feat: add TOTP 2FA, API key switcher, login progress bar, and alpha hardening plan
- TOTP 2FA: full setup/confirm/disable/login flow with Argon2id + ChaCha20-Poly1305 encrypted secret storage, QR code generation, and bcrypt-hashed backup codes - API key switcher: OAuth vs personal API key toggle in AIUI chat settings with status indicator, key validation, and help text - Login progress bar: server startup detection with health check polling, form disabled until server is ready - AI quarantine docs: comprehensive HTML page documenting all 6 security layers - Settings: AI Data Access permission toggles with per-category control - Alpha hardening plan: 28-task overnight automation plan across 7 phases (onboarding, login, app install, AIUI, UI polish, security, ISO build) - Backlog: node discovery spatial map feature for alpha demo Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -861,6 +861,38 @@ app.post('/rpc/v1', (req, res) => {
|
||||
return res.json({ result: 'ok' })
|
||||
}
|
||||
|
||||
case 'auth.totp.status': {
|
||||
return res.json({ result: { enabled: false } })
|
||||
}
|
||||
|
||||
case 'auth.totp.setup.begin': {
|
||||
return res.json({
|
||||
result: {
|
||||
qr_svg: '<svg xmlns="http://www.w3.org/2000/svg" width="200" height="200"><rect width="200" height="200" fill="#fff"/><text x="100" y="100" text-anchor="middle" font-size="12" fill="#333">Mock QR Code</text></svg>',
|
||||
secret_base32: 'JBSWY3DPEHPK3PXP',
|
||||
pending_token: 'mock-pending-token',
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
case 'auth.totp.setup.confirm': {
|
||||
return res.json({
|
||||
result: {
|
||||
enabled: true,
|
||||
backup_codes: ['ABCD-EFGH', 'JKLM-NPQR', 'STUV-WXYZ', '2345-6789', 'ABCD-2345', 'EFGH-6789', 'JKLM-STUV', 'NPQR-WXYZ'],
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
case 'auth.totp.disable': {
|
||||
return res.json({ result: { disabled: true } })
|
||||
}
|
||||
|
||||
case 'auth.login.totp':
|
||||
case 'auth.login.backup': {
|
||||
return res.json({ result: { success: true } })
|
||||
}
|
||||
|
||||
default: {
|
||||
return res.json({
|
||||
error: {
|
||||
|
||||
Reference in New Issue
Block a user