punktfunk

unom/punktfunk

Fork 0

Commit Graph

Author	SHA1	Message	Date
enricobuehler	ba39b08e09	feat(web): consolidate paired devices, self-contained sections, docs + lint apple / swift (push) Successful in 1m6s Details ci / rust (push) Successful in 5m51s Details android / android (push) Successful in 6m21s Details ci / web (push) Successful in 49s Details ci / docs-site (push) Successful in 58s Details windows-host / package (push) Successful in 8m6s Details release / apple (push) Successful in 8m17s Details deb / build-publish (push) Successful in 3m26s Details decky / build-publish (push) Successful in 25s Details docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Successful in 5s Details ci / bench (push) Successful in 4m42s Details docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 30s Details docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 2m36s Details docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 2m17s Details rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Failing after 19s Details docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 51s Details apple / screenshots (push) Successful in 5m45s Details docker / deploy-docs (push) Successful in 22s Details rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Failing after 22s Details Web console - Pairing/Library/Stats refactored into self-contained subsections that each own their own queries + mutations; a shared slot-based layout (view.tsx) is filled by the live page (containers) and Storybook (pure cards + fixtures) so the layout can't drift. - All paired devices in one list on Pairing with a protocol column (punktfunk/1 + Moonlight), routing each unpair to the right endpoint; the redundant Clients page is removed. - Library: overview grid split from the add/edit form into separate files. - Login screen links out to the docs. Docs - "Console login password" section on every host page (apt/RPM/Bazzite/SteamOS/Windows) plus a new "Forgot your Password?" troubleshooting page, linked from the login screen. - Console served as HTTP/1.1 over TLS (drop the unusable HTTP/3 advertising) across the Bun entry, launchers, systemd units, and packaging. Tooling - Biome now respects .gitignore (stops linting generated code), config migrated to 2.5.1; all lint issues fixed cleanly. Also includes this branch's in-progress host, Apple client, packaging, and CI changes. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-30 19:05:22 +02:00
enricobuehler	803573b4ec	improve web ui	2026-06-26 05:43:34 +00:00
enricobuehler	9856c04b75	feat(web): login-gated BFF auth — sealed session cookie + server-side token injection ci / rust (push) Has been cancelled Details Single-user, LAN-reachable-but-gated. The web server is a backend-for-frontend: - Login: POST /_auth/login {password} checks PUNKTFUNK_UI_PASSWORD (constant-time) and sets a SEALED session cookie (h3 useSession / AES-GCM). server/middleware/auth.ts gates every request — pages 302 → /login, /api → 401 — and FAILS CLOSED (503) when PUNKTFUNK_UI_PASSWORD is unset, so a misconfigured LAN-exposed server admits no one. - The management API stays loopback-only + token (never LAN-exposed). The proxy (server/routes/api/[...].ts) injects PUNKTFUNK_MGMT_TOKEN server-side and drops the browser's cookie before forwarding — the token never reaches the browser, which only holds the session cookie. Nitro doesn't auto-scan a server/ dir, so the Nitro plugin gets an explicit scanDirs to pick up middleware + routes. Client: removed the localStorage token (server injects it); the fetcher bounces to /login on 401; new /login page (bare, no shell); Settings drops the token field and gains a Sign-out button; en/de strings. Validated live end to end: unauth /→302, /api→401; wrong pw→401; right pw→200+cookie; authed /api/v1/status→200 (proxied, mgmt token injected — the host required it); logout→ session cleared→401. tsc + build green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-10 18:43:14 +00:00

Author

SHA1

Message

Date

enricobuehler

ba39b08e09

feat(web): consolidate paired devices, self-contained sections, docs + lint

apple / swift (push) Successful in 1m6s

Details

ci / rust (push) Successful in 5m51s

Details

android / android (push) Successful in 6m21s

Details

ci / web (push) Successful in 49s

Details

ci / docs-site (push) Successful in 58s

Details

windows-host / package (push) Successful in 8m6s

Details

release / apple (push) Successful in 8m17s

Details

deb / build-publish (push) Successful in 3m26s

Details

decky / build-publish (push) Successful in 25s

Details

docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Successful in 5s

Details

ci / bench (push) Successful in 4m42s

Details

docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 30s

Details

docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 2m36s

Details

docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 2m17s

Details

rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Failing after 19s

Details

docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 51s

Details

apple / screenshots (push) Successful in 5m45s

Details

docker / deploy-docs (push) Successful in 22s

Details

rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Failing after 22s

Details

Web console
- Pairing/Library/Stats refactored into self-contained subsections that each own
  their own queries + mutations; a shared slot-based layout (view.tsx) is filled by
  the live page (containers) and Storybook (pure cards + fixtures) so the layout can't
  drift.
- All paired devices in one list on Pairing with a protocol column (punktfunk/1 +
  Moonlight), routing each unpair to the right endpoint; the redundant Clients page is
  removed.
- Library: overview grid split from the add/edit form into separate files.
- Login screen links out to the docs.

Docs
- "Console login password" section on every host page (apt/RPM/Bazzite/SteamOS/Windows)
  plus a new "Forgot your Password?" troubleshooting page, linked from the login screen.
- Console served as HTTP/1.1 over TLS (drop the unusable HTTP/3 advertising) across the
  Bun entry, launchers, systemd units, and packaging.

Tooling
- Biome now respects .gitignore (stops linting generated code), config migrated to
  2.5.1; all lint issues fixed cleanly.

Also includes this branch's in-progress host, Apple client, packaging, and CI changes.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-30 19:05:22 +02:00

enricobuehler

803573b4ec

improve web ui

2026-06-26 05:43:34 +00:00

enricobuehler

9856c04b75

feat(web): login-gated BFF auth — sealed session cookie + server-side token injection

ci / rust (push) Has been cancelled

Details

Single-user, LAN-reachable-but-gated. The web server is a backend-for-frontend:

- Login: POST /_auth/login {password} checks PUNKTFUNK_UI_PASSWORD (constant-time) and
  sets a SEALED session cookie (h3 useSession / AES-GCM). server/middleware/auth.ts gates
  every request — pages 302 → /login, /api → 401 — and FAILS CLOSED (503) when
  PUNKTFUNK_UI_PASSWORD is unset, so a misconfigured LAN-exposed server admits no one.
- The management API stays loopback-only + token (never LAN-exposed). The proxy
  (server/routes/api/[...].ts) injects PUNKTFUNK_MGMT_TOKEN server-side and drops the
  browser's cookie before forwarding — the token never reaches the browser, which only
  holds the session cookie.

Nitro doesn't auto-scan a server/ dir, so the Nitro plugin gets an explicit scanDirs to
pick up middleware + routes. Client: removed the localStorage token (server injects it);
the fetcher bounces to /login on 401; new /login page (bare, no shell); Settings drops the
token field and gains a Sign-out button; en/de strings.

Validated live end to end: unauth /→302, /api→401; wrong pw→401; right pw→200+cookie;
authed /api/v1/status→200 (proxied, mgmt token injected — the host required it); logout→
session cleared→401. tsc + build green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-10 18:43:14 +00:00

3 Commits