feat: add TOTP 2FA, API key switcher, login progress bar, and alpha hardening plan

- TOTP 2FA: full setup/confirm/disable/login flow with Argon2id + ChaCha20-Poly1305
  encrypted secret storage, QR code generation, and bcrypt-hashed backup codes
- API key switcher: OAuth vs personal API key toggle in AIUI chat settings with
  status indicator, key validation, and help text
- Login progress bar: server startup detection with health check polling, form
  disabled until server is ready
- AI quarantine docs: comprehensive HTML page documenting all 6 security layers
- Settings: AI Data Access permission toggles with per-category control
- Alpha hardening plan: 28-task overnight automation plan across 7 phases
  (onboarding, login, app install, AIUI, UI polish, security, ISO build)
- Backlog: node discovery spatial map feature for alpha demo

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-03-06 12:23:57 +00:00
parent 0b3c23ff76
commit e55fd3baf0
16 changed files with 2402 additions and 152 deletions

View File

@@ -861,6 +861,38 @@ app.post('/rpc/v1', (req, res) => {
return res.json({ result: 'ok' })
}
case 'auth.totp.status': {
return res.json({ result: { enabled: false } })
}
case 'auth.totp.setup.begin': {
return res.json({
result: {
qr_svg: '<svg xmlns="http://www.w3.org/2000/svg" width="200" height="200"><rect width="200" height="200" fill="#fff"/><text x="100" y="100" text-anchor="middle" font-size="12" fill="#333">Mock QR Code</text></svg>',
secret_base32: 'JBSWY3DPEHPK3PXP',
pending_token: 'mock-pending-token',
},
})
}
case 'auth.totp.setup.confirm': {
return res.json({
result: {
enabled: true,
backup_codes: ['ABCD-EFGH', 'JKLM-NPQR', 'STUV-WXYZ', '2345-6789', 'ABCD-2345', 'EFGH-6789', 'JKLM-STUV', 'NPQR-WXYZ'],
},
})
}
case 'auth.totp.disable': {
return res.json({ result: { disabled: true } })
}
case 'auth.login.totp':
case 'auth.login.backup': {
return res.json({ result: { success: true } })
}
default: {
return res.json({
error: {