Scott.Idem/Cortex-Inara
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: session auth + per-user/persona UI at /{user}/{persona}

Browse Source 
Replaces nginx basic auth with a proper per-user session system:

- auth_utils.py: bcrypt password hashing, JWT cookie creation/decode
- auth_middleware.py: validates JWT cookie on all routes except /login,
  /health, /static/, and webhook endpoints (/channels/, /webhook/)
- routers/ui.py: GET /login, POST /login, POST /logout,
  GET /{username}/{persona} — serves index.html with CORTEX_CONFIG injected
- static/login.html: minimal login form (dark theme, matches UI)
- main.py: registers SessionAuthMiddleware + ui.router
- config.py: jwt_secret, jwt_expire_days settings
- manage_passwords.py: CLI tool to set/check/list user passwords
- app.js: reads window.CORTEX_CONFIG (user + persona), sends both on
  every /chat and /orchestrate request; persona name shown in header;
  logout button (⏏) added to header
- requirements.txt: bcrypt, PyJWT, python-multipart
- .env.default: JWT_SECRET, JWT_EXPIRE_DAYS documented
- tests: client fixture injects JWT cookie; security test assertions
  updated for URL-normalized path traversal paths (still secure, codes differ)

All 80 tests pass.

Setup for a new user:
  python manage_passwords.py set scott
  python manage_passwords.py set holly

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scott Idem
2026-03-20 22:54:12 -04:00
parent 77e770cdb2
commit a9bbb668b5
14 changed files with 538 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
cortex/static/app.js
View File

@@ -14,6 +14,10 @@
const agentModeBtnEl = document.getElementById('agent-mode-btn');
const stopBtn = document.getElementById('stop');
// User/persona injected by the server at /{user}/{persona}
const CORTEX_USER = (window.CORTEX_CONFIG || {}).user || 'scott';
const CORTEX_PERSONA = (window.CORTEX_CONFIG || {}).persona || 'inara';
let sessionId = null;
let primaryBackend = 'claude';
let activeController = null;
@@ -133,6 +137,13 @@
updateInputMode();
});
// ── Persona name in header ───────────────────────────────────
const personaNameEl = document.getElementById('persona-name');
if (personaNameEl && CORTEX_PERSONA) {
// Capitalize first letter
personaNameEl.textContent = CORTEX_PERSONA.charAt(0).toUpperCase() + CORTEX_PERSONA.slice(1);
}
// ── Backend toggle ───────────────────────────────────────────
fetch('/backend').then(r => r.json()).then(d => setBackendUI(d.primary));
@@ -581,6 +592,8 @@
include_long: memLong,
include_mid: memMid,
include_short: memShort,
user: CORTEX_USER,
persona: CORTEX_PERSONA,
}),
signal: activeController.signal,
});
@@ -668,6 +681,8 @@
include_long: memLong,
include_mid: memMid,
include_short: memShort,
user: CORTEX_USER,
persona: CORTEX_PERSONA,
}),
signal: activeController.signal,
});

5
cortex/static/index.html
View File

@@ -23,13 +23,16 @@
<header>
<span class="header-emoji"></span>
<div>
<div class="name">Inara</div>
<div class="name" id="persona-name">Inara</div>
<div class="subtitle">Cortex · Local</div>
</div>
<button id="sessions-btn" class="hdr-btn">Sessions</button>
<button id="files-btn" class="hdr-btn">Files</button>
<button id="ctx-open-btn" class="hdr-btn" title="Settings"><span class="tier-badge">2</span></button>
<button id="help-btn" class="hdr-btn" title="Help &amp; reference">?</button>
<form method="POST" action="/logout" style="margin:0">
<button type="submit" class="hdr-btn" title="Sign out" id="logout-btn"></button>
</form>
<div id="sessions-panel"></div>

119
cortex/static/login.html Normal file
View File

@@ -0,0 +1,119 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Cortex — Sign In</title>
<style>
*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
body {
min-height: 100vh;
display: flex;
align-items: center;
justify-content: center;
background: #0f1117;
font-family: system-ui, -apple-system, sans-serif;
color: #e2e8f0;
}
.card {
background: #1a1d27;
border: 1px solid #2d3148;
border-radius: 12px;
padding: 2.5rem 2rem;
width: 100%;
max-width: 380px;
}
.logo {
text-align: center;
margin-bottom: 1.75rem;
}
.logo h1 {
font-size: 1.6rem;
font-weight: 700;
letter-spacing: 0.05em;
color: #a78bfa;
}
.logo p {
font-size: 0.8rem;
color: #64748b;
margin-top: 0.25rem;
}
label {
display: block;
font-size: 0.8rem;
font-weight: 500;
color: #94a3b8;
margin-bottom: 0.4rem;
}
input {
width: 100%;
padding: 0.65rem 0.85rem;
background: #0f1117;
border: 1px solid #2d3148;
border-radius: 6px;
color: #e2e8f0;
font-size: 0.95rem;
outline: none;
transition: border-color 0.15s;
}
input:focus { border-color: #7c3aed; }
.field { margin-bottom: 1rem; }
button[type="submit"] {
width: 100%;
padding: 0.7rem;
margin-top: 0.5rem;
background: #7c3aed;
border: none;
border-radius: 6px;
color: #fff;
font-size: 1rem;
font-weight: 600;
cursor: pointer;
transition: background 0.15s;
}
button[type="submit"]:hover { background: #6d28d9; }
.error {
color: #f87171;
font-size: 0.85rem;
text-align: center;
margin-bottom: 1rem;
}
</style>
</head>
<body>
<div class="card">
<div class="logo">
<h1>Cortex</h1>
<p>You can't stop the signal.</p>
</div>
<!-- ERROR -->
<form method="POST" action="/login">
<div class="field">
<label for="username">Username</label>
<input type="text" id="username" name="username"
autocomplete="username" autofocus required>
</div>
<div class="field">
<label for="password">Password</label>
<input type="password" id="password" name="password"
autocomplete="current-password" required>
</div>
<button type="submit">Sign In</button>
</form>
</div>
</body>
</html>