75b3c94f60
ci / rust (push) Failing after 45s
ci / web (push) Successful in 52s
docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Successful in 10s
ci / docs-site (push) Successful in 1m6s
decky / build-publish (push) Successful in 33s
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 30s
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 10s
ci / bench (push) Successful in 6m1s
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 8m33s
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 9m40s
docker / deploy-docs (push) Successful in 26s
windows-host / package (push) Successful in 15m34s
rpm / build-publish (44, fedora-44, punktfunk-fedora44-rpm) (push) Successful in 13m24s
arch / build-publish (push) Successful in 20m32s
android / android (push) Successful in 20m50s
deb / build-publish (push) Successful in 20m33s
rpm / build-publish (43, bazzite, punktfunk-fedora-rpm) (push) Successful in 21m41s
apple / swift (push) Has been cancelled
apple / screenshots (push) Has been cancelled
Pairing: - Refresh the paired-devices list after a native PIN pairing (the happy path never invalidated it, so a newly paired device stayed hidden until remount). - Moonlight PIN: a 204 means "PIN delivered to the waiting handshake", NOT paired, so it now reads "PIN sent" instead of a false "Paired successfully". - Hide the Moonlight pairing card on native-only hosts (HostInfo.gamestream) — it could never receive a PIN there. - Per-row pending on unpair/approve/deny; PIN input maxLength 16 (was 8). Displays / Library: - "Arrange displays" save refreshes the settings card (it rewrites the policy), without clobbering unsaved Custom edits (re-seed only when the draft still matches the server). - Live-display list wrapped in QueryState so errors don't read as "no displays". - "Forever" keep-alive option in the custom editor; edit-game form round-trips the logo artwork (was dropped on save); per-card delete pending. Stats: - Distinct colour for the native "queue" latency stage (it collided with "capture"). - "Not measured on this path" note on the GameStream health chart; configured-bitrate target line on throughput; host-authoritative elapsed timer; LiveCard surfaces non-404 errors. Shell / auth / i18n: - SSR-stable locale: first client render matches the base-locale SSR (no hydration mismatch), then adopts the persisted/browser locale post-hydration. - BFF proxy maps an upstream (mgmt-token) 401 to 502 so a logged-in user isn't bounced into a post-login redirect loop. - Logout checks the POST result before navigating; logs dedup by seq (StrictMode); login "next" keeps query/hash; Dashboard shows the active-session count. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
66 lines
3.1 KiB
TypeScript
66 lines
3.1 KiB
TypeScript
// /api/** → the management API. By the time we get here the gate (middleware/auth.ts) has
|
|
// confirmed an authenticated session. We inject the management bearer token server-side
|
|
// (the browser never sees it) and drop the browser's own cookies/auth from the upstream
|
|
// request, then proxy. The management API itself binds loopback only — this proxy is the
|
|
// ONLY path to it from the LAN, and it's authenticated.
|
|
import {
|
|
createError,
|
|
defineEventHandler,
|
|
getRequestURL,
|
|
proxyRequest,
|
|
setResponseStatus,
|
|
} from "h3";
|
|
import { isLoopbackUrl, mgmtToken, mgmtUrl } from "../../util/auth";
|
|
|
|
export default defineEventHandler((event) => {
|
|
const { pathname, search } = getRequestURL(event);
|
|
const base = mgmtUrl();
|
|
const target = `${base}${pathname}${search}`;
|
|
const token = mgmtToken();
|
|
// The mgmt API now requires a token always. Without one configured, forwarding an empty bearer
|
|
// would just bounce as 401 — fail fast and legibly instead (the packaged service sources the
|
|
// host's ~/.config/punktfunk/mgmt-token, so this only fires on a misconfigured/early-start deploy).
|
|
if (!token) {
|
|
setResponseStatus(event, 503);
|
|
return {
|
|
error:
|
|
"management token not configured (PUNKTFUNK_MGMT_TOKEN / ~/.config/punktfunk/mgmt-token)",
|
|
};
|
|
}
|
|
// TLS scoping (replaces the old process-wide NODE_TLS_REJECT_UNAUTHORIZED=0): the host presents a
|
|
// SELF-SIGNED, no-SAN identity cert on loopback, which normal verification rejects. We relax
|
|
// verification ONLY for this one loopback hop, via Bun's per-request `tls` option — so any OTHER
|
|
// outbound TLS the process ever makes still verifies normally (the global env unverified
|
|
// everything). If the operator points PUNKTFUNK_MGMT_URL at a NON-loopback host, we do NOT relax:
|
|
// a remote mgmt API must present a valid chain, which is stricter than the old blanket accept.
|
|
const fetchOptions = isLoopbackUrl(base)
|
|
? // `tls` is a Bun.fetch extension (the console runs on bun — Bun.serve/`bun .output/...`), not
|
|
// in the standard RequestInit type, so cast through unknown.
|
|
({ tls: { rejectUnauthorized: false } } as unknown as RequestInit)
|
|
: undefined;
|
|
|
|
return proxyRequest(event, target, {
|
|
fetchOptions,
|
|
headers: {
|
|
// Overwrite, not append: the host-held token replaces anything the browser sent.
|
|
authorization: `Bearer ${token}`,
|
|
// Don't forward the session cookie to the management API.
|
|
cookie: "",
|
|
},
|
|
onResponse: (_event, response) => {
|
|
// This handler only runs AFTER the gate (middleware/auth.ts) confirmed a valid session, so
|
|
// a 401 HERE is the management API rejecting OUR host token — a server/deploy misconfig, not
|
|
// an expired user session. Forwarding it would make the browser bounce a logged-in user to
|
|
// /login, where re-auth succeeds but the next call 401s again → a redirect loop. Surface it
|
|
// as a 502 (upstream failure) so the console shows an error instead of looping.
|
|
if (response.status === 401) {
|
|
throw createError({
|
|
statusCode: 502,
|
|
statusMessage:
|
|
"management API rejected the host token (check PUNKTFUNK_MGMT_TOKEN)",
|
|
});
|
|
}
|
|
},
|
|
});
|
|
});
|