Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #218 from naturallaw777/copilot/fix-login-ux-issue

Browse Source 
Auto-login on desktop launch: skip duplicate password prompt
This commit is contained in:
Sovran_Systems
2026-04-12 20:04:07 -05:00
committed by GitHub
parent 75e79f2a16 b25c077835
commit 40180b5cb7
2 changed files with 25 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
app/sovran_systemsos_web/server.py
View File

@@ -87,7 +87,7 @@ LOGIN_FAIL_WINDOW = 60.0 # rolling window (seconds) for counting failures
LOGIN_FAIL_MAX = 10 # max failures in window before extra delay
# Public paths that are accessible without a valid session
_AUTH_EXEMPT_PATHS = {"/login", "/api/login", "/api/updates/status", "/api/rebuild/status"}
_AUTH_EXEMPT_PATHS = {"/login", "/api/login", "/api/updates/status", "/api/rebuild/status", "/auto-login"}
# Prefixes for static assets required by the login page
_AUTH_EXEMPT_PREFIXES = ("/static/css/", "/static/sovran-hub-icon.svg")
@@ -1594,6 +1594,29 @@ async def login_page(request: Request):
return templates.TemplateResponse("login.html", {"request": request})
@app.get("/auto-login")
async def auto_login_redirect(request: Request):
"""Localhost-only auto-login: create a session, set the cookie, and redirect to /.
Only requests from 127.0.0.1 or ::1 are accepted so that remote clients on
the LAN cannot bypass the password prompt by navigating to this URL.
"""
client_ip = request.client.host if request.client else "unknown"
if client_ip not in ("127.0.0.1", "::1"):
raise HTTPException(status_code=403, detail="Forbidden")
token = _create_session()
response = RedirectResponse(url="/", status_code=303)
response.set_cookie(
key=SESSION_COOKIE_NAME,
value=token,
max_age=SESSION_MAX_AGE,
httponly=True,
samesite="lax",
secure=False, # LAN-only appliance; no TLS on the Hub port
)
return response
class LoginRequest(BaseModel):
password: str

2
modules/core/sovran-hub.nix
View File

@@ -221,7 +221,7 @@ let
trap '[ -n "$HUB_DATA" ] && rm -rf "$HUB_DATA"' EXIT INT TERM
export BAMF_DESKTOP_FILE_HINT="/run/current-system/sw/share/applications/sovran-hub.desktop"
export GIO_LAUNCHED_DESKTOP_FILE="/run/current-system/sw/share/applications/sovran-hub.desktop"
brave --app=http://localhost:8937 \
brave --app=http://localhost:8937/auto-login \
--class=sovran-hub \
--user-data-dir="$HUB_DATA" \
--password-store=basic \