feat(web): consolidate paired devices, self-contained sections, docs + lint
Web console - Pairing/Library/Stats refactored into self-contained subsections that each own their own queries + mutations; a shared slot-based layout (view.tsx) is filled by the live page (containers) and Storybook (pure cards + fixtures) so the layout can't drift. - All paired devices in one list on Pairing with a protocol column (punktfunk/1 + Moonlight), routing each unpair to the right endpoint; the redundant Clients page is removed. - Library: overview grid split from the add/edit form into separate files. - Login screen links out to the docs. Docs - "Console login password" section on every host page (apt/RPM/Bazzite/SteamOS/Windows) plus a new "Forgot your Password?" troubleshooting page, linked from the login screen. - Console served as HTTP/1.1 over TLS (drop the unusable HTTP/3 advertising) across the Bun entry, launchers, systemd units, and packaging. Tooling - Biome now respects .gitignore (stops linting generated code), config migrated to 2.5.1; all lint issues fixed cleanly. Also includes this branch's in-progress host, Apple client, packaging, and CI changes. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -11,9 +11,9 @@ import {
|
||||
} from "h3";
|
||||
import {
|
||||
isPublicPath,
|
||||
type SessionData,
|
||||
sessionConfig,
|
||||
uiPassword,
|
||||
type SessionData,
|
||||
} from "../util/auth";
|
||||
|
||||
export default defineEventHandler(async (event) => {
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
// POST /_auth/login {password} — verify the shared password (constant-time), then seal an
|
||||
// authenticated session cookie. Public (allowlisted in the gate) so an unauthenticated user
|
||||
// can actually log in.
|
||||
import { defineEventHandler, readBody, createError, useSession } from "h3";
|
||||
import { createError, defineEventHandler, readBody, useSession } from "h3";
|
||||
import {
|
||||
type SessionData,
|
||||
sessionConfig,
|
||||
timingSafeEqual,
|
||||
uiPassword,
|
||||
type SessionData,
|
||||
} from "../../util/auth";
|
||||
|
||||
export default defineEventHandler(async (event) => {
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
// POST /_auth/logout — clear the session cookie.
|
||||
import { defineEventHandler, useSession } from "h3";
|
||||
import { sessionConfig, type SessionData } from "../../util/auth";
|
||||
import { type SessionData, sessionConfig } from "../../util/auth";
|
||||
|
||||
export default defineEventHandler(async (event) => {
|
||||
const session = await useSession<SessionData>(event, sessionConfig());
|
||||
|
||||
@@ -87,7 +87,7 @@ export function isPublicPath(pathname: string): boolean {
|
||||
/** Validate a post-login redirect target: a same-origin path only. Rejects protocol-
|
||||
* relative (`//evil.com`) and absolute URLs to prevent an open redirect. */
|
||||
export function safeNextPath(next: string | undefined): string {
|
||||
if (!next || !next.startsWith("/") || next.startsWith("//")) return "/";
|
||||
if (!next?.startsWith("/") || next.startsWith("//")) return "/";
|
||||
return next;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user