a9bbb668b5
Replaces nginx basic auth with a proper per-user session system:
- auth_utils.py: bcrypt password hashing, JWT cookie creation/decode
- auth_middleware.py: validates JWT cookie on all routes except /login,
/health, /static/, and webhook endpoints (/channels/, /webhook/)
- routers/ui.py: GET /login, POST /login, POST /logout,
GET /{username}/{persona} — serves index.html with CORTEX_CONFIG injected
- static/login.html: minimal login form (dark theme, matches UI)
- main.py: registers SessionAuthMiddleware + ui.router
- config.py: jwt_secret, jwt_expire_days settings
- manage_passwords.py: CLI tool to set/check/list user passwords
- app.js: reads window.CORTEX_CONFIG (user + persona), sends both on
every /chat and /orchestrate request; persona name shown in header;
logout button (⏏) added to header
- requirements.txt: bcrypt, PyJWT, python-multipart
- .env.default: JWT_SECRET, JWT_EXPIRE_DAYS documented
- tests: client fixture injects JWT cookie; security test assertions
updated for URL-normalized path traversal paths (still secure, codes differ)
All 80 tests pass.
Setup for a new user:
python manage_passwords.py set scott
python manage_passwords.py set holly
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
120 lines
2.6 KiB
HTML
120 lines
2.6 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<title>Cortex — Sign In</title>
|
|
<style>
|
|
*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
|
|
|
|
body {
|
|
min-height: 100vh;
|
|
display: flex;
|
|
align-items: center;
|
|
justify-content: center;
|
|
background: #0f1117;
|
|
font-family: system-ui, -apple-system, sans-serif;
|
|
color: #e2e8f0;
|
|
}
|
|
|
|
.card {
|
|
background: #1a1d27;
|
|
border: 1px solid #2d3148;
|
|
border-radius: 12px;
|
|
padding: 2.5rem 2rem;
|
|
width: 100%;
|
|
max-width: 380px;
|
|
}
|
|
|
|
.logo {
|
|
text-align: center;
|
|
margin-bottom: 1.75rem;
|
|
}
|
|
|
|
.logo h1 {
|
|
font-size: 1.6rem;
|
|
font-weight: 700;
|
|
letter-spacing: 0.05em;
|
|
color: #a78bfa;
|
|
}
|
|
|
|
.logo p {
|
|
font-size: 0.8rem;
|
|
color: #64748b;
|
|
margin-top: 0.25rem;
|
|
}
|
|
|
|
label {
|
|
display: block;
|
|
font-size: 0.8rem;
|
|
font-weight: 500;
|
|
color: #94a3b8;
|
|
margin-bottom: 0.4rem;
|
|
}
|
|
|
|
input {
|
|
width: 100%;
|
|
padding: 0.65rem 0.85rem;
|
|
background: #0f1117;
|
|
border: 1px solid #2d3148;
|
|
border-radius: 6px;
|
|
color: #e2e8f0;
|
|
font-size: 0.95rem;
|
|
outline: none;
|
|
transition: border-color 0.15s;
|
|
}
|
|
|
|
input:focus { border-color: #7c3aed; }
|
|
|
|
.field { margin-bottom: 1rem; }
|
|
|
|
button[type="submit"] {
|
|
width: 100%;
|
|
padding: 0.7rem;
|
|
margin-top: 0.5rem;
|
|
background: #7c3aed;
|
|
border: none;
|
|
border-radius: 6px;
|
|
color: #fff;
|
|
font-size: 1rem;
|
|
font-weight: 600;
|
|
cursor: pointer;
|
|
transition: background 0.15s;
|
|
}
|
|
|
|
button[type="submit"]:hover { background: #6d28d9; }
|
|
|
|
.error {
|
|
color: #f87171;
|
|
font-size: 0.85rem;
|
|
text-align: center;
|
|
margin-bottom: 1rem;
|
|
}
|
|
</style>
|
|
</head>
|
|
<body>
|
|
<div class="card">
|
|
<div class="logo">
|
|
<h1>Cortex</h1>
|
|
<p>You can't stop the signal.</p>
|
|
</div>
|
|
|
|
<!-- ERROR -->
|
|
|
|
<form method="POST" action="/login">
|
|
<div class="field">
|
|
<label for="username">Username</label>
|
|
<input type="text" id="username" name="username"
|
|
autocomplete="username" autofocus required>
|
|
</div>
|
|
<div class="field">
|
|
<label for="password">Password</label>
|
|
<input type="password" id="password" name="password"
|
|
autocomplete="current-password" required>
|
|
</div>
|
|
<button type="submit">Sign In</button>
|
|
</form>
|
|
</div>
|
|
</body>
|
|
</html>
|