- Add setupTokens database table with proper schema
- Implement setup token generation on first server startup
- Add token validation endpoint and modify admin creation
- Update initial setup page to require setup token
- Add migration scripts for both SQLite and PostgreSQL
- Add internationalization support for setup token fields
- Implement proper error handling and logging
- Add CLI command for resetting user security keys
This prevents unauthorized access during initial server setup by requiring
a token that is generated and displayed in the server console.
server/routers/badger/verifySession.ts : verifyResourceSession() updated code behind "cleanHost" var to a regex which strips the trailing :port for any port (rather than a string match for 80/443)
src/app/auth/resource/[resourceId]/page.tsx : ResourceAuthPage() added a secondary match for serverResourceHost and redirectHost that accounts for ports
server/routers/badger/exchangeSession.ts : Updated exchangeSession() to use the same "cleanHost" type var (with port-stripping) as in verifyResourceSession(), replaced references to "host" with "cleanHost"
In NixOS, we wrap these files in a bash script to allow users to just run them as normal executables, instead of calling them as arguments to Node.JS. In our build scripts, we just add the shebang after the files have been compiled, but adding it upstream will allow all Pangolin users to just run ./server.mjs to start their Pangolin instances.
Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
The password for secure authentication may be sensitive, so it is best
to not leave it lying around in a config file. This commit introduces
the EMAIL_SMTP_PASS environment variable, which can be set to configure
the SMTP password without writing it to the configuration file.
Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
