-
Notifications
You must be signed in to change notification settings - Fork 10
Replace Node UI token bootstrap with dashboard sessions #1428
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
Jurij89
wants to merge
93
commits into
main
Choose a base branch
from
codex/node-ui-auth-bootstrap-session
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from 1 commit
Commits
Show all changes
93 commits
Select commit
Hold shift + click to select a range
dd189e3
fix(node-ui): replace token bootstrap with dashboard sessions
847b160
test(node-ui): stabilize dashboard session auth tests
8d1013b
fix(node-ui): address dashboard session review
a8e7b1f
fix(node-ui): refresh stale dashboard sessions
264a775
Address node UI auth review follow-ups
a550721
Address dashboard session review follow-ups
70a688f
Address review round 4 dashboard session feedback
d5efb31
Address review round 5 and CI failure
1973575
Address node-ui session review and e2e failures
8832b9a
Address delayed PR review comments
03813b2
Address dashboard session review feedback
8f3e55c
Tighten dashboard logout session safety
022d17a
Fix auth-session logout CSRF e2e
622e8c6
Avoid SSE near-expiry reconnect loop
949a1af
Tighten dashboard auth policy coverage
e60ef12
Cover dashboard CSRF session endpoint
69f0df8
Honor Forwarded proto for dashboard cookies
087a7dc
Cover SSE session expiry closure
ee51a4e
Handle explicit empty auth and stale CSRF
a83ef23
Cover CSRF on unsafe dashboard methods
afb358d
Narrow stale CSRF retry handling
6e1a664
Trust forwarded proto only from loopback
90ec4f9
Cover incorrect CSRF token rejection
e797a82
Resolve dashboard principals at auth time
1ffc988
Cover UI asset and SSE review gaps
d8834d9
Cover explicit SSE and referer auth gaps
dc6ccfc
Require token for loopback dashboard sessions
7fd09f2
Cover dashboard cors and smoke auth gaps
3c1d75c
Authenticate raw mock fallback e2e spec
f217dae
Handle dashboard origin metadata and gate ownership
8dd4d81
Block cross-site dashboard session exchange
0a644ed
Guard dashboard session refresh races
955fbfe
Support cross-origin dashboard session review gaps
5bbb47a
Close stale dashboard SSE and code CSRF retries
104be8f
Cover dashboard exchange and unlock failures
f7ed67c
Make daemon fetch path contract explicit
7a6700a
Update node-ui compatibility assertion for daemon paths
1aec8f5
Share auth CORS header policy
7680931
Cover dashboard status and connect session paths
a9a1cea
Allow blob-backed UI previews in CSP
e8847c8
Allow UI font origins in CSP
066cd95
Add credentialed CORS to node-ui API responses
c47979e
Handle proxied HTTPS dashboard origins
d01aecd
Keep node-ui daemon paths typed
0da257a
Add dashboard username password login
a2f725b
Create dashboard credentials in setup flows
8f878fc
Harden dashboard credential setup review gaps
b73da51
Address dashboard login review gaps
e652ed6
Address dashboard login follow-up review
6793e7c
Require fingerprints for login sessions
58ec3ce
Tighten dashboard login review gaps
a5b65e3
Bound dashboard login attempts
40e9c3b
Cover dashboard login CSRF contract
965dba6
Assert password-login cookie attributes
1a94b4d
Harden dashboard login review gaps
5cad89f
Revalidate dashboard login event streams
160958d
Cover dashboard login setup review gaps
acdebb1
Harden dashboard credential verification
2928480
Merge pull request #1439 from OriginTrail/codex/node-ui-dashboard-login
Jurij89 b6f58d0
Refine dashboard login follow-up boundaries
55d2a64
Address dashboard follow-up review gaps
bc13750
Collapse dashboard SSE auth metadata
a9da311
Revalidate dashboard SSE sessions
6daa067
Cover resolved dashboard SSE comments
1badd52
Preserve dashboard auth compatibility
2b191a8
Keep fingerprints out of request auth
c3b387f
Reuse dashboard credential result types
3cab575
Cover MCP credential setup wiring
064cabe
Merge pull request #1451 from OriginTrail/codex/dashboard-login-follo…
Jurij89 9d535ea
Harden dashboard auth follow-up coverage
343929e
Address dashboard auth follow-up review
921d5aa
Tighten dashboard login limiter API
f7e8737
Split dashboard auth and static UI modules
7b77e85
Centralize dashboard principal and limiter state
8aef2a5
Merge pull request #1460 from OriginTrail/codex/dashboard-auth-bounda…
Jurij89 86455bf
Close dashboard auth boundary follow-up
c923a03
Address dashboard auth review comments
c06881a
Collapse dashboard auth context handoff
65bc558
Tighten dashboard auth review coverage
1b25ac9
Preserve plugin and sign-join contracts
4def731
Enforce login session fingerprint at runtime
fe5eadb
Merge pull request #1465 from OriginTrail/codex/dashboard-auth-1433-c…
Jurij89 77318af
Tighten daemon route auth identity handoff
4680aa1
Clarify route auth context handoff
e8bd4dc
Keep route dispatch identity boundary strict
0f74f77
Pin public plugin context surface
bf03d77
Cover plugin and route identity review gaps
4667af2
Use checked plugin type fixture
0e47c7e
Clarify auth resolver and plugin boundaries
3eeed32
Tighten plugin boundary review followups
c753511
Anchor plugin context compatibility keys
96e4115
Assert plugin context compatibility key diffs
a171eb1
Merge pull request #1471 from OriginTrail/codex/dashboard-auth-route-…
Jurij89 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,80 @@ | ||
| # Node UI Auth Bootstrap Upgrade Team Prompt | ||
|
|
||
| You are the team lead for a security and implementation planning effort in the DKG repository. | ||
|
|
||
| ## Mission | ||
|
|
||
| Analyze the current Node UI authentication bootstrap and produce an implementation-ready upgrade plan that brings it in line with modern browser security, backend implementation, and operator UX expectations. | ||
|
|
||
| The issue under review is narrow but serious: production `/ui` serves a Vite-built static SPA, but the daemon currently injects an API bearer token into `index.html` as `window.__DKG_TOKEN__`. `/ui` is public by auth policy. This is tolerable only in carefully constrained loopback usage and becomes severe when the UI is exposed to untrusted clients. | ||
|
|
||
| ## Repository Context | ||
|
|
||
| - Root: `C:/Projects/dkg` | ||
| - Current report: `agent-docs/backend-inline-html-audit.md` | ||
| - Primary server files: | ||
| - `packages/cli/src/auth.ts` | ||
| - `packages/cli/src/daemon/lifecycle.ts` | ||
| - `packages/cli/src/daemon/http-utils.ts` | ||
| - `packages/node-ui/src/api.ts` | ||
| - Primary browser files: | ||
| - `packages/node-ui/src/ui/api.ts` | ||
| - `packages/node-ui/src/ui/api-wrapper.ts` | ||
| - `packages/node-ui/src/ui/hooks/useNodeEvents.ts` | ||
| - `packages/node-ui/src/ui/hooks/useCurrentAgent.ts` | ||
| - `packages/node-ui/src/ui/web3/clients.ts` | ||
| - Primary verification surfaces: | ||
| - `packages/cli/test/auth.test.ts` | ||
| - `packages/cli/test/daemon-http-behavior-extra.test.ts` | ||
| - `packages/cli/test/dkg-doctor.test.ts` | ||
| - `packages/node-ui/test/api-routes.test.ts` | ||
| - `packages/node-ui/test/ui-api-pure.test.ts` | ||
| - `packages/node-ui/e2e/` | ||
| - `scripts/devnet-test-node-ui-smoke.sh` | ||
|
|
||
| ## Team Roles | ||
|
|
||
| Security architecture teammate: | ||
| - Threat-model loopback, public bind, reverse proxy, shared-host, XSS, CSRF, DNS rebinding, token leakage, and SSE query-token behavior. | ||
| - Recommend severity by deployment mode. | ||
| - Recommend the target browser-session architecture and defense-in-depth controls. | ||
|
|
||
| Daemon/backend implementation teammate: | ||
| - Inspect `/ui` static serving, auth guard ordering, token loading, CORS defaults, `apiHost`, doctor integration, and smoke scripts. | ||
| - Identify safe migration points and compatibility risks. | ||
| - Preserve existing CLI/machine bearer-token behavior. | ||
|
|
||
| Frontend/UX teammate: | ||
| - Inspect all usage of `window.__DKG_TOKEN__`, `authHeaders`, API wrappers, EventSource, mock fallback, wallet/PCA flows, and e2e helpers. | ||
| - Recommend local and remote dashboard UX states. | ||
| - Ensure remote failures do not silently present demo data as healthy node state. | ||
|
|
||
| QA/release teammate: | ||
| - Inventory current tests and release gates. | ||
| - Propose regression tests, CI/devnet checks, doctor checks, rollout artifacts, and acceptance criteria. | ||
| - Identify what evidence a staff engineer would need before approving the migration. | ||
|
|
||
| ## Operating Rules | ||
|
|
||
| - Do read-only analysis unless explicitly assigned a write scope. | ||
| - Use one responsibility per teammate. | ||
| - Return file and line evidence for claims. | ||
| - Distinguish current behavior from recommended target behavior. | ||
| - Do not collapse loopback and public exposure into one severity. | ||
| - Do not recommend simply protecting `/ui` unless the bootstrap flow is replaced. | ||
| - Keep bearer tokens available for CLI and machine clients, but remove daemon bearer tokens from browser JavaScript. | ||
| - Prefer simple, staged migration over a flag day rewrite. | ||
|
|
||
| ## Deliverable | ||
|
|
||
| Produce a concise but complete Markdown plan under `agent-docs/` that includes: | ||
|
|
||
| - Executive summary | ||
| - Current-state and desired-state flow diagrams in Mermaid | ||
| - Root cause and risk analysis | ||
| - Research conclusions from primary sources and standards | ||
| - Recommended architecture | ||
| - Implementation phases and concrete file/test targets | ||
| - UX requirements | ||
| - Rollout, rollback, observability, and acceptance criteria | ||
| - Open decisions and questions |
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.