ae51276a03
Web console - Pairing/Library/Stats refactored into self-contained subsections that each own their own queries + mutations; a shared slot-based layout (view.tsx) is filled by the live page (containers) and Storybook (pure cards + fixtures) so the layout can't drift. - All paired devices in one list on Pairing with a protocol column (punktfunk/1 + Moonlight), routing each unpair to the right endpoint; the redundant Clients page is removed. - Library: overview grid split from the add/edit form into separate files. - Login screen links out to the docs. Docs - "Console login password" section on every host page (apt/RPM/Bazzite/SteamOS/Windows) plus a new "Forgot your Password?" troubleshooting page, linked from the login screen. - Console served as HTTP/1.1 over TLS (drop the unusable HTTP/3 advertising) across the Bun entry, launchers, systemd units, and packaging. Tooling - Biome now respects .gitignore (stops linting generated code), config migrated to 2.5.1; all lint issues fixed cleanly. Also includes this branch's in-progress host, Apple client, packaging, and CI changes. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
43 lines
1.3 KiB
TypeScript
43 lines
1.3 KiB
TypeScript
// The single server-side gate. Runs for EVERY request to the deployed Bun/Nitro server
|
|
// (pages, the /api proxy, everything) before routing. Unauthenticated requests are
|
|
// redirected to /login (page navigations) or rejected 401 (/api). Fails CLOSED if
|
|
// PUNKTFUNK_UI_PASSWORD is unset, so a misconfigured LAN-exposed server admits no one.
|
|
import {
|
|
defineEventHandler,
|
|
getRequestURL,
|
|
sendRedirect,
|
|
setResponseStatus,
|
|
useSession,
|
|
} from "h3";
|
|
import {
|
|
isPublicPath,
|
|
type SessionData,
|
|
sessionConfig,
|
|
uiPassword,
|
|
} from "../util/auth";
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const { pathname } = getRequestURL(event);
|
|
if (isPublicPath(pathname)) return;
|
|
|
|
// Misconfigured: refuse everything rather than serve open on the LAN.
|
|
if (!uiPassword()) {
|
|
setResponseStatus(event, 503);
|
|
return { error: "auth not configured: set PUNKTFUNK_UI_PASSWORD" };
|
|
}
|
|
|
|
const session = await useSession<SessionData>(event, sessionConfig());
|
|
if (session.data.authenticated) return; // authenticated — let it through
|
|
|
|
if (pathname.startsWith("/api")) {
|
|
setResponseStatus(event, 401);
|
|
return { error: "unauthorized" };
|
|
}
|
|
// Page navigation → bounce to the login screen, remembering where they were headed.
|
|
return sendRedirect(
|
|
event,
|
|
`/login?next=${encodeURIComponent(pathname)}`,
|
|
302,
|
|
);
|
|
});
|