bda5556d37
Remediates the two web-console residuals from the 2026-07-05 posture audit: - Brute-force throttle (loginThrottle.ts): per-IP exponential backoff after 5 free attempts, plus a global floor for spread-out floods, keyed on the socket peer IP (not spoofable X-Forwarded-For) with a size-capped map. The constant-time compare already stopped the timing leak; this bounds guess *volume* against a by-design LAN-exposed console. - Session seal key now derives from the high-entropy mgmt token instead of the low-entropy login password, so a captured cookie is no longer an offline password oracle. Falls back to the password only when no token is configured (dev/local). Rotating the token now invalidates sessions. - Replace the process-wide NODE_TLS_REJECT_UNAUTHORIZED=0 with per-request Bun TLS scoped to the loopback proxy hop; a non-loopback mgmt URL now verifies normally. Dropped the env var from the systemd unit, Steam Deck installer, Windows run scripts, env examples, and web README. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
56 lines
2.8 KiB
Batchfile
56 lines
2.8 KiB
Batchfile
@echo off
|
|
rem punktfunk web console launcher - DEV layout (in-repo tree). The PunktfunkWeb scheduled task
|
|
rem (boot trigger, SYSTEM, restart-on-failure) runs this at startup. It sources the host's mgmt bearer
|
|
rem token + the console login password from %ProgramData%\punktfunk\, points the /api proxy at the
|
|
rem host's loopback HTTPS mgmt API, and serves the self-contained (no-node_modules) Nitro console over
|
|
rem HTTPS (HTTP/1.1 over TLS) on :47992 with the host's identity cert. %~dp0 = <repo>\web\ .
|
|
rem
|
|
rem DEV vs the installed launcher (scripts\windows\web-run.cmd): the dev host service runs from
|
|
rem target\release (not the installed {app} tree), so this runs the in-repo web\.output. The console
|
|
rem now runs on bun (the Nitro `bun` preset + Bun.serve TLS entry), so set BUN
|
|
rem below to your bun.exe. Rebuild after a web change with `bun run build` in web\ ; no edit needed.
|
|
setlocal EnableExtensions
|
|
|
|
set "PFDATA=%ProgramData%\punktfunk"
|
|
set "TOKENFILE=%PFDATA%\mgmt-token"
|
|
set "PWFILE=%PFDATA%\web-password"
|
|
set "CERTFILE=%PFDATA%\cert.pem"
|
|
set "KEYFILE=%PFDATA%\key.pem"
|
|
|
|
rem The host's `serve` writes the mgmt token + identity cert on first run. Until they exist the proxy
|
|
rem has no credential and no TLS material, so fail and let restart-on-failure retry (mirrors the
|
|
rem installed launcher / Linux unit) rather than silently serving plain HTTP.
|
|
if not exist "%TOKENFILE%" (
|
|
echo [punktfunk-web] mgmt token not present yet at "%TOKENFILE%" - waiting for the host service.
|
|
exit /b 1
|
|
)
|
|
if not exist "%CERTFILE%" (
|
|
echo [punktfunk-web] host identity cert not present yet at "%CERTFILE%" - waiting for the host service.
|
|
exit /b 1
|
|
)
|
|
|
|
rem Both files are single KEY=VALUE lines: PUNKTFUNK_MGMT_TOKEN=... and PUNKTFUNK_UI_PASSWORD=... .
|
|
rem Split on the first '=' and import each into the environment.
|
|
for /f "usebackq tokens=1* delims==" %%A in ("%TOKENFILE%") do set "%%A=%%B"
|
|
if exist "%PWFILE%" for /f "usebackq tokens=1* delims==" %%A in ("%PWFILE%") do set "%%A=%%B"
|
|
|
|
rem Fixed deployment wiring (the Windows analogue of scripts/punktfunk-web.service).
|
|
set "PORT=47992"
|
|
set "HOST=0.0.0.0"
|
|
set "PUNKTFUNK_MGMT_URL=https://127.0.0.1:47990"
|
|
rem No NODE_TLS_REJECT_UNAUTHORIZED: the host's self-signed cert is accepted only for the loopback
|
|
rem proxy hop, scoped inside the proxy code (Bun per-request TLS), not process-wide.
|
|
rem Serve HTTPS (HTTP/1.1 over TLS) with the host's identity cert; mark the session cookie Secure.
|
|
set "PUNKTFUNK_UI_TLS_CERT=%CERTFILE%"
|
|
set "PUNKTFUNK_UI_TLS_KEY=%KEYFILE%"
|
|
set "PUNKTFUNK_UI_SECURE=1"
|
|
|
|
rem Bun runtime (override BUN if yours lives elsewhere / is on PATH as just `bun`).
|
|
if not defined BUN set "BUN=bun.exe"
|
|
set "SERVER=%~dp0.output\server\index.mjs"
|
|
if not exist "%SERVER%" (
|
|
echo [punktfunk-web] built server missing at "%SERVER%" - build it: cd web ^&^& bun run build
|
|
exit /b 1
|
|
)
|
|
"%BUN%" "%SERVER%"
|