fabi/PiCloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
PiCloud/dashboard
History
MechaCat02 6891496589 feat(manager-core): admin auth gate (Phase 3a) 
Closes the regression risk of the admin API and dashboard being open
to anyone reaching the bound port. Required foundation before v1.1
data-plane services land.

Per-user accounts (admin_users), Argon2id passwords, env-var bootstrap
of the first admin that becomes inert once any admin exists, opaque
32-byte session token doubling as bearer credential, 24h sliding TTL
configurable via PICLOUD_SESSION_TTL_HOURS. is_active column lets
admins be deactivated without losing audit history; last-active-admin
guard on DELETE and on PATCH that flips is_active to false (sessions
also wiped on deactivation).

require_admin middleware fronts every /api/v1/admin/* route. The data
plane (/api/v1/execute/{id}), /healthz, /version, and user routes
stay open. picloud admin reset-password <username> subcommand handles
recovery without going through HTTP.

Dashboard gains /admin/login and /admin/admins surfaces, a top-bar
user menu, and a token store with a localStorage echo so refreshes
don't sign you out. Cookie-based auth works in parallel for non-SPA
clients.

Forward compatibility: future RBAC tables (admin_roles,
admin_user_roles) join on admin_users.id; the auth middleware is the
seam where role checks slot in. Email, 2FA, passkeys, and personal
API tokens are all additive without touching admin_users.

Blueprint §11.4 updated to reflect what actually shipped.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-25 19:30:25 +02:00
..
src
feat(manager-core): admin auth gate (Phase 3a)
2026-05-25 19:30:25 +02:00
static
feat(dashboard): scaffold SvelteKit SPA for control plane
2026-05-22 23:28:03 +02:00
.prettierignore
feat(dashboard): scaffold SvelteKit SPA for control plane
2026-05-22 23:28:03 +02:00
.prettierrc
feat(dashboard): scaffold SvelteKit SPA for control plane
2026-05-22 23:28:03 +02:00
eslint.config.js
feat(dashboard): scaffold SvelteKit SPA for control plane
2026-05-22 23:28:03 +02:00
package-lock.json
feat(dashboard): hand-rolled Rhai parser + symbol table + Vitest
2026-05-23 23:38:15 +02:00
package.json
feat(dashboard): Rhai source formatter with Format button
2026-05-23 23:51:19 +02:00
README.md
feat(dashboard): scaffold SvelteKit SPA for control plane
2026-05-22 23:28:03 +02:00
svelte.config.js
feat: custom routing — bind scripts to your own URLs
2026-05-23 18:18:16 +02:00
tsconfig.json
feat(dashboard): scaffold SvelteKit SPA for control plane
2026-05-22 23:28:03 +02:00
vite.config.ts
feat(dashboard): scaffold SvelteKit SPA for control plane
2026-05-22 23:28:03 +02:00
vitest.config.ts
feat(dashboard): hand-rolled Rhai parser + symbol table + Vitest
2026-05-23 23:38:15 +02:00

README.md

PiCloud Dashboard

SvelteKit SPA for the PiCloud control plane.

Stack

  • SvelteKit 2 with adapter-static (SPA fallback)
  • Svelte 5 (runes)
  • TypeScript
  • Vite

Scripts

npm install
npm run dev      # vite dev server on :5173, proxies /api → PICLOUD_API
npm run build    # static SPA bundle into ./build/
npm run check    # svelte-check
npm run lint
npm run format

By default npm run dev proxies /api/* and /healthz to http://127.0.0.1:18080. Override with PICLOUD_API=http://host:port npm run dev.

How it fits in

In production Caddy serves the contents of ./build/ as static files and falls back to index.html for client-side routing. The dashboard only talks to the control plane (/api/admin/* on the manager); data-plane invocations go through /api/execute/* on the orchestrator and are not issued from the dashboard directly during MVP.

Reference in New Issue View Git Blame Copy Permalink