nav/Dirigent
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: change control page routes from gateway to plugin auth

Browse Source 
auth: "gateway" requires Bearer token in Authorization header,
which browser direct navigation never sends (no session cookies).
auth: "plugin" allows unauthenticated access on loopback, which
is sufficient since gateway is bound to 127.0.0.1 only.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
h z
2026-04-09 01:15:29 +01:00
parent b5196e972c
commit b9cbb7e895
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
plugin/web/control-page.ts
View File

@@ -102,7 +102,7 @@ export function registerControlPage(deps: {
// ── Main page ────────────────────────────────────────────────────────────── // ── Main page ──────────────────────────────────────────────────────────────
api.registerHttpRoute({ api.registerHttpRoute({
path: "/dirigent", path: "/dirigent",
auth: "gateway", auth: "plugin",
match: "exact", match: "exact",
handler: async (_req, res) => { handler: async (_req, res) => {
const entries = identityRegistry.list(); const entries = identityRegistry.list();
@@ -219,7 +219,7 @@ export function registerControlPage(deps: {
// ── API: add identity ────────────────────────────────────────────────────── // ── API: add identity ──────────────────────────────────────────────────────
api.registerHttpRoute({ api.registerHttpRoute({
path: "/dirigent/api/identity", path: "/dirigent/api/identity",
auth: "gateway", auth: "plugin",
match: "exact", match: "exact",
handler: (req, res) => { handler: (req, res) => {
if (req.method !== "POST") { res.writeHead(405); res.end(); return; } if (req.method !== "POST") { res.writeHead(405); res.end(); return; }
@@ -243,7 +243,7 @@ export function registerControlPage(deps: {
// ── API: remove identity ─────────────────────────────────────────────────── // ── API: remove identity ───────────────────────────────────────────────────
api.registerHttpRoute({ api.registerHttpRoute({
path: "/dirigent/api/identity/", path: "/dirigent/api/identity/",
auth: "gateway", auth: "plugin",
match: "prefix", match: "prefix",
handler: (req, res) => { handler: (req, res) => {
if (req.method !== "DELETE") { res.writeHead(405); res.end(); return; } if (req.method !== "DELETE") { res.writeHead(405); res.end(); return; }
@@ -257,7 +257,7 @@ export function registerControlPage(deps: {
// ── API: set channel mode ────────────────────────────────────────────────── // ── API: set channel mode ──────────────────────────────────────────────────
api.registerHttpRoute({ api.registerHttpRoute({
path: "/dirigent/api/channel-mode", path: "/dirigent/api/channel-mode",
auth: "gateway", auth: "plugin",
match: "exact", match: "exact",
handler: (req, res) => { handler: (req, res) => {
if (req.method !== "POST") { res.writeHead(405); res.end(); return; } if (req.method !== "POST") { res.writeHead(405); res.end(); return; }
@@ -282,7 +282,7 @@ export function registerControlPage(deps: {
// ── API: rescan padded-cell ──────────────────────────────────────────────── // ── API: rescan padded-cell ────────────────────────────────────────────────
api.registerHttpRoute({ api.registerHttpRoute({
path: "/dirigent/api/rescan-padded-cell", path: "/dirigent/api/rescan-padded-cell",
auth: "gateway", auth: "plugin",
match: "exact", match: "exact",
handler: (req, res) => { handler: (req, res) => {
if (req.method !== "POST") { res.writeHead(405); res.end(); return; } if (req.method !== "POST") { res.writeHead(405); res.end(); return; }