enricobuehler
ba39b08e09
apple / swift (push) Successful in 1m6s
ci / rust (push) Successful in 5m51s
android / android (push) Successful in 6m21s
ci / web (push) Successful in 49s
ci / docs-site (push) Successful in 58s
windows-host / package (push) Successful in 8m6s
release / apple (push) Successful in 8m17s
deb / build-publish (push) Successful in 3m26s
decky / build-publish (push) Successful in 25s
docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Successful in 5s
ci / bench (push) Successful in 4m42s
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 30s
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 2m36s
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 2m17s
rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Failing after 19s
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 51s
apple / screenshots (push) Successful in 5m45s
docker / deploy-docs (push) Successful in 22s
rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Failing after 22s
Web console - Pairing/Library/Stats refactored into self-contained subsections that each own their own queries + mutations; a shared slot-based layout (view.tsx) is filled by the live page (containers) and Storybook (pure cards + fixtures) so the layout can't drift. - All paired devices in one list on Pairing with a protocol column (punktfunk/1 + Moonlight), routing each unpair to the right endpoint; the redundant Clients page is removed. - Library: overview grid split from the add/edit form into separate files. - Login screen links out to the docs. Docs - "Console login password" section on every host page (apt/RPM/Bazzite/SteamOS/Windows) plus a new "Forgot your Password?" troubleshooting page, linked from the login screen. - Console served as HTTP/1.1 over TLS (drop the unusable HTTP/3 advertising) across the Bun entry, launchers, systemd units, and packaging. Tooling - Biome now respects .gitignore (stops linting generated code), config migrated to 2.5.1; all lint issues fixed cleanly. Also includes this branch's in-progress host, Apple client, packaging, and CI changes. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
43 lines
1.3 KiB
TypeScript
43 lines
1.3 KiB
TypeScript
// The single server-side gate. Runs for EVERY request to the deployed Bun/Nitro server
|
|
// (pages, the /api proxy, everything) before routing. Unauthenticated requests are
|
|
// redirected to /login (page navigations) or rejected 401 (/api). Fails CLOSED if
|
|
// PUNKTFUNK_UI_PASSWORD is unset, so a misconfigured LAN-exposed server admits no one.
|
|
import {
|
|
defineEventHandler,
|
|
getRequestURL,
|
|
sendRedirect,
|
|
setResponseStatus,
|
|
useSession,
|
|
} from "h3";
|
|
import {
|
|
isPublicPath,
|
|
type SessionData,
|
|
sessionConfig,
|
|
uiPassword,
|
|
} from "../util/auth";
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const { pathname } = getRequestURL(event);
|
|
if (isPublicPath(pathname)) return;
|
|
|
|
// Misconfigured: refuse everything rather than serve open on the LAN.
|
|
if (!uiPassword()) {
|
|
setResponseStatus(event, 503);
|
|
return { error: "auth not configured: set PUNKTFUNK_UI_PASSWORD" };
|
|
}
|
|
|
|
const session = await useSession<SessionData>(event, sessionConfig());
|
|
if (session.data.authenticated) return; // authenticated — let it through
|
|
|
|
if (pathname.startsWith("/api")) {
|
|
setResponseStatus(event, 401);
|
|
return { error: "unauthorized" };
|
|
}
|
|
// Page navigation → bounce to the login screen, remembering where they were headed.
|
|
return sendRedirect(
|
|
event,
|
|
`/login?next=${encodeURIComponent(pathname)}`,
|
|
302,
|
|
);
|
|
});
|