unom/punktfunk
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases 4 Wiki Activity
Files
2264474c68046ddcb840304a9f38d2d173c904cf
punktfunk/web/README.md
T
enricobuehler 9856c04b75
ci / rust (push) Has been cancelled
Details
feat(web): login-gated BFF auth — sealed session cookie + server-side token injection 
Single-user, LAN-reachable-but-gated. The web server is a backend-for-frontend:

- Login: POST /_auth/login {password} checks PUNKTFUNK_UI_PASSWORD (constant-time) and
  sets a SEALED session cookie (h3 useSession / AES-GCM). server/middleware/auth.ts gates
  every request — pages 302 → /login, /api → 401 — and FAILS CLOSED (503) when
  PUNKTFUNK_UI_PASSWORD is unset, so a misconfigured LAN-exposed server admits no one.
- The management API stays loopback-only + token (never LAN-exposed). The proxy
  (server/routes/api/[...].ts) injects PUNKTFUNK_MGMT_TOKEN server-side and drops the
  browser's cookie before forwarding — the token never reaches the browser, which only
  holds the session cookie.

Nitro doesn't auto-scan a server/ dir, so the Nitro plugin gets an explicit scanDirs to
pick up middleware + routes. Client: removed the localStorage token (server injects it);
the fetcher bounces to /login on 401; new /login page (bare, no shell); Settings drops the
token field and gains a Sign-out button; en/de strings.

Validated live end to end: unauth /→302, /api→401; wrong pw→401; right pw→200+cookie;
authed /api/v1/status→200 (proxied, mgmt token injected — the host required it); logout→
session cleared→401. tsc + build green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-10 18:43:14 +00:00

99 lines
4.5 KiB
Markdown
Raw Blame History

# punktfunk web — management console
The browser UI for the punktfunk host's **management REST API** (`crates/punktfunk-host/src/mgmt.rs`,
OpenAPI at `docs/api/openapi.json`). It shows live status, host capabilities, paired
clients, the pairing-PIN flow, and session controls.
Stack: **TanStack Start** (full SSR) on **Bun** via **Nitro v2** (`bun` preset) · **React
Query** through **orval** codegen from the OpenAPI spec · **shadcn/ui** (Tailwind v4) ·
**Paraglide** i18n (en/de). Package manager + runtime: **Bun**.
## Develop
```sh
# from web/ — Bun is the toolchain (https://bun.sh)
bun install # runs `prepare` → codegen (orval + paraglide)
bun run dev # http://localhost:3000
# The dev server proxies /api → http://127.0.0.1:47990 (the host's management API).
# Point it elsewhere: PUNKTFUNK_MGMT_URL=http://<host>:47990 bun run dev
```
Start a host with the management API up:
```sh
# from the repo root — `serve` brings up the GameStream control plane + the mgmt API:
WAYLAND_DISPLAY=wayland-kde XDG_CURRENT_DESKTOP=KDE \
cargo run -rp punktfunk-host -- serve
# loopback :47990, no token (a token is mandatory for non-loopback binds).
```
If the host runs with `--mgmt-token`, set it under **Settings → API token** (stored in
`localStorage`, sent as `Authorization: Bearer …` by the orval fetcher).
## Build & run (Nitro + Bun)
```sh
bun run build # → .output/ (Nitro server, `bun` preset, + .output/public assets)
PORT=3000 HOST=0.0.0.0 \
PUNKTFUNK_UI_PASSWORD=PUNKTFUNK_MGMT_TOKEN=\
bun run start # = bun run .output/server/index.mjs
bun run lint # tsc --noEmit
```
The built **Nitro Bun server** SSR-renders the app and is the only thing exposed on the LAN.
Run it on the same box as the host; it serves the console on `:3000` (or `$PORT`).
## Auth (backend-for-frontend)
Single-user, login-gated. Config via env (see `.env.example`):
- The console requires a **login** (`PUNKTFUNK_UI_PASSWORD`). On success the server sets a
**sealed session cookie** (h3 `useSession`, AES-GCM). `server/middleware/auth.ts` gates
*every* request — pages redirect to `/login`, `/api` returns 401 — and **fails closed**
(503) if `PUNKTFUNK_UI_PASSWORD` is unset, so a misconfigured LAN server admits no one.
- The **management API stays loopback-only + token** — never LAN-exposed. The web server
holds `PUNKTFUNK_MGMT_TOKEN` server-side and injects it when proxying `/api/**`
`PUNKTFUNK_MGMT_URL` (`server/routes/api/[...].ts`). **The token never reaches the
browser**; the browser only ever holds the session cookie.
So: `browser ──password──▶ web server (session cookie) ──mgmt token, server-side──▶ mgmt API`.
Run the host with a matching token: `cargo run -rp punktfunk-host -- serve` +
`PUNKTFUNK_MGMT_TOKEN=…` (or `--mgmt-token …`). `vite dev` has no gate (localhost-only) and
proxies straight to the loopback mgmt API.
> Toolchain notes (load-bearing): TanStack Start's `start-plugin-core` peer-requires
> **Vite ≥ 7** — on Vite 6 the build's prerender/post-build hook silently doesn't run.
> `@vitejs/plugin-react` must match Vite (v5 ↔ Vite 7, v6 ↔ Vite 8); it's **required even
> for dev** (TanStack Start's dev mode needs the React Refresh runtime, else a blank
> screen). Nitro is the server target — without it `vite build` only emits client+SSR
> bundles, no deployable server. The Nitro `bun` preset makes `.output/server/index.mjs`
> Bun-runnable.
## Codegen
Generated code is **not committed** (gitignored) — reproduced from sources:
- `bun run codegen` — regenerate the API client (orval) + i18n runtime (paraglide). Runs on
`bun install` (`prepare`) and before `dev`/`build` (`pre*` for orval; the Vite plugin
compiles paraglide on dev/build).
- After a management-API change, regenerate the spec on the Rust side first:
`cargo run -p punktfunk-host -- openapi > docs/api/openapi.json`, then `bun run api:gen`.
## Layout
```
src/
routes/ file-based routes (index=dashboard, host, clients, pairing, settings)
components/
app-shell.tsx sidebar nav + language switcher
ui/ shadcn/ui primitives (button, card, table, …)
query-state.tsx loading/error wrapper (incl. 401 → "set a token")
api/
fetcher.ts orval mutator: base URL, bearer token, JSON, throwing ApiError
gen/ GENERATED react-query hooks + models (orval)
lib/i18n.ts reactive Paraglide locale hook
paraglide/ GENERATED i18n runtime (paraglide)
messages/{en,de}.json translation sources
```
Reference in New Issue View Git Blame Copy Permalink