Buriburizaemon/nodewarden
1
0
Fork 0
mirror of https://github.com/shuaiplus/nodewarden.git synced 2026-06-20 21:00:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: update README files for clarity on deployment steps and features

Browse Source
This commit is contained in:
shuaiplus
2026-03-01 19:31:03 +08:00
committed by Shuai
parent 9061ab52b6
commit 68f66cf4e6
13 changed files with 164 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+18 -7
View File
@@ -32,9 +32,9 @@ English[`README_EN.md`](./README_EN.md)
| 附件上传/下载 | ✅ | ✅ | 基于 Cloudflare R2 |
| 导入功能 | ✅ | ✅ | 覆盖常见导入路径 |
| 网站图标代理 | ✅ | ✅ | 通过 `/icons/{hostname}/icon.png` |
| passkey、TOTP | ❌ | ✅ |官方需要会员,我们的不需要 |
| passkey、TOTP字段 | ❌ | ✅ |官方需要会员,我们的不需要 |
| Send | ✅ | ✅ | 已支持文本 Send 与文件 Send |
| 多用户 | ✅ | ✅ | 完整的用户管理 |
| 多用户 | ✅ | ✅ | 完整的用户管理,邀请机制 |
| 组织/集合/成员权限 | ✅ | ❌ | 没必要实现 |
| 登录 2FATOTP/WebAuthn/Duo/Email | ✅ | ⚠️ 部分支持 | 仅支持 TOTP(通过 `TOTP_SECRET` |
| SSO / SCIM / 企业目录 | ✅ | ❌ | 没必要实现 |
@@ -47,8 +47,8 @@ English[`README_EN.md`](./README_EN.md)
- ✅ Windows 客户端(v2026.1.0
- ✅ 手机 Appv2026.1.0
- ✅ 浏览器扩展(v2026.1.0
- ✅ Linux 客户端(v2026.1.0
- ⬜ macOS 客户端(未测试)
- ⬜ Linux 客户端(未测试)
---
# 快速开始
@@ -57,9 +57,15 @@ English[`README_EN.md`](./README_EN.md)
**部署步骤:**
1. 先在右上角fork此项目(若后续不需要更新,可不fork)
2. [![Deploy to Cloudflare Workers](https://deploy.workers.cloudflare.com/button)](https://deploy.workers.cloudflare.com/?url=https://github.com/shuaiplus/nodewarden)
3. 打开部署后生成的链接,并根据网页提示完成后续操作。
1. 首先Fork本仓库,命名为**NodeWarden**
2. 点击下面的一键部署按钮,修改项目名称为**NodeWarden2**,修改**JWT_SECRET**成32为随机字符串
3. [![Deploy to Cloudflare Workers](https://deploy.workers.cloudflare.com/button)](https://deploy.workers.cloudflare.com/?url=https://github.com/shuaiplus/nodewarden)
4. 部署完成后,同一页面打开workers设置,将**Git存储库**断开连接
5. 同一位置,**Git存储库**链接至第一步Fork的仓库
**同步上游(更新):**
- 手动:Github打开你Fork的私人仓库,看到顶部同步提示时,点击 “Sync fork”。
- 自动:进入你的 Fork 仓库 → Actions,点击 “I understand my workflows, go ahead and enable them”,每天凌晨三点自动同步至上游
### CLI 部署
@@ -80,6 +86,11 @@ npx wrangler r2 bucket create nodewarden-attachments
# 部署
npx wrangler deploy
# 需更新时重新拉取仓库,重新部署即可,无需创建云资源
git clone https://github.com/shuaiplus/NodeWarden.git
cd NodeWarden
npx wrangler deploy
```
---
@@ -102,7 +113,7 @@ A: 在客户端中选择「导出密码库」,保存 JSON 文件。
A: 无法恢复,这是端到端加密的特性。建议妥善保管主密码。
**Q: 可以多人使用吗?**
A: 不建议。本项目为单用户设计,多人使用请选择 Vaultwarden
A: 支持。第一个注册的用户自动成为管理员,管理员可在管理页面生成邀请码,其他用户凭邀请码注册
---
README_EN.md
+25 -15
View File
@@ -16,10 +16,9 @@
中文文档:[`README.md`](./README.md)
> Disclaimer
> - This project is for learning and communication only.
> - We are not responsible for any data loss. Regular vault backups are strongly recommended.
> - This project is not affiliated with Bitwarden. Please do not report issues to the official Bitwarden team.
> **Disclaimer**
> This project is for learning and communication purposes only. We are not responsible for any data loss; regular vault backups are strongly recommended.
> This project is not affiliated with Bitwarden. Please do not report issues to the official Bitwarden team.
---
@@ -27,14 +26,14 @@
| Capability | Bitwarden | NodeWarden | Notes |
|---|---|---|---|
| Single-user vault (logins/notes/cards/identities) | ✅ | ✅ | Core vault model supported |
| Single-user vault (logins/notes/cards/identities) | ✅ | ✅ | Based on Cloudflare D1 |
| Folders / Favorites | ✅ | ✅ | Common vault organization supported |
| Full sync `/api/sync` | ✅ | ✅ | Compatibility-focused implementation |
| Full sync `/api/sync` | ✅ | ✅ | Compatibility and performance optimized |
| Attachment upload/download | ✅ | ✅ | Backed by Cloudflare R2 |
| Import flow (common clients) | ✅ | ✅ | Common import paths covered |
| Website icon proxy | ✅ | ✅ | Via `/icons/{hostname}/icon.png` |
| passkey、TOTP | ❌ | ✅ | Official service requires premium; NodeWarden does not |
| Multi-user | ✅ | ✅ | Full User Management |
| passkey、TOTP fields | ❌ | ✅ | Official service requires premium; NodeWarden does not |
| Multi-user | ✅ | ✅ | Full user management with invitation mechanism |
| Send | ✅ | ✅ | Text Send and File Send are supported |
| Organizations / Collections / Member roles | ✅ | ❌ | Not necessary to implement |
| Login 2FA (TOTP/WebAuthn/Duo/Email) | ✅ | ⚠️ Partial | TOTP-only via `TOTP_SECRET` |
@@ -47,10 +46,10 @@
## Tested clients / platforms
- ✅ Windows desktop client (v2026.1.0)
-Android app (v2026.1.0)
-Mobile app (v2026.1.0)
- ✅ Browser extension (v2026.1.0)
- ✅ Linux desktop client (v2026.1.0)
- ⬜ macOS desktop client (not tested)
- ⬜ Linux desktop client (not tested)
---
@@ -60,9 +59,15 @@
**Deploy steps:**
1. Fork this project (you don't need to fork it if you don't need to update it later).
2. [![Deploy to Cloudflare Workers](https://deploy.workers.cloudflare.com/button)](https://deploy.workers.cloudflare.com/?url=https://github.com/shuaiplus/nodewarden)
3. Open the generated service URL and follow the on-page instructions.
1. Fork this repository and name it **NodeWarden**.
2. Click the deploy button below, rename the project to **NodeWarden2**, and set **JWT_SECRET** to a 32-character random string.
3. [![Deploy to Cloudflare Workers](https://deploy.workers.cloudflare.com/button)](https://deploy.workers.cloudflare.com/?url=https://github.com/shuaiplus/nodewarden)
4. After deployment, open the Workers settings on the same page and disconnect the **Git repository**.
5. From the same location, reconnect the **Git repository** to the fork you created in step 1.
**Sync upstream (update):**
- Manual: Open your forked repository on GitHub and click **Sync fork** when the sync prompt appears at the top.
- Automatic: Go to your fork → Actions, click "I understand my workflows, go ahead and enable them". The repository will auto-sync with upstream every day at 3 AM.
### CLI deploy
@@ -83,9 +88,14 @@ npx wrangler r2 bucket create nodewarden-attachments
# Deploy
npx wrangler deploy
# To update later: re-clone and re-deploy — no need to recreate cloud resources
git clone https://github.com/shuaiplus/NodeWarden.git
cd NodeWarden
npx wrangler deploy
```
---
## Local development
This repo is a Cloudflare Workers TypeScript project (Wrangler).
@@ -105,7 +115,7 @@ A: Use **Export vault** in your client and save the JSON file.
A: It cant be recovered (end-to-end encryption). Keep it safe.
**Q: Can multiple people use it?**
A: Not recommended. This project is designed for single-user usage. For multi-user usage, choose Vaultwarden.
A: Yes. The first registered user becomes the admin. The admin can generate invite codes from the admin panel, and other users register with those codes.
---
src/config/limits.ts
+3
View File
@@ -41,6 +41,9 @@
// /api/devices/knowndevice probe budget per IP per minute.
// /api/devices/knowndevice 每 IP 每分钟探测配额。
knownDeviceRequestsPerMinute: 10,
// Public Send access budget per IP per minute.
// 公共 Send 访问接口每 IP 每分钟配额。
publicSendRequestsPerMinute: 60,
// Fixed window size for API rate limiting in seconds.
// API 限流固定窗口大小(秒)。
apiWindowSeconds: 60,
src/handlers/accounts.ts
+22 -4
View File
@@ -1,6 +1,7 @@
import { Env, User, ProfileResponse, DEFAULT_DEV_SECRET } from '../types';
import { StorageService } from '../services/storage';
import { AuthService } from '../services/auth';
import { RateLimitService, getClientIdentifier } from '../services/ratelimit';
import { jsonResponse, errorResponse } from '../utils/response';
import { generateUUID } from '../utils/uuid';
import { LIMITS } from '../config/limits';
@@ -449,6 +450,7 @@ export async function handleGetTotpRecoveryCode(request: Request, env: Env, user
export async function handleRecoverTwoFactor(request: Request, env: Env): Promise<Response> {
const storage = new StorageService(env.DB);
const auth = new AuthService(env);
const rateLimit = new RateLimitService(env.DB);
let body: Record<string, string | undefined>;
try {
@@ -466,20 +468,35 @@ export async function handleRecoverTwoFactor(request: Request, env: Env): Promis
const email = String(body.email || body.username || '').trim().toLowerCase();
const masterPasswordHash = String(body.masterPasswordHash || body.password || '').trim();
const recoveryCode = normalizeRecoveryCodeInput(String(body.recoveryCode || body.twoFactorToken || body.recovery_code || ''));
const recoverLimitKey = `${getClientIdentifier(request)}:recover-2fa:${email || 'unknown'}`;
const recoverAttemptCheck = await rateLimit.checkLoginAttempt(recoverLimitKey);
if (!recoverAttemptCheck.allowed) {
return errorResponse(
`Too many failed recovery attempts. Try again in ${Math.ceil((recoverAttemptCheck.retryAfterSeconds || 60) / 60)} minutes.`,
429
);
}
if (!email || !masterPasswordHash || !recoveryCode) {
return errorResponse('Email, masterPasswordHash and recoveryCode are required', 400);
}
const user = await storage.getUser(email);
if (!user) return errorResponse('Invalid credentials', 400);
if (user.status !== 'active') return errorResponse('Account is disabled', 403);
if (!user || user.status !== 'active') {
await rateLimit.recordFailedLogin(recoverLimitKey);
return errorResponse('Invalid credentials or recovery code', 400);
}
const validPassword = await auth.verifyPassword(masterPasswordHash, user.masterPasswordHash);
if (!validPassword) return errorResponse('Invalid credentials', 400);
if (!validPassword) {
await rateLimit.recordFailedLogin(recoverLimitKey);
return errorResponse('Invalid credentials or recovery code', 400);
}
if (!recoveryCodeEquals(recoveryCode, user.totpRecoveryCode)) {
return errorResponse('Recovery code is incorrect. Try again.', 400);
await rateLimit.recordFailedLogin(recoverLimitKey);
return errorResponse('Invalid credentials or recovery code', 400);
}
user.totpSecret = null;
@@ -488,6 +505,7 @@ export async function handleRecoverTwoFactor(request: Request, env: Env): Promis
user.updatedAt = new Date().toISOString();
await storage.saveUser(user);
await storage.deleteRefreshTokensByUserId(user.id);
await rateLimit.clearLoginAttempts(recoverLimitKey);
return jsonResponse({
success: true,
src/handlers/identity.ts
+11 -1
View File
@@ -105,6 +105,7 @@ export async function handleToken(request: Request, env: Env): Promise<Response>
}
const grantType = body.grant_type;
const clientIdentifier = getClientIdentifier(request);
if (grantType === 'password') {
// Login with password
@@ -113,7 +114,7 @@ export async function handleToken(request: Request, env: Env): Promise<Response>
const twoFactorToken = body.twoFactorToken;
const twoFactorProvider = body.twoFactorProvider;
const twoFactorRemember = body.twoFactorRemember;
const loginIdentifier = getClientIdentifier(request);
const loginIdentifier = clientIdentifier;
const deviceInfo = readAuthRequestDeviceInfo(body, request);
if (!email || !passwordHash) {
@@ -266,6 +267,15 @@ export async function handleToken(request: Request, env: Env): Promise<Response>
return jsonResponse(response);
} else if (grantType === 'send_access') {
const sendAccessLimit = await rateLimit.consumePublicSendAccessBudget(`${clientIdentifier}:public-send-oauth`);
if (!sendAccessLimit.allowed) {
return identityErrorResponse(
`Too many public Send requests. Try again in ${sendAccessLimit.retryAfterSeconds} seconds.`,
'TooManyRequests',
429
);
}
const sendId = String(body.send_id || body.sendId || '').trim();
if (!sendId) {
return jsonResponse(
src/handlers/sends.ts
+18 -2
View File
@@ -322,6 +322,14 @@ function hasEmailAuth(send: Send): boolean {
return send.authType === SendAuthType.Email;
}
function getSafeJwtSecret(env: Env): { ok: true; secret: string } | { ok: false; response: Response } {
const secret = (env.JWT_SECRET || '').trim();
if (!secret || secret.length < LIMITS.auth.jwtSecretMinLength || secret === DEFAULT_DEV_SECRET) {
return { ok: false, response: errorResponse('Server configuration error', 500) };
}
return { ok: true, secret };
}
function extractBearerToken(request: Request): string | null {
const authHeader = request.headers.get('Authorization');
if (!authHeader) return null;
@@ -1078,12 +1086,15 @@ export async function handleAccessSendFile(
// POST /api/sends/access (v2 bearer)
export async function handleAccessSendV2(request: Request, env: Env): Promise<Response> {
const jwt = getSafeJwtSecret(env);
if (!jwt.ok) return jwt.response;
const token = extractBearerToken(request);
if (!token) {
return errorResponse('Unauthorized', 401);
}
const claims = await verifySendAccessToken(token, env.JWT_SECRET);
const claims = await verifySendAccessToken(token, jwt.secret);
if (!claims) {
return errorResponse('Unauthorized', 401);
}
@@ -1196,6 +1207,11 @@ export async function issueSendAccessToken(
passwordHashB64?: string | null,
password?: string | null
): Promise<{ token: string } | { error: Response }> {
const jwt = getSafeJwtSecret(env);
if (!jwt.ok) {
return { error: jwt.response };
}
const storage = new StorageService(env.DB);
const send = await resolveSendFromIdOrAccessId(storage, sendIdOrAccessId);
@@ -1260,7 +1276,7 @@ export async function issueSendAccessToken(
}
}
const token = await createSendAccessToken(send.id, env.JWT_SECRET);
const token = await createSendAccessToken(send.id, jwt.secret);
return { token };
}
src/router.ts
+28 -6
View File
@@ -12,7 +12,6 @@ import { handleToken, handlePrelogin, handleRevocation } from './handlers/identi
import {
handleRegister,
handleGetProfile,
handleUpdateProfile,
handleSetKeys,
handleGetRevisionDate,
handleVerifyPassword,
@@ -214,6 +213,24 @@ export async function handleRequest(request: Request, env: Env): Promise<Respons
const url = new URL(request.url);
const path = url.pathname;
const method = request.method;
const clientId = getClientIdentifier(request);
async function enforcePublicSendRateLimit(): Promise<Response | null> {
const rateLimit = new RateLimitService(env.DB);
const check = await rateLimit.consumePublicSendAccessBudget(`${clientId}:public-send`);
if (check.allowed) return null;
return new Response(JSON.stringify({
error: 'Too many requests',
error_description: `Too many public Send requests. Try again in ${check.retryAfterSeconds} seconds.`,
}), {
status: 429,
headers: {
'Content-Type': 'application/json',
'Retry-After': String(check.retryAfterSeconds || 60),
'X-RateLimit-Remaining': '0',
},
});
}
// Handle CORS preflight
if (method === 'OPTIONS') {
@@ -272,23 +289,31 @@ export async function handleRequest(request: Request, env: Env): Promise<Respons
// Public Send access endpoints
const sendAccessMatch = path.match(/^\/api\/sends\/access\/([^/]+)$/i);
if (sendAccessMatch && method === 'POST') {
const blocked = await enforcePublicSendRateLimit();
if (blocked) return blocked;
const accessId = sendAccessMatch[1];
return handleAccessSend(request, env, accessId);
}
const sendAccessV2Match = path === '/api/sends/access';
if (sendAccessV2Match && method === 'POST') {
const blocked = await enforcePublicSendRateLimit();
if (blocked) return blocked;
return handleAccessSendV2(request, env);
}
const sendAccessFileV2Match = path.match(/^\/api\/sends\/access\/file\/([a-f0-9-]+)$/i);
if (sendAccessFileV2Match && method === 'POST') {
const blocked = await enforcePublicSendRateLimit();
if (blocked) return blocked;
const fileId = sendAccessFileV2Match[1];
return handleAccessSendFileV2(request, env, fileId);
}
const sendAccessFileMatch = path.match(/^\/api\/sends\/([^/]+)\/access\/file\/([a-f0-9-]+)$/i);
if (sendAccessFileMatch && method === 'POST') {
const blocked = await enforcePublicSendRateLimit();
if (blocked) return blocked;
const idOrAccessId = sendAccessFileMatch[1];
const fileId = sendAccessFileMatch[2];
return handleAccessSendFile(request, env, idOrAccessId, fileId);
@@ -309,8 +334,7 @@ export async function handleRequest(request: Request, env: Env): Promise<Respons
// Known device check (no auth required)
if (path === '/api/devices/knowndevice' && method === 'GET') {
const rateLimit = new RateLimitService(env.DB);
const clientIp = getClientIdentifier(request);
const probeLimit = await rateLimit.consumeKnownDeviceProbeBudget(clientIp + ':known-device');
const probeLimit = await rateLimit.consumeKnownDeviceProbeBudget(clientId + ':known-device');
if (!probeLimit.allowed) {
// Keep compatibility simple: do not error, just answer "unknown device".
return jsonResponse(false);
@@ -417,8 +441,6 @@ export async function handleRequest(request: Request, env: Env): Promise<Respons
if (currentUser.status !== 'active') {
return errorResponse('Account is disabled', 403);
}
const clientId = getClientIdentifier(request);
// Dedicated read rate limiting for heavy sync endpoint.
if (path === '/api/sync' && method === 'GET') {
const rateLimit = new RateLimitService(env.DB);
@@ -476,7 +498,7 @@ export async function handleRequest(request: Request, env: Env): Promise<Respons
// Account endpoints
if (path === '/api/accounts/profile') {
if (method === 'GET') return handleGetProfile(request, env, userId);
if (method === 'PUT') return handleUpdateProfile(request, env, userId);
return errorResponse('Method not allowed', 405);
}
if ((path === '/api/accounts/password' || path === '/api/accounts/change-password') && (method === 'POST' || method === 'PUT')) {
src/services/ratelimit.ts
+11
View File
@@ -17,6 +17,8 @@ const CONFIG = {
SYNC_READ_REQUESTS_PER_MINUTE: LIMITS.rateLimit.syncReadRequestsPerMinute,
// Dedicated budget for GET /api/devices/knowndevice probes.
KNOWN_DEVICE_REQUESTS_PER_MINUTE: LIMITS.rateLimit.knownDeviceRequestsPerMinute,
// Dedicated budget for unauthenticated public Send access endpoints.
PUBLIC_SEND_REQUESTS_PER_MINUTE: LIMITS.rateLimit.publicSendRequestsPerMinute,
API_WINDOW_SECONDS: LIMITS.rateLimit.apiWindowSeconds,
};
@@ -233,6 +235,15 @@ export class RateLimitService {
CONFIG.API_WINDOW_SECONDS
);
}
// Budget for unauthenticated public Send access endpoints.
async consumePublicSendAccessBudget(identifier: string): Promise<{ allowed: boolean; remaining: number; retryAfterSeconds?: number }> {
return this.consumeFixedWindowBudget(
identifier,
CONFIG.PUBLIC_SEND_REQUESTS_PER_MINUTE,
CONFIG.API_WINDOW_SECONDS
);
}
}
export function getClientIdentifier(request: Request): string {
webapp/src/App.tsx
+4 -13
View File
@@ -1,7 +1,7 @@
import { useEffect, useMemo, useState } from 'preact/hooks';
import { Link, Route, Switch, useLocation } from 'wouter';
import { useQuery } from '@tanstack/react-query';
import { CircleHelp, LogOut, Send as SendIcon, Settings as SettingsIcon, Shield, ShieldUser, Vault } from 'lucide-preact';
import { CircleHelp, Lock, LogOut, Send as SendIcon, Settings as SettingsIcon, Shield, ShieldUser, Vault } from 'lucide-preact';
import AuthViews from '@/components/AuthViews';
import ConfirmDialog from '@/components/ConfirmDialog';
import ToastHost from '@/components/ToastHost';
@@ -53,7 +53,6 @@ import {
updateSend,
buildSendShareKey,
unlockVaultKey,
updateProfile,
verifyMasterPassword,
} from '@/lib/api';
import { base64ToBytes, decryptBw, decryptStr, hkdf } from '@/lib/crypto';
@@ -580,16 +579,6 @@ export default function App() {
};
}, [session?.symEncKey, session?.symMacKey, foldersQuery.data, ciphersQuery.data, sendsQuery.data]);
async function saveProfileAction(name: string, email: string) {
try {
const updated = await updateProfile(authedFetch, { name: name.trim(), email: email.trim().toLowerCase() });
setProfile(updated);
pushToast('success', t('txt_profile_updated'));
} catch (error) {
pushToast('error', error instanceof Error ? error.message : t('txt_save_profile_failed'));
}
}
async function changePasswordAction(currentPassword: string, nextPassword: string, nextPassword2: string) {
if (!profile) return;
if (!currentPassword || !nextPassword) {
@@ -955,6 +944,9 @@ export default function App() {
<ShieldUser size={16} />
<span>{profile?.email}</span>
</div>
<button type="button" className="btn btn-secondary small" onClick={handleLock}>
<Lock size={14} className="btn-icon" /> {t('txt_lock')}
</button>
<button type="button" className="btn btn-secondary small" onClick={handleLogout}>
<LogOut size={14} className="btn-icon" /> {t('txt_sign_out')}
</button>
@@ -1026,7 +1018,6 @@ export default function App() {
<SettingsPage
profile={profile}
totpEnabled={!!totpStatusQuery.data?.enabled}
onSaveProfile={saveProfileAction}
onChangePassword={changePasswordAction}
onEnableTotp={async (secret, token) => {
await enableTotpAction(secret, token);
webapp/src/components/SettingsPage.tsx
+9 -32
View File
@@ -1,5 +1,5 @@
import { useEffect, useMemo, useState } from 'preact/hooks';
import { Clipboard, KeyRound, RefreshCw, Save, ShieldCheck, ShieldOff } from 'lucide-preact';
import { Clipboard, KeyRound, RefreshCw, ShieldCheck, ShieldOff } from 'lucide-preact';
import qrcode from 'qrcode-generator';
import type { Profile } from '@/lib/types';
import { t } from '@/lib/i18n';
@@ -7,7 +7,6 @@ import { t } from '@/lib/i18n';
interface SettingsPageProps {
profile: Profile;
totpEnabled: boolean;
onSaveProfile: (name: string, email: string) => Promise<void>;
onChangePassword: (currentPassword: string, nextPassword: string, nextPassword2: string) => Promise<void>;
onEnableTotp: (secret: string, token: string) => Promise<void>;
onOpenDisableTotp: () => void;
@@ -30,8 +29,6 @@ function buildOtpUri(email: string, secret: string): string {
export default function SettingsPage(props: SettingsPageProps) {
const totpSecretStorageKey = `nodewarden.totp.secret.${props.profile.id}`;
const [name, setName] = useState(props.profile.name || '');
const [email, setEmail] = useState(props.profile.email || '');
const [currentPassword, setCurrentPassword] = useState('');
const [newPassword, setNewPassword] = useState('');
const [newPassword2, setNewPassword2] = useState('');
@@ -49,12 +46,13 @@ export default function SettingsPage(props: SettingsPageProps) {
setTotpLocked(true);
}, [props.totpEnabled]);
const qrSvg = useMemo(() => {
const qrDataUrl = useMemo(() => {
const qr = qrcode(0, 'M');
qr.addData(buildOtpUri(email || props.profile.email, secret));
qr.addData(buildOtpUri(props.profile.email, secret));
qr.make();
return qr.createSvgTag({ scalable: true, margin: 0 });
}, [email, props.profile.email, secret]);
const svg = qr.createSvgTag({ scalable: true, margin: 0 });
return `data:image/svg+xml;charset=utf-8,${encodeURIComponent(svg)}`;
}, [props.profile.email, secret]);
async function enableTotp(): Promise<void> {
await props.onEnableTotp(secret, token);
@@ -70,29 +68,6 @@ export default function SettingsPage(props: SettingsPageProps) {
return (
<div className="stack">
<section className="card">
<h3>{t('txt_profile')}</h3>
<div className="field-grid">
<label className="field">
<span>{t('txt_name')}</span>
<input className="input" value={name} onInput={(e) => setName((e.currentTarget as HTMLInputElement).value)} />
</label>
<label className="field">
<span>{t('txt_email')}</span>
<input
className="input"
type="email"
value={email}
onInput={(e) => setEmail((e.currentTarget as HTMLInputElement).value)}
/>
</label>
</div>
<button type="button" className="btn btn-primary" onClick={() => void props.onSaveProfile(name, email)}>
<Save size={14} className="btn-icon" />
{t('txt_save_profile')}
</button>
</section>
<section className="card">
<h3>{t('txt_change_master_password')}</h3>
<label className="field">
@@ -130,7 +105,9 @@ export default function SettingsPage(props: SettingsPageProps) {
<h3>{t('txt_totp')}</h3>
{totpLocked && <div className="status-ok">{t('txt_totp_is_enabled_for_this_account')}</div>}
<div className="totp-grid">
<div className="totp-qr" dangerouslySetInnerHTML={{ __html: qrSvg }} />
<div className="totp-qr">
<img src={qrDataUrl} alt="TOTP QR" />
</div>
<div>
<div>
<label className="field">
webapp/src/lib/api.ts
+5 -18
View File
@@ -30,7 +30,11 @@ export function loadSession(): SessionState | null {
if (!raw) return null;
const parsed = JSON.parse(raw) as SessionState;
if (!parsed.accessToken || !parsed.refreshToken) return null;
return parsed;
return {
accessToken: parsed.accessToken,
refreshToken: parsed.refreshToken,
email: parsed.email,
};
} catch {
return null;
}
@@ -45,8 +49,6 @@ export function saveSession(session: SessionState | null): void {
accessToken: session.accessToken,
refreshToken: session.refreshToken,
email: session.email,
symEncKey: session.symEncKey,
symMacKey: session.symMacKey,
};
localStorage.setItem(SESSION_KEY, JSON.stringify(persisted));
}
@@ -328,21 +330,6 @@ export async function getSends(authedFetch: (input: string, init?: RequestInit)
return body?.data || [];
}
export async function updateProfile(
authedFetch: (input: string, init?: RequestInit) => Promise<Response>,
payload: { name: string; email: string }
): Promise<Profile> {
const resp = await authedFetch('/api/accounts/profile', {
method: 'PUT',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(payload),
});
if (!resp.ok) throw new Error('Save profile failed');
const body = await parseJson<Profile>(resp);
if (!body) throw new Error('Invalid profile');
return body;
}
export async function changeMasterPassword(
authedFetch: (input: string, init?: RequestInit) => Promise<Response>,
args: {
webapp/src/lib/i18n.ts
+5 -2
View File
@@ -196,6 +196,7 @@ const messages: Record<Locale, Record<string, string>> = {
txt_copied: "Copied",
txt_log_in: "Log In",
txt_log_out: "Log Out",
txt_lock: "Lock",
txt_login: "Login",
txt_login_credentials: "Login Credentials",
txt_login_failed: "Login failed",
@@ -368,7 +369,7 @@ const zhCNOverrides: Record<string, string> = {
nav_device_management: '设备管理',
nav_support_center: '支持中心',
support_title: '支持中心',
support_under_construction: '正在搭建中',
support_under_construction: '正在搭建中',
txt_sign_out: '退出登录',
txt_log_in: '登录',
txt_log_out: '退出',
@@ -392,7 +393,7 @@ const zhCNOverrides: Record<string, string> = {
txt_search_your_secure_vault: '搜索你的保险库...',
txt_refresh: '刷新',
txt_sync: '同步',
txt_sync_vault: '同步保险库',
txt_sync_vault: '同步',
txt_add: '新增',
txt_edit: '编辑',
txt_delete: '删除',
@@ -720,6 +721,8 @@ const zhCNOverrides: Record<string, string> = {
txt_copied: '已复制',
};
zhCNOverrides.txt_lock = '\u9501\u5b9a';
messages['zh-CN'] = { ...messages.en, ...zhCNOverrides };
function resolveInitialLocale(): Locale {
webapp/src/styles.css
+5
View File
@@ -965,6 +965,11 @@ input[type='file'].input::file-selector-button:hover {
height: 180px;
}
.totp-qr img {
width: 180px;
height: 180px;
}
.section-head {
display: flex;
align-items: center;