feat: session auth + per-user/persona UI at /{user}/{persona}

Replaces nginx basic auth with a proper per-user session system: - auth_utils.py: bcrypt password hashing, JWT cookie creation/decode - auth_middleware.py: validates JWT cookie on all routes except /login, /health, /static/, and webhook endpoints (/channels/, /webhook/) - routers/ui.py: GET /login, POST /login, POST /logout, GET /{username}/{persona} — serves index.html with CORTEX_CONFIG injected - static/login.html: minimal login form (dark theme, matches UI) - main.py: registers SessionAuthMiddleware + ui.router - config.py: jwt_secret, jwt_expire_days settings - manage_passwords.py: CLI tool to set/check/list user passwords - app.js: reads window.CORTEX_CONFIG (user + persona), sends both on every /chat and /orchestrate request; persona name shown in header; logout button (⏏) added to header - requirements.txt: bcrypt, PyJWT, python-multipart - .env.default: JWT_SECRET, JWT_EXPIRE_DAYS documented - tests: client fixture injects JWT cookie; security test assertions updated for URL-normalized path traversal paths (still secure, codes differ) All 80 tests pass. Setup for a new user: python manage_passwords.py set scott python manage_passwords.py set holly Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-20 22:54:12 -04:00
parent 77e770cdb2
commit a9bbb668b5
14 changed files with 538 additions and 12 deletions
--- a/cortex/static/app.js
+++ b/cortex/static/app.js
@@ -14,6 +14,10 @@
        const agentModeBtnEl = document.getElementById('agent-mode-btn');
        const stopBtn        = document.getElementById('stop');

+        // User/persona injected by the server at /{user}/{persona}
+        const CORTEX_USER    = (window.CORTEX_CONFIG || {}).user    || 'scott';
+        const CORTEX_PERSONA = (window.CORTEX_CONFIG || {}).persona || 'inara';
+
        let sessionId        = null;
        let primaryBackend   = 'claude';
        let activeController = null;
@@ -133,6 +137,13 @@
            updateInputMode();
        });

+        // ── Persona name in header ───────────────────────────────────
+        const personaNameEl = document.getElementById('persona-name');
+        if (personaNameEl && CORTEX_PERSONA) {
+            // Capitalize first letter
+            personaNameEl.textContent = CORTEX_PERSONA.charAt(0).toUpperCase() + CORTEX_PERSONA.slice(1);
+        }
+
        // ── Backend toggle ───────────────────────────────────────────

        fetch('/backend').then(r => r.json()).then(d => setBackendUI(d.primary));
@@ -581,6 +592,8 @@
                        include_long: memLong,
                        include_mid: memMid,
                        include_short: memShort,
+                        user: CORTEX_USER,
+                        persona: CORTEX_PERSONA,
                    }),
                    signal: activeController.signal,
                });
@@ -668,6 +681,8 @@
                        include_long: memLong,
                        include_mid: memMid,
                        include_short: memShort,
+                        user: CORTEX_USER,
+                        persona: CORTEX_PERSONA,
                    }),
                    signal: activeController.signal,
                });