BetterCorp/BetterFrame
1
0
Fork 0
mirror of https://github.com/BetterCorp/BetterFrame.git synced 2026-05-26 19:06:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

fix(remote-debug): successful auth resets lockout + drop empty WS token param

Browse source
This commit is contained in:
Mitchell R 2026-05-22 20:23:20 +02:00
parent c5068615ee
commit 1f0bcd1084
No known key found for this signature in database
2 changed files with 8 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
kiosk/src/remote_debug.rs
View file

@ -195,6 +195,8 @@ pub fn validate_terminal_code(expected: &str, provided: &str) -> bool {
record_failed_attempt(); record_failed_attempt();
return false; return false;
} }
// Successful terminal auth resets all lockout state.
let _ = std::fs::remove_file(lockout_path());
true true
} }

14
server/src/plugins/service-admin-http/routes-admin.ts
View file

@ -1721,9 +1721,8 @@ export function registerAdminRoutes(app: H3, deps: AdminDeps): void {
if (!kiosk) return new Response(null, { status: 302, headers: { location: "/admin/kiosks" } }); if (!kiosk) return new Response(null, { status: 302, headers: { location: "/admin/kiosks" } });
const user = event.context.user!; const user = event.context.user!;
// Get or create an API key for the WS connection. // Get or create an API key for the WS connection.
// WS auth: pass session cookie name so JS can read it for the WS query param. // WS auth: browser sends session cookie automatically on WS upgrade.
// The coordinator WS endpoint also accepts session-based auth. // Coordinator WS endpoint validates via resolveSession.
const wsToken = "";
return htmlPage(`<html><head><title>Logs: ${kiosk.name}</title> return htmlPage(`<html><head><title>Logs: ${kiosk.name}</title>
<style>body{margin:0;background:#111;color:#0f0;font-family:monospace;font-size:13px;padding:1rem} <style>body{margin:0;background:#111;color:#0f0;font-family:monospace;font-size:13px;padding:1rem}
pre{white-space:pre-wrap;word-break:break-all} pre{white-space:pre-wrap;word-break:break-all}
@ -1744,7 +1743,7 @@ export function registerAdminRoutes(app: H3, deps: AdminDeps): void {
function connect(){ function connect(){
// WS to coordinator — proxied through Angie at /ws/admin/debug/:id // WS to coordinator — proxied through Angie at /ws/admin/debug/:id
var proto=location.protocol==='https:'?'wss:':'ws:'; var proto=location.protocol==='https:'?'wss:':'ws:';
ws=new WebSocket(proto+'//'+location.host+'/ws/admin/debug/${id}?token=${wsToken}'); ws=new WebSocket(proto+'//'+location.host+'/ws/admin/debug/${id}');
ws.onmessage=function(e){ ws.onmessage=function(e){
try{var m=JSON.parse(e.data); try{var m=JSON.parse(e.data);
if(m.type==='journal-line'){log.textContent+=m.line+'\\n';log.scrollTop=log.scrollHeight;} if(m.type==='journal-line'){log.textContent+=m.line+'\\n';log.scrollTop=log.scrollHeight;}
@ -1768,9 +1767,8 @@ export function registerAdminRoutes(app: H3, deps: AdminDeps): void {
const id = Number(getRouterParam(event, "id")); const id = Number(getRouterParam(event, "id"));
const kiosk = deps.repo.getKioskById(id); const kiosk = deps.repo.getKioskById(id);
if (!kiosk) return new Response(null, { status: 302, headers: { location: "/admin/kiosks" } }); if (!kiosk) return new Response(null, { status: 302, headers: { location: "/admin/kiosks" } });
// WS auth: pass session cookie name so JS can read it for the WS query param. // WS auth: browser sends session cookie automatically on WS upgrade.
// The coordinator WS endpoint also accepts session-based auth. // Coordinator WS endpoint validates via resolveSession.
const wsToken = "";
return htmlPage(`<html><head><title>Terminal: ${kiosk.name}</title> return htmlPage(`<html><head><title>Terminal: ${kiosk.name}</title>
<style>body{margin:0;background:#000;color:#fff;font-family:monospace;font-size:14px;padding:1rem} <style>body{margin:0;background:#000;color:#fff;font-family:monospace;font-size:14px;padding:1rem}
#term{white-space:pre-wrap;word-break:break-all;height:calc(100vh - 120px);overflow-y:auto;background:#111;padding:8px;border:1px solid #333} #term{white-space:pre-wrap;word-break:break-all;height:calc(100vh - 120px);overflow-y:auto;background:#111;padding:8px;border:1px solid #333}
@ -1796,7 +1794,7 @@ export function registerAdminRoutes(app: H3, deps: AdminDeps): void {
var ws; var ws;
function connect(){ function connect(){
var proto=location.protocol==='https:'?'wss:':'ws:'; var proto=location.protocol==='https:'?'wss:':'ws:';
ws=new WebSocket(proto+'//'+location.host+'/ws/admin/debug/${id}?token=${wsToken}'); ws=new WebSocket(proto+'//'+location.host+'/ws/admin/debug/${id}');
ws.onopen=function(){status.textContent='Connected (not authed)';}; ws.onopen=function(){status.textContent='Connected (not authed)';};
ws.onmessage=function(e){ ws.onmessage=function(e){
try{var m=JSON.parse(e.data); try{var m=JSON.parse(e.data);