Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
7b1df9b592 | ||
|
|
f4089fe111 | ||
|
|
87b5ad1460 |
@@ -290,6 +290,7 @@ services:
|
||||
POCKETBASE_ADMIN_EMAIL: "${POCKETBASE_ADMIN_EMAIL}"
|
||||
POCKETBASE_ADMIN_PASSWORD: "${POCKETBASE_ADMIN_PASSWORD}"
|
||||
AUTH_SECRET: "${AUTH_SECRET}"
|
||||
DEBUG_LOGIN_TOKEN: "${DEBUG_LOGIN_TOKEN}"
|
||||
PUBLIC_MINIO_PUBLIC_URL: "${MINIO_PUBLIC_ENDPOINT}"
|
||||
# Valkey
|
||||
VALKEY_ADDR: "valkey:6379"
|
||||
|
||||
@@ -29,7 +29,7 @@ services:
|
||||
- libretranslate_models:/home/libretranslate/.local/share/argos-translate
|
||||
- libretranslate_db:/app/db
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "curl -sf http://localhost:5000/languages || exit 1"]
|
||||
test: ["CMD", "python3", "-c", "import urllib.request,sys; urllib.request.urlopen('http://localhost:5000/languages'); sys.exit(0)"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 5
|
||||
|
||||
@@ -147,6 +147,15 @@ html {
|
||||
margin: 2em 0;
|
||||
}
|
||||
|
||||
/* ── Hide scrollbars (used on horizontal carousels) ────────────────── */
|
||||
.scrollbar-none {
|
||||
scrollbar-width: none; /* Firefox */
|
||||
-ms-overflow-style: none; /* IE / Edge legacy */
|
||||
}
|
||||
.scrollbar-none::-webkit-scrollbar {
|
||||
display: none; /* Chrome / Safari / WebKit */
|
||||
}
|
||||
|
||||
/* ── Navigation progress bar ───────────────────────────────────────── */
|
||||
@keyframes progress-bar {
|
||||
0% { width: 0%; opacity: 1; }
|
||||
|
||||
8
ui/src/routes/admin/+layout.server.ts
Normal file
8
ui/src/routes/admin/+layout.server.ts
Normal file
@@ -0,0 +1,8 @@
|
||||
import { redirect } from '@sveltejs/kit';
|
||||
import type { LayoutServerLoad } from './$types';
|
||||
|
||||
export const load: LayoutServerLoad = async ({ locals }) => {
|
||||
if (locals.user?.role !== 'admin') {
|
||||
redirect(302, '/');
|
||||
}
|
||||
};
|
||||
6
ui/src/routes/admin/+page.server.ts
Normal file
6
ui/src/routes/admin/+page.server.ts
Normal file
@@ -0,0 +1,6 @@
|
||||
import { redirect } from '@sveltejs/kit';
|
||||
import type { PageServerLoad } from './$types';
|
||||
|
||||
export const load: PageServerLoad = async () => {
|
||||
redirect(302, '/admin/scrape');
|
||||
};
|
||||
73
ui/src/routes/api/auth/debug-login/+server.ts
Normal file
73
ui/src/routes/api/auth/debug-login/+server.ts
Normal file
@@ -0,0 +1,73 @@
|
||||
import { redirect, error } from '@sveltejs/kit';
|
||||
import type { RequestHandler } from './$types';
|
||||
import { getUserByUsername, createUserSession } from '$lib/server/pocketbase';
|
||||
import { createAuthToken } from '../../../../hooks.server';
|
||||
import { env } from '$env/dynamic/private';
|
||||
import { log } from '$lib/server/logger';
|
||||
import { randomBytes } from 'node:crypto';
|
||||
|
||||
const AUTH_COOKIE = 'libnovel_auth';
|
||||
const ONE_YEAR = 60 * 60 * 24 * 365;
|
||||
|
||||
/**
|
||||
* GET /api/auth/debug-login?token=<DEBUG_LOGIN_TOKEN>&username=<username>
|
||||
*
|
||||
* One-shot debug bypass: verifies a shared secret token, then mints a real
|
||||
* auth cookie for the given user (defaults to the first admin account) and
|
||||
* redirects to /.
|
||||
*
|
||||
* Requires DEBUG_LOGIN_TOKEN env var to be set. Disabled (404) when the var
|
||||
* is absent or empty.
|
||||
*/
|
||||
export const GET: RequestHandler = async ({ url, cookies, request }) => {
|
||||
const debugToken = env.DEBUG_LOGIN_TOKEN ?? '';
|
||||
if (!debugToken) {
|
||||
error(404, 'Not found');
|
||||
}
|
||||
|
||||
const provided = url.searchParams.get('token') ?? '';
|
||||
// Constant-time comparison to prevent timing attacks
|
||||
if (provided.length !== debugToken.length) {
|
||||
log.warn('api/auth/debug-login', 'bad token attempt');
|
||||
error(401, 'Invalid token');
|
||||
}
|
||||
let diff = 0;
|
||||
for (let i = 0; i < debugToken.length; i++) {
|
||||
diff |= provided.charCodeAt(i) ^ debugToken.charCodeAt(i);
|
||||
}
|
||||
if (diff !== 0) {
|
||||
log.warn('api/auth/debug-login', 'bad token attempt');
|
||||
error(401, 'Invalid token');
|
||||
}
|
||||
|
||||
const username = url.searchParams.get('username') ?? 'kamil_alekber_2e99';
|
||||
const user = await getUserByUsername(username);
|
||||
if (!user) {
|
||||
error(404, `User '${username}' not found`);
|
||||
}
|
||||
|
||||
const authSessionId = randomBytes(16).toString('hex');
|
||||
const userAgent = request.headers.get('user-agent') ?? '';
|
||||
const ip =
|
||||
request.headers.get('x-forwarded-for')?.split(',')[0]?.trim() ??
|
||||
request.headers.get('x-real-ip') ??
|
||||
'debug';
|
||||
|
||||
createUserSession(user.id, authSessionId, userAgent, ip).catch((e) =>
|
||||
log.warn('api/auth/debug-login', 'createUserSession failed (non-fatal)', { err: String(e) })
|
||||
);
|
||||
|
||||
const token = createAuthToken(user.id, user.username, user.role ?? 'user', authSessionId);
|
||||
|
||||
cookies.set(AUTH_COOKIE, token, {
|
||||
path: '/',
|
||||
httpOnly: true,
|
||||
sameSite: 'lax',
|
||||
maxAge: ONE_YEAR
|
||||
});
|
||||
|
||||
log.info('api/auth/debug-login', 'debug login used', { username: user.username, ip });
|
||||
|
||||
const next = url.searchParams.get('next') ?? '/';
|
||||
redirect(302, next);
|
||||
};
|
||||
Reference in New Issue
Block a user