punktfunk

unom/punktfunk

Fork 0

Commit Graph

Author	SHA1	Message	Date
enricobuehler	df005e2963	feat(packaging/web): bundle the web console into the apt install (punktfunk-web) android / android (push) Failing after 22s Details deb / build-publish (push) Failing after 0s Details decky / build-publish (push) Failing after 0s Details docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Failing after 1s Details docker / build-push (., web/Dockerfile, punktfunk-web) (push) Failing after 0s Details docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Failing after 1s Details docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Failing after 0s Details docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Failing after 0s Details flatpak / build-publish (push) Failing after 1s Details docker / deploy-docs (push) Has been skipped Details rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Failing after 0s Details rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Failing after 0s Details apple / swift (push) Successful in 53s Details ci / web (push) Successful in 28s Details ci / docs-site (push) Successful in 34s Details ci / bench (push) Successful in 1m32s Details ci / rust (push) Failing after 53s Details Every user needs the console for pairing, so ship it via apt, auto-wired to the host — no manual bun/env setup. New punktfunk-web .deb (Architecture: all, Depends: nodejs >= 20 — runs the node-server build under apt-native node, no bundled bun): - packaging/debian/build-web-deb.sh: stages web/.output (server + public) + a /usr/bin/punktfunk-web-server wrapper (node) + the systemd --user units + the web.env template + docs. Refuses a bun bundle (Bun.serve) as a wrong-preset guard. - scripts/punktfunk-web.service: --user unit on :3000, EnvironmentFile sources the host's ~/.config/punktfunk/mgmt-token (the shared bearer) + the generated web-password; sets PUNKTFUNK_MGMT_URL=https://127.0.0.1:47990 + NODE_TLS_REJECT_UNAUTHORIZED=0 (loopback self-signed cert). Restart=on-failure rides out the host-writes-token-first ordering. - scripts/punktfunk-web-init.service + web-init.sh: --user one-shot that generates the login password (a .deb postinst runs as root → wrong $HOME) and surfaces it to the journal. - build-deb.sh: punktfunk-host now Recommends punktfunk-web (apt pulls it by default; headless boxes opt out with --no-install-recommends). - deb.yml: build the web console + smoke-boot it under node (gate the .deb on a real /login 200) + build-web-deb.sh; the publish loop globs it automatically. - web/{.env.example,web.env.example}: document the auto-wiring vs a manual deploy. End state: `apt install punktfunk-host` pulls punktfunk-web; enable both --user services; the console logs in (password from the journal) and proxies the host's HTTPS mgmt API with the shared token — zero hand-edited env. Local .deb build + node smoke-boot verified. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-15 08:50:40 +00:00
enricobuehler	95c4058582	fix(web): default mgmt proxy to the HTTPS self-signed mgmt API apple / swift (push) Successful in 54s Details android / android (push) Failing after 54s Details ci / web (push) Successful in 38s Details ci / docs-site (push) Successful in 34s Details ci / rust (push) Failing after 2m30s Details ci / bench (push) Failing after 1m15s Details decky / build-publish (push) Failing after 4s Details docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Failing after 0s Details docker / build-push (., web/Dockerfile, punktfunk-web) (push) Failing after 1s Details docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Failing after 0s Details docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Failing after 1s Details docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Failing after 0s Details docker / deploy-docs (push) Has been skipped Details flatpak / build-publish (push) Failing after 0s Details rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Failing after 1s Details rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Failing after 0s Details deb / build-publish (push) Successful in 3m22s Details The mgmt API serves HTTPS with the host's self-signed identity cert and requires mTLS-or-bearer auth (the mTLS work), but the web console's proxy still defaulted to `http://127.0.0.1:47990` — so a deployment copying .env.example got a plain-HTTP request to an HTTPS port (→ 502 Bad Gateway, observed live on the Bazzite box). - .env.example + server/util/auth.ts + vite.config.ts: default PUNKTFUNK_MGMT_URL to https://127.0.0.1:47990. - vite dev proxy: `secure: false` (the host cert is self-signed). - Document that the deployment needs PUNKTFUNK_MGMT_TOKEN (matching the host's) and NODE_TLS_REJECT_UNAUTHORIZED=0 — the web server's only outbound TLS is the loopback hop to the host's own self-signed cert, so disabling verify there is scoped + safe. The running Bazzite box is already fixed live (web.env → https + token + cert-skip, verified: login 200, /api/v1/status 200). This makes fresh deployments correct. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-15 07:50:41 +00:00
enricobuehler	9856c04b75	feat(web): login-gated BFF auth — sealed session cookie + server-side token injection ci / rust (push) Has been cancelled Details Single-user, LAN-reachable-but-gated. The web server is a backend-for-frontend: - Login: POST /_auth/login {password} checks PUNKTFUNK_UI_PASSWORD (constant-time) and sets a SEALED session cookie (h3 useSession / AES-GCM). server/middleware/auth.ts gates every request — pages 302 → /login, /api → 401 — and FAILS CLOSED (503) when PUNKTFUNK_UI_PASSWORD is unset, so a misconfigured LAN-exposed server admits no one. - The management API stays loopback-only + token (never LAN-exposed). The proxy (server/routes/api/[...].ts) injects PUNKTFUNK_MGMT_TOKEN server-side and drops the browser's cookie before forwarding — the token never reaches the browser, which only holds the session cookie. Nitro doesn't auto-scan a server/ dir, so the Nitro plugin gets an explicit scanDirs to pick up middleware + routes. Client: removed the localStorage token (server injects it); the fetcher bounces to /login on 401; new /login page (bare, no shell); Settings drops the token field and gains a Sign-out button; en/de strings. Validated live end to end: unauth /→302, /api→401; wrong pw→401; right pw→200+cookie; authed /api/v1/status→200 (proxied, mgmt token injected — the host required it); logout→ session cleared→401. tsc + build green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-10 18:43:14 +00:00

Author

SHA1

Message

Date

enricobuehler

df005e2963

feat(packaging/web): bundle the web console into the apt install (punktfunk-web)

android / android (push) Failing after 22s

Details

deb / build-publish (push) Failing after 0s

Details

decky / build-publish (push) Failing after 0s

Details

docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Failing after 1s

Details

docker / build-push (., web/Dockerfile, punktfunk-web) (push) Failing after 0s

Details

docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Failing after 1s

Details

docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Failing after 0s

Details

docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Failing after 0s

Details

flatpak / build-publish (push) Failing after 1s

Details

docker / deploy-docs (push) Has been skipped

Details

rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Failing after 0s

Details

rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Failing after 0s

Details

apple / swift (push) Successful in 53s

Details

ci / web (push) Successful in 28s

Details

ci / docs-site (push) Successful in 34s

Details

ci / bench (push) Successful in 1m32s

Details

ci / rust (push) Failing after 53s

Details

Every user needs the console for pairing, so ship it via apt, auto-wired to the
host — no manual bun/env setup. New punktfunk-web .deb (Architecture: all,
Depends: nodejs >= 20 — runs the node-server build under apt-native node, no
bundled bun):

- packaging/debian/build-web-deb.sh: stages web/.output (server + public) + a
  /usr/bin/punktfunk-web-server wrapper (node) + the systemd --user units + the
  web.env template + docs. Refuses a bun bundle (Bun.serve) as a wrong-preset guard.
- scripts/punktfunk-web.service: --user unit on :3000, EnvironmentFile sources the
  host's ~/.config/punktfunk/mgmt-token (the shared bearer) + the generated
  web-password; sets PUNKTFUNK_MGMT_URL=https://127.0.0.1:47990 +
  NODE_TLS_REJECT_UNAUTHORIZED=0 (loopback self-signed cert). Restart=on-failure
  rides out the host-writes-token-first ordering.
- scripts/punktfunk-web-init.service + web-init.sh: --user one-shot that generates
  the login password (a .deb postinst runs as root → wrong $HOME) and surfaces it
  to the journal.
- build-deb.sh: punktfunk-host now Recommends punktfunk-web (apt pulls it by
  default; headless boxes opt out with --no-install-recommends).
- deb.yml: build the web console + smoke-boot it under node (gate the .deb on a
  real /login 200) + build-web-deb.sh; the publish loop globs it automatically.
- web/{.env.example,web.env.example}: document the auto-wiring vs a manual deploy.

End state: `apt install punktfunk-host` pulls punktfunk-web; enable both --user
services; the console logs in (password from the journal) and proxies the host's
HTTPS mgmt API with the shared token — zero hand-edited env. Local .deb build +
node smoke-boot verified.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-15 08:50:40 +00:00

enricobuehler

95c4058582

fix(web): default mgmt proxy to the HTTPS self-signed mgmt API

apple / swift (push) Successful in 54s

Details

android / android (push) Failing after 54s

Details

ci / web (push) Successful in 38s

Details

ci / docs-site (push) Successful in 34s

Details

ci / rust (push) Failing after 2m30s

Details

ci / bench (push) Failing after 1m15s

Details

decky / build-publish (push) Failing after 4s

Details

docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Failing after 0s

Details

docker / build-push (., web/Dockerfile, punktfunk-web) (push) Failing after 1s

Details

docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Failing after 0s

Details

docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Failing after 1s

Details

docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Failing after 0s

Details

docker / deploy-docs (push) Has been skipped

Details

flatpak / build-publish (push) Failing after 0s

Details

rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Failing after 1s

Details

rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Failing after 0s

Details

deb / build-publish (push) Successful in 3m22s

Details

The mgmt API serves HTTPS with the host's self-signed identity cert and requires
mTLS-or-bearer auth (the mTLS work), but the web console's proxy still defaulted to
`http://127.0.0.1:47990` — so a deployment copying .env.example got a plain-HTTP
request to an HTTPS port (→ 502 Bad Gateway, observed live on the Bazzite box).

- .env.example + server/util/auth.ts + vite.config.ts: default PUNKTFUNK_MGMT_URL to
  https://127.0.0.1:47990.
- vite dev proxy: `secure: false` (the host cert is self-signed).
- Document that the deployment needs PUNKTFUNK_MGMT_TOKEN (matching the host's) and
  NODE_TLS_REJECT_UNAUTHORIZED=0 — the web server's only outbound TLS is the loopback
  hop to the host's own self-signed cert, so disabling verify there is scoped + safe.

The running Bazzite box is already fixed live (web.env → https + token + cert-skip,
verified: login 200, /api/v1/status 200). This makes fresh deployments correct.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-15 07:50:41 +00:00

enricobuehler

9856c04b75

feat(web): login-gated BFF auth — sealed session cookie + server-side token injection

ci / rust (push) Has been cancelled

Details

Single-user, LAN-reachable-but-gated. The web server is a backend-for-frontend:

- Login: POST /_auth/login {password} checks PUNKTFUNK_UI_PASSWORD (constant-time) and
  sets a SEALED session cookie (h3 useSession / AES-GCM). server/middleware/auth.ts gates
  every request — pages 302 → /login, /api → 401 — and FAILS CLOSED (503) when
  PUNKTFUNK_UI_PASSWORD is unset, so a misconfigured LAN-exposed server admits no one.
- The management API stays loopback-only + token (never LAN-exposed). The proxy
  (server/routes/api/[...].ts) injects PUNKTFUNK_MGMT_TOKEN server-side and drops the
  browser's cookie before forwarding — the token never reaches the browser, which only
  holds the session cookie.

Nitro doesn't auto-scan a server/ dir, so the Nitro plugin gets an explicit scanDirs to
pick up middleware + routes. Client: removed the localStorage token (server injects it);
the fetcher bounces to /login on 401; new /login page (bare, no shell); Settings drops the
token field and gains a Sign-out button; en/de strings.

Validated live end to end: unauth /→302, /api→401; wrong pw→401; right pw→200+cookie;
authed /api/v1/status→200 (proxied, mgmt token injected — the host required it); logout→
session cleared→401. tsc + build green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-10 18:43:14 +00:00

3 Commits