yiekheng/cm_bot_v2
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
135 Commits 1 Branch 0 Tags
Commit Graph

8 Commits

Author SHA1 Message Date
yiekheng
312cc4dc21 fix(web-auth): gate Secure cookie on CM_DEBUG, pass CM_AGENT creds to web-next 
Previously the session cookie used Secure=NODE_ENV==='production', and the
dev override still runs the standalone build with NODE_ENV=production, so
the cookie was unreachable from phone-on-LAN testing over HTTP. Switching
to CM_DEBUG lets dev (CM_DEBUG=true) drop the Secure flag while keeping
prod (CM_DEBUG=false) safe.

Also wires CM_AGENT_ID/CM_AGENT_PASSWORD/CM_DEBUG into the web-next
service env block so the login Server Action can compare against them.
 2026-05-03 09:01:35 +08:00
yiekheng
380e86b885 feat(web): WebAuthn relying-party helper (host-derived rpID/origin) 2026-05-03 08:27:32 +08:00
yiekheng
7a6569800e feat(web): JSON-file passkey store with atomic writes + write lock 2026-05-03 08:27:21 +08:00
yiekheng
a8751b6731 feat(web): add iron-session wrapper (web/lib/auth.ts) 2026-05-03 08:27:05 +08:00
yiekheng
3297c500a4 feat(web): add server-side api-server fetch helper 2026-05-02 20:50:45 +08:00
yiekheng
aa76131b23 feat(web): add TypeScript types for Acc and User 2026-05-02 20:50:38 +08:00
yiekheng
ff99b1248a feat(web): hide /api entirely — RSC + Server Actions instead 
The Route Handler proxy and hash mapping are gone. Browser never
hits a JSON endpoint: data reads happen in React Server Components
fetching api-server:3000 server-side; mutations (B2) will use
Next.js Server Actions. Zero public API surface to scrape or
enumerate.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-02 20:34:31 +08:00
yiekheng
addc40e851 feat(web): hash-encoded API paths + catch-all Route Handler proxy 2026-05-02 20:31:38 +08:00