Skip to content

fix: gateway password auth + login screen with auto-lock #55

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
PhenixStar wants to merge 2 commits into
base: master
Choose a base branch
from
Open

fix: gateway password auth + login screen with auto-lock #55

PhenixStar wants to merge 2 commits into from

Conversation

@PhenixStar
Copy link

@PhenixStar PhenixStar commented Feb 9, 2026
edited
Loading

What's in here

Two things rolled into one branch:

1. Gateway password auth fix (previous commit)

  • Support CLAWDBOT_PASSWORD env var for gateway password auth mode
  • Fix handleChallenge early return when no token set
  • Handle ok: false connect responses instead of silent timeout
  • Add WS_NO_BUFFER_UTIL=1 support for bundled ws environments
  • Add python3 make g++ to Dockerfile for arm64 native module compilation

2. Login screen + auth system (new)

Right now anyone with the URL can hit /monitor and /workspace. This adds a proper login screen so only people with the password or API token can get in.

What you get:

  • Login screen — pops up when accessing /monitor or /workspace. Retro themed, password and token tabs, the whole vibe.
  • Auto-lock — walk away for 15 min and it locks. Configurable 5-60 min in settings.
  • Settings panel — new "Access Control" section with timeout slider and "Lock Now" button
  • Server sessions — simple session IDs in a server Map, 24h TTL, auto-cleanup. No JWT, no new deps.
  • Security — constant-time password comparison, credentials stay server-side, multi-tab logout sync

Zero new dependencies. Uses built-in crypto.randomUUID() and crypto.timingSafeEqual().

Uses existing CLAWDBOT_PASSWORD / CLAWDBOT_API_TOKEN env vars — no new config needed.

Test plan

  • Connect with CLAWDBOT_PASSWORD set, verify gateway auth works
  • Navigate to /monitor without login — see login screen
  • Enter correct password — unlocks monitor
  • Wrong password — error shown, input cleared
  • Idle 15min — auto-locks
  • Settings timeout slider + "Lock Now" button work
  • Page refresh preserves session
  • Lock in one tab locks all tabs

@PhenixStar
fix: support gateway password auth and handle connect rejections
e4e9da6 
- Support CLAWDBOT_PASSWORD env var for gateway password auth mode
- Fix handleChallenge early return when no token set (password auth path)
- Handle ok:false connect responses instead of silent timeout
- Add WS_NO_BUFFER_UTIL=1 support via vite externals for bundled ws
- Add python3/make/g++ to Dockerfile builder for native module compilation
@PhenixStar
feat(auth): add password/token login with auto-lock and route protection
230b221 
- tRPC auth router with verify, check, credentialType, logout endpoints
- Server-side session Map with 24h TTL and auto-cleanup
- Constant-time credential comparison (crypto.timingSafeEqual)
- AuthContext provider with inactivity auto-lock (configurable 5-60min)
- Login screen overlay with retro theme matching existing UI
- ProtectedRoute wrapper for /monitor and /workspace
- Settings panel Access Control section with timeout slider and lock button
- Multi-tab logout synchronization via storage events
@PhenixStar PhenixStar changed the title fix: support gateway password auth + connect error handling fix: gateway password auth + login screen with auto-lock Feb 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@PhenixStar