cosmo/XIVLauncherRemoteOTP
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

implement user authentication, role-based access control, and multi-user instance isolation

Browse source
This commit is contained in:
CPTN Cosmo 2026-04-18 17:00:13 +02:00
parent 844879d301
commit bb7053b01e
6 changed files with 354 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

57
static/app.js
View file

@ -113,14 +113,18 @@ document.addEventListener('DOMContentLoaded', () => {
loginForm.addEventListener('submit', async (e) => {
e.preventDefault();
const username = document.getElementById('login-username').value;
const password = document.getElementById('login-password').value;
try {
const res = await fetch('/api/login', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ password })
body: JSON.stringify({ username, password })
});
if (res.ok) {
const data = await res.json();
currentUser = data.user;
setupUIForUser();
hideLogin();
loginError.style.display = 'none';
document.getElementById('login-password').value = '';
@ -134,15 +138,66 @@ document.addEventListener('DOMContentLoaded', () => {
}
});
const setupUIForUser = () => {
if (currentUser.is_admin) {
navAdmin.style.display = 'block';
} else {
navAdmin.style.display = 'none';
}
};
logoutBtn.addEventListener('click', async () => {
try {
await fetch('/api/logout');
currentUser = null;
showLogin();
} catch (e) {
console.error('Logout error', e);
}
});
createUserForm.addEventListener('submit', async (e) => {
e.preventDefault();
const username = document.getElementById('new-username').value;
const password = document.getElementById('new-password').value;
const is_admin = document.getElementById('new-is-admin').checked;
try {
const res = await fetch('/api/users', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ username, password, is_admin })
});
if (res.ok) {
createUserForm.reset();
fetchUsers();
} else {
const data = await res.json();
alert(data.detail || 'Failed to create user');
}
} catch (e) {
console.error('Error creating user', e);
}
});
changePasswordForm.addEventListener('submit', async (e) => {
e.preventDefault();
const password = document.getElementById('profile-new-password').value;
try {
const res = await fetch('/api/users/me/password', {
method: 'PUT',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ password })
});
if (res.ok) {
changePasswordForm.reset();
profileSuccess.style.display = 'block';
setTimeout(() => profileSuccess.style.display = 'none', 3000);
}
} catch (e) {
console.error('Error changing password', e);
}
});
refreshBtn.addEventListener('click', fetchInstances);
window.deleteInstance = async (id) => {

BIN
static/favicon.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 415 KiB

54
static/index.html
View file

@ -5,6 +5,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>XIVLauncher Remote OTP</title>
<link rel="stylesheet" href="/static/style.css">
<link rel="icon" type="image/png" href="/static/favicon.png">
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet">
</head>
<body>
@ -26,8 +27,15 @@
</button>
</header>
<nav id="main-nav" class="main-nav" style="display: none;">
<button class="nav-item active" data-tab="instances">Instances</button>
<button class="nav-item" id="nav-admin" data-tab="admin" style="display: none;">Admin</button>
<button class="nav-item" data-tab="profile">Profile</button>
</nav>
<main>
<div class="card add-instance-card">
<div id="instances-section" class="tab-content active">
<div class="card add-instance-card">
<h2>Add Instance</h2>
<form id="add-form">
<div class="form-group">
@ -89,6 +97,42 @@
<!-- Instances injected via JS -->
</div>
</div>
<div id="admin-section" class="tab-content">
<div class="card user-management-card">
<h2>User Management</h2>
<form id="create-user-form" class="form-row">
<div class="form-group">
<input type="text" id="new-username" placeholder="Username" required>
</div>
<div class="form-group">
<input type="password" id="new-password" placeholder="Password" required>
</div>
<div class="form-group checkbox-group">
<label><input type="checkbox" id="new-is-admin"> Admin</label>
</div>
<button type="submit" class="btn btn-primary">Create User</button>
</form>
<div id="users-list" class="users-list">
<!-- Users injected via JS -->
</div>
</div>
</div>
<div id="profile-section" class="tab-content">
<div class="card profile-card">
<h2>My Profile</h2>
<p class="helper-text">Change your account password below.</p>
<form id="change-password-form">
<div class="form-group">
<label for="profile-new-password">New Password</label>
<input type="password" id="profile-new-password" placeholder="Enter new password" required>
</div>
<button type="submit" class="btn btn-primary">Update Password</button>
</form>
<div id="profile-success" class="success-msg" style="display: none;">Password updated successfully!</div>
</div>
</div>
</main>
</div>
@ -99,16 +143,20 @@
<rect x="3" y="11" width="18" height="11" rx="2" ry="2"></rect>
<path d="M7 11V7a5 5 0 0 1 10 0v4"></path>
</svg>
<h2>Login Required</h2>
<h2>Login</h2>
</div>
<form id="login-form">
<div class="form-group">
<label for="login-username">Username</label>
<input type="text" id="login-username" placeholder="Enter your username" required autocomplete="username">
</div>
<div class="form-group">
<label for="login-password">Password</label>
<input type="password" id="login-password" placeholder="Enter your password" required autocomplete="current-password">
</div>
<button type="submit" class="btn btn-primary">Login</button>
</form>
<div id="login-error" class="login-error" style="display: none;">Invalid password</div>
<div id="login-error" class="login-error" style="display: none;">Invalid username or password</div>
</div>
</div>

84
static/style.css
View file

@ -61,6 +61,44 @@ header {
box-shadow: 0 10px 25px -5px rgba(0, 0, 0, 0.3);
}
.main-nav {
display: flex;
gap: 1rem;
margin-bottom: 1.5rem;
border-bottom: 1px solid var(--border-color);
padding-bottom: 1rem;
}
.nav-item {
background: transparent;
border: none;
color: var(--text-muted);
font-size: 0.875rem;
font-weight: 600;
cursor: pointer;
padding: 0.5rem 1rem;
border-radius: 6px;
transition: all 0.2s;
}
.nav-item:hover {
color: var(--text-main);
background-color: rgba(255, 255, 255, 0.05);
}
.nav-item.active {
color: var(--primary);
background-color: rgba(59, 130, 246, 0.1);
}
.tab-content {
display: none;
}
.tab-content.active {
display: block;
}
.login-card .logo {
justify-content: center;
margin-bottom: 2rem;
@ -335,3 +373,49 @@ input:focus {
.btn-copy.copied {
color: var(--status-online);
}
.users-list {
margin-top: 2rem;
display: flex;
flex-direction: column;
gap: 1rem;
}
.user-item {
background-color: var(--bg-color);
border: 1px solid var(--border-color);
border-radius: 8px;
padding: 1rem;
display: flex;
justify-content: space-between;
align-items: center;
}
.user-info h3 {
font-size: 1rem;
margin-bottom: 0.25rem;
}
.user-actions {
display: flex;
gap: 0.5rem;
}
.checkbox-group {
display: flex;
align-items: center;
gap: 0.5rem;
color: var(--text-muted);
font-size: 0.875rem;
}
.checkbox-group input {
width: auto;
}
.success-msg {
color: var(--status-online);
text-align: center;
margin-top: 1rem;
font-size: 0.875rem;
}