentialsRoute
|
|
'/launcher-login': typeof LauncherLoginRoute
|
|
'/launcher-setup': typeof LauncherSetupRoute
|
|
'/logs': typeof LogsRoute
|
|
'/models': typeof ModelsRoute
|
|
'/agent/hub': typeof AgentHubRoute
|
|
'/agent/skills': typeof AgentSkillsRoute
|
|
'/agent/tools': typeof AgentToolsRoute
|
|
'/channels/$name': typeof ChannelsNameRoute
|
|
'/config/raw': typeof ConfigRawRoute
|
|
}
|
|
export interface FileRouteTypes {
|
|
fileRoutesByFullPath: FileRoutesByFullPath
|
|
fullPaths:
|
|
| '/'
|
|
| '/channels'
|
|
| '/agent'
|
|
| '/config'
|
|
| '/credentials'
|
|
| '/launcher-login'
|
|
| '/launcher-setup'
|
|
| '/logs'
|
|
| '/models'
|
|
| '/agent/hub'
|
|
| '/agent/skills'
|
|
| '/agent/tools'
|
|
| '/channels/$name'
|
|
| '/config/raw'
|
|
fileRoutesByTo: FileRoutesByTo
|
|
to:
|
|
| '/'
|
|
| '/channels'
|
|
| '/agent'
|
|
| '/config'
|
|
| '/credentials'
|
|
| '/launcher-login'
|
|
| '/launcher-setup'
|
|
| '/logs'
|
|
| '/models'
|
|
| '/agent/hub'
|
|
| '/agent/skills'
|
|
| '/agent/tools'
|
|
| '/channels/$name'
|
|
| '/config/raw'
|
|
id:
|
|
| '__root__'
|
|
| '/'
|
|
| '/channels'
|
|
| '/agent'
|
|
| '/config'
|
|
| '/credentials'
|
|
| '/launcher-login'
|
|
| '/launcher-setup'
|
|
| '/logs'
|
|
| '/models'
|
|
| '/agent/hub'
|
|
| '/agent/skills'
|
|
| '/agent/tools'
|
|
| '/channels/$name'
|
|
| '/config/raw'
|
|
fileRoutesById: FileRoutesById
|
|
}
|
|
export interface RootRouteChildren {
|
|
IndexRoute: typeof IndexRoute
|
|
ChannelsRouteRoute: typeof ChannelsRouteRouteWithChildren
|
|
AgentRoute: typeof AgentRouteWithChildren
|
|
ConfigRoute: typeof ConfigRouteWithChildren
|
|
CredentialsRoute: typeof CredentialsRoute
|
|
LauncherLoginRoute: typeof LauncherLoginRoute
|
|
LauncherSetupRoute: typeof LauncherSetupRoute
|
|
LogsRoute: typeof LogsRoute
|
|
ModelsRoute: typeof ModelsRoute
|
|
}
|
|
|
|
declare module '@tanstack/react-router' {
|
|
interface FileRoutesByPath {
|
|
'/models': {
|
|
id: '/models'
|
|
path: '/models'
|
|
fullPath: '/models'
|
|
preLoaderRoute: typeof ModelsRouteImport
|
|
parentRoute: typeof rootRouteImport
|
|
}
|
|
'/logs': {
|
|
id: '/logs'
|
|
path: '/logs'
|
|
fullPath: '/logs'
|
|
preLoaderRoute: typeof LogsRouteImport
|
|
parentRoute: typeof rootRouteImport
|
|
}
|
|
'/launcher-setup': {
|
|
id: '/launcher-setup'
|
|
path: '/launcher-setup'
|
|
fullPath: '/launcher-setup'
|
|
preLoaderRoute: typeof LauncherSetupRouteImport
|
|
parentRoute: typeof rootRouteImport
|
|
}
|
|
'/launcher-login': {
|
|
id: '/launcher-login'
|
|
path: '/launcher-login'
|
|
fullPath: '/launcher-login'
|
|
preLoaderRoute: typeof LauncherLoginRouteImport
|
|
parentRoute: typeof rootRouteImport
|
|
}
|
|
'/credentials': {
|
|
id: '/credentials'
|
|
path: '/credentials'
|
|
fullPath: '/credentials'
|
|
preLoaderRoute: typeof CredentialsRouteImport
|
|
parentRoute: typeof rootRouteImport
|
|
}
|
|
'/config': {
|
|
id: '/config'
|
|
path: '/config'
|
|
fullPath: '/config'
|
|
preLoaderRoute: typeof ConfigRouteImport
|
|
parentRoute: typeof rootRouteImport
|
|
}
|
|
'/agent': {
|
|
id: '/agent'
|
|
path: '/agent'
|
|
fullPath: '/agent'
|
|
preLoaderRoute: typeof AgentRouteImport
|
|
parentRoute: typeof rootRouteImport
|
|
}
|
|
'/channels': {
|
|
id: '/channels'
|
|
path: '/channels'
|
|
fullPath: '/channels'
|
|
preLoaderRoute: typeof ChannelsRouteRouteImport
|
|
parentRoute: typeof rootRouteImport
|
|
}
|
|
'/': {
|
|
id: '/'
|
|
path: '/'
|
|
fullPath: '/'
|
|
preLoaderRoute: typeof IndexRouteImport
|
|
parentRoute: typeof rootRouteImport
|
|
}
|
|
'/config/raw': {
|
|
id: '/config/raw'
|
|
path: '/raw'
|
|
fullPath: '/config/raw'
|
|
preLoaderRoute: typeof ConfigRawRouteImport
|
|
parentRoute: typeof ConfigRoute
|
|
}
|
|
'/channels/$name': {
|
|
id: '/channels/$name'
|
|
path: '/$name'
|
|
fullPath: '/channels/$name'
|
|
preLoaderRoute: typeof ChannelsNameRouteImport
|
|
parentRoute: typeof ChannelsRouteRoute
|
|
}
|
|
'/agent/tools': {
|
|
id: '/agent/tools'
|
|
path: '/tools'
|
|
fullPath: '/agent/tools'
|
|
preLoaderRoute: typeof AgentToolsRouteImport
|
|
parentRoute: typeof AgentRoute
|
|
}
|
|
'/agent/skills': {
|
|
id: '/agent/skills'
|
|
path: '/skills'
|
|
fullPath: '/agent/skills'
|
|
preLoaderRoute: typeof AgentSkillsRouteImport
|
|
parentRoute: typeof AgentRoute
|
|
}
|
|
'/agent/hub': {
|
|
id: '/agent/hub'
|
|
path: '/hub'
|
|
fullPath: '/agent/hub'
|
|
preLoaderRoute: typeof AgentHubRouteImport
|
|
parentRoute: typeof AgentRoute
|
|
}
|
|
}
|
|
}
|
|
|
|
interface ChannelsRouteRouteChildren {
|
|
ChannelsNameRoute: typeof ChannelsNameRoute
|
|
}
|
|
|
|
const ChannelsRouteRouteChildren: ChannelsRouteRouteChildren = {
|
|
ChannelsNameRoute: ChannelsNameRoute,
|
|
}
|
|
|
|
const ChannelsRouteRouteWithChildren = ChannelsRouteRoute._addFileChildren(
|
|
ChannelsRouteRouteChildren,
|
|
)
|
|
|
|
interface AgentRouteChildren {
|
|
AgentHubRoute: typeof AgentHubRoute
|
|
AgentSkillsRoute: typeof AgentSkillsRoute
|
|
AgentToolsRoute: typeof AgentToolsRoute
|
|
}
|
|
|
|
const AgentRouteChildren: AgentRouteChildren = {
|
|
AgentHubRoute: AgentHubRoute,
|
|
AgentSkillsRoute: AgentSkillsRoute,
|
|
AgentToolsRoute: AgentToolsRoute,
|
|
}
|
|
|
|
const AgentRouteWithChildren = AgentRoute._addFileChildren(AgentRouteChildren)
|
|
|
|
interface ConfigRouteChildren {
|
|
ConfigRawRoute: typeof ConfigRawRoute
|
|
}
|
|
|
|
const ConfigRouteChildren: ConfigRouteChildren = {
|
|
ConfigRawRoute: ConfigRawRoute,
|
|
}
|
|
|
|
const ConfigRouteWithChildren =
|
|
ConfigRoute._addFileChildren(ConfigRouteChildren)
|
|
|
|
const rootRouteChildren: RootRouteChildren = {
|
|
IndexRoute: IndexRoute,
|
|
ChannelsRouteRoute: ChannelsRouteRouteWithChildren,
|
|
AgentRoute: AgentRouteWithChildren,
|
|
ConfigRoute: ConfigRouteWithChildren,
|
|
CredentialsRoute: CredentialsRoute,
|
|
LauncherLoginRoute: LauncherLoginRoute,
|
|
LauncherSetupRoute: LauncherSetupRoute,
|
|
LogsRoute: LogsRoute,
|
|
ModelsRoute: ModelsRoute,
|
|
}
|
|
export const routeTree = rootRouteImport
|
|
._addFileChildren(rootRouteChildren)
|
|
._addFileTypes<FileRouteTypes>()
|