Sebi/SimpleArmaAdmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add configuration files, database migrations, and authentication implementation scaffolding

Browse Source
This commit is contained in:
Sebastian Unterschütz
2026-04-30 19:08:07 +02:00
commit 331d60581e
83 changed files with 222264 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

184
web/dashboard/src/App.css Normal file
View File

@@ -0,0 +1,184 @@
.counter {
font-size: 16px;
padding: 5px 10px;
border-radius: 5px;
color: var(--accent);
background: var(--accent-bg);
border: 2px solid transparent;
transition: border-color 0.3s;
margin-bottom: 24px;
&:hover {
border-color: var(--accent-border);
}
&:focus-visible {
outline: 2px solid var(--accent);
outline-offset: 2px;
}
}
.hero {
position: relative;
.base,
.framework,
.vite {
inset-inline: 0;
margin: 0 auto;
}
.base {
width: 170px;
position: relative;
z-index: 0;
}
.framework,
.vite {
position: absolute;
}
.framework {
z-index: 1;
top: 34px;
height: 28px;
transform: perspective(2000px) rotateZ(300deg) rotateX(44deg) rotateY(39deg)
scale(1.4);
}
.vite {
z-index: 0;
top: 107px;
height: 26px;
width: auto;
transform: perspective(2000px) rotateZ(300deg) rotateX(40deg) rotateY(39deg)
scale(0.8);
}
}
#center {
display: flex;
flex-direction: column;
gap: 25px;
place-content: center;
place-items: center;
flex-grow: 1;
@media (max-width: 1024px) {
padding: 32px 20px 24px;
gap: 18px;
}
}
#next-steps {
display: flex;
border-top: 1px solid var(--border);
text-align: left;
& > div {
flex: 1 1 0;
padding: 32px;
@media (max-width: 1024px) {
padding: 24px 20px;
}
}
.icon {
margin-bottom: 16px;
width: 22px;
height: 22px;
}
@media (max-width: 1024px) {
flex-direction: column;
text-align: center;
}
}
#docs {
border-right: 1px solid var(--border);
@media (max-width: 1024px) {
border-right: none;
border-bottom: 1px solid var(--border);
}
}
#next-steps ul {
list-style: none;
padding: 0;
display: flex;
gap: 8px;
margin: 32px 0 0;
.logo {
height: 18px;
}
a {
color: var(--text-h);
font-size: 16px;
border-radius: 6px;
background: var(--social-bg);
display: flex;
padding: 6px 12px;
align-items: center;
gap: 8px;
text-decoration: none;
transition: box-shadow 0.3s;
&:hover {
box-shadow: var(--shadow);
}
.button-icon {
height: 18px;
width: 18px;
}
}
@media (max-width: 1024px) {
margin-top: 20px;
flex-wrap: wrap;
justify-content: center;
li {
flex: 1 1 calc(50% - 8px);
}
a {
width: 100%;
justify-content: center;
box-sizing: border-box;
}
}
}
#spacer {
height: 88px;
border-top: 1px solid var(--border);
@media (max-width: 1024px) {
height: 48px;
}
}
.ticks {
position: relative;
width: 100%;
&::before,
&::after {
content: '';
position: absolute;
top: -4.5px;
border: 5px solid transparent;
}
&::before {
left: 0;
border-left-color: var(--border);
}
&::after {
right: 0;
border-right-color: var(--border);
}
}

281
web/dashboard/src/App.tsx Normal file
View File

@@ -0,0 +1,281 @@
import React, { useState, useEffect } from 'react';
import {
LayoutDashboard,
ScrollText,
ShieldAlert,
Users,
Settings,
Lock,
Unlock,
Activity,
Network,
Terminal,
Server,
Zap,
Download
} from 'lucide-react';
import { VaultProvider, useVault } from './contexts/VaultContext';
import { LoginV2 } from './components/LoginV2';
import { Register } from './components/Register';
const SidebarItem = ({ icon: Icon, label, active = false }: any) => (
<div className={`flex items-center space-x-3 px-4 py-3 rounded-lg cursor-pointer transition-all duration-200 group ${active ? 'bg-indigo-600/10 text-indigo-400 border border-indigo-500/20' : 'text-slate-400 hover:bg-slate-800 hover:text-slate-200'}`}>
<Icon className={`w-5 h-5 ${active ? 'text-indigo-400' : 'text-slate-500 group-hover:text-slate-300'}`} />
<span className="font-medium text-sm">{label}</span>
</div>
);
const MetricCard = ({ label, value, unit, icon: Icon, color }: any) => (
<div className="bg-slate-900/50 border border-slate-800 p-6 rounded-2xl backdrop-blur-sm relative overflow-hidden group">
<div className={`absolute top-0 right-0 w-24 h-24 -mr-8 -mt-8 opacity-5 transition-all duration-500 group-hover:scale-110 ${color}`}>
<Icon className="w-full h-full" />
</div>
<div className="flex justify-between items-start mb-4">
<div className="p-2 bg-slate-800 rounded-lg border border-slate-700">
<Icon className="w-5 h-5 text-slate-300" />
</div>
</div>
<div className="space-y-1">
<div className="text-slate-400 text-xs font-semibold uppercase tracking-wider">{label}</div>
<div className="flex items-baseline space-x-1">
<div className="text-3xl font-bold text-slate-100">{value}</div>
<div className="text-slate-500 text-sm">{unit}</div>
</div>
</div>
</div>
);
const Dashboard = () => {
const { isLocked, isAuthenticated, unlock, decrypt } = useVault();
const [logs, setLogs] = useState<any[]>([]);
const [telemetry, setTelemetry] = useState({ fps: 0, players: 0 });
const [authView, setAuthView] = useState<'login' | 'register'>('login');
// WebSocket effect (must be before early returns for React Hooks rules)
useEffect(() => {
if (!isAuthenticated) return; // Skip if not authenticated
// Connect ALWAYS to see telemetry
const socket = new WebSocket('ws://localhost:8080/ws?role=dashboard');
socket.binaryType = 'arraybuffer';
socket.onmessage = async (event) => {
if (event.data instanceof ArrayBuffer) {
// Only decrypt if vault is open
if (!isLocked) {
try {
const decrypted = await decrypt(new Uint8Array(event.data));
setLogs(prev => [JSON.parse(decrypted), ...prev].slice(0, 100));
} catch (err) {
console.error("Decryption failed", err);
}
}
} else {
// Plaintext Telemetry is always readable
try {
const data = JSON.parse(event.data);
if (data.type === 'TELEMETRY') {
setTelemetry({ fps: data.fps, players: data.players });
}
} catch(e) {}
}
};
return () => socket.close();
}, [isAuthenticated, isLocked, decrypt]);
// Show auth screen if not authenticated (after all hooks)
if (!isAuthenticated) {
if (authView === 'register') {
return (
<Register
onRegisterSuccess={(token, key, communityId, username) => {
unlock(key, communityId);
}}
onSwitchToLogin={() => setAuthView('login')}
/>
);
}
return (
<LoginV2
onLoginSuccess={(token, key, communityId, username) => {
unlock(key, communityId);
}}
onSwitchToRegister={() => setAuthView('register')}
/>
);
}
const handleExport = async () => {
if (logs.length === 0) return;
const exportData = {
community_id: "comm-123-abc",
export_date: new Date().toISOString(),
logs: logs
};
const blob = new Blob([JSON.stringify(exportData, null, 2)], { type: 'application/json' });
const url = URL.createObjectURL(blob);
const a = document.createElement('a');
a.href = url;
a.download = `arma-cloud-export-${new Date().getTime()}.json`;
a.click();
URL.revokeObjectURL(url);
};
return (
<div className="flex h-screen bg-[#0a0b10] text-slate-200 selection:bg-indigo-500/30">
{/* Sidebar */}
<aside className="w-72 border-r border-slate-800 flex flex-col p-6 bg-[#0c0d14]">
<div className="flex items-center space-x-3 px-2 mb-12">
<div className="relative">
<div className="w-9 h-9 bg-indigo-600 rounded-xl flex items-center justify-center">
<Zap className="w-5 h-5 text-white fill-white" />
</div>
<div className="absolute -bottom-1 -right-1 w-3 h-3 bg-green-500 border-2 border-[#0c0d14] rounded-full"></div>
</div>
<div className="flex flex-col">
<span className="text-lg font-bold text-white tracking-tight leading-none">ArmaAdmin</span>
<span className="text-[10px] text-slate-500 font-bold uppercase tracking-widest mt-1">Enterprise</span>
</div>
</div>
<nav className="flex-1 space-y-1">
<SidebarItem icon={LayoutDashboard} label="Global Overview" active />
<SidebarItem icon={Terminal} label="Live Console" />
<SidebarItem icon={ShieldAlert} label="Security Policies" />
<SidebarItem icon={Users} label="Entity Management" />
<SidebarItem icon={Settings} label="System Config" />
</nav>
<div className="mt-auto space-y-4">
<div className={`p-4 rounded-2xl border transition-all duration-300 ${isLocked ? 'bg-amber-500/5 border-amber-500/20' : 'bg-indigo-500/5 border-indigo-500/20'}`}>
<div className="flex items-center justify-between mb-3">
<span className="text-[10px] font-black uppercase tracking-tighter text-slate-500">Security Layer</span>
{isLocked ? <Lock className="w-3 h-3 text-amber-500" /> : <Unlock className="w-3 h-3 text-indigo-500" />}
</div>
<div className={`text-sm font-bold ${isLocked ? 'text-amber-200' : 'text-indigo-200'}`}>
{isLocked ? 'Vault Encrypted' : 'Zero-Knowledge Active'}
</div>
<div className="text-[10px] text-slate-500 mt-1">E2EE Stream Protection</div>
</div>
</div>
</aside>
{/* Main View */}
<main className="flex-1 overflow-y-auto flex flex-col">
<header className="h-20 border-b border-slate-800 flex items-center justify-between px-10 bg-[#0a0b10]/80 backdrop-blur-md sticky top-0 z-10">
<div className="flex items-center space-x-2 text-sm">
<span className="text-slate-500">Infrastructure</span>
<span className="text-slate-700">/</span>
<span className="text-slate-200 font-medium">Server Alpha</span>
</div>
<div className="flex items-center space-x-6">
{!isLocked && (
<>
<button
onClick={handleExport}
className="flex items-center space-x-2 px-4 py-2 bg-slate-800 hover:bg-slate-700 border border-slate-700 rounded-xl text-xs font-bold text-slate-300 transition-colors"
>
<Download className="w-4 h-4" />
<span>DSGVO Export</span>
</button>
<div className="flex items-center space-x-4 px-4 py-2 bg-slate-900 border border-slate-800 rounded-xl">
<div className="flex flex-col items-end">
<span className="text-[10px] text-slate-500 font-bold uppercase">Admin Session</span>
<span className="text-xs text-slate-300 font-medium">SebastianU</span>
</div>
<div className="w-8 h-8 rounded-lg bg-indigo-500/20 border border-indigo-500/30 flex items-center justify-center text-indigo-400 font-bold text-xs">
SU
</div>
</div>
</>
)}
</div>
</header>
<div className="p-10 space-y-10">
{/* Metrics Grid ALWAYS visible */}
<div className="grid grid-cols-1 md:grid-cols-4 gap-6">
<MetricCard label="Simulation Rate" value={telemetry.fps.toFixed(1)} unit="FPS" icon={Activity} color="text-green-500" />
<MetricCard label="Client Population" value={telemetry.players} unit="/ 64" icon={Users} color="text-indigo-500" />
<MetricCard label="Inbound Traffic" value="0.8" unit="Gbps" icon={Network} color="text-blue-500" />
<MetricCard label="Host Latency" value="12" unit="ms" icon={Server} color="text-amber-500" />
</div>
{isLocked ? (
<div className="flex flex-col items-center justify-center py-20 text-center">
<div className="relative mb-8">
<div className="absolute inset-0 bg-indigo-600 blur-3xl opacity-20 animate-pulse"></div>
<div className="relative w-24 h-24 bg-slate-900 border border-slate-800 rounded-3xl flex items-center justify-center">
<Lock className="w-10 h-10 text-slate-600" />
</div>
</div>
<h3 className="text-2xl font-bold text-white mb-2 underline decoration-indigo-500/50 decoration-4 underline-offset-8">Encrypted Environment</h3>
<p className="text-slate-500 max-w-md mt-4 text-sm leading-relaxed">
The local encryption key is missing. Private metadata, logs, and sensitive data streams are currently inaccessible to the provider.
</p>
</div>
) : (
<div className="bg-[#0c0d14] border border-slate-800 rounded-3xl overflow-hidden shadow-2xl">
<div className="px-8 py-6 border-b border-slate-800 flex justify-between items-center bg-slate-900/30">
<div className="flex items-center space-x-3">
<div className="w-2 h-2 bg-indigo-500 rounded-full animate-ping"></div>
<h3 className="font-bold text-slate-100">Zero-Knowledge Stream</h3>
</div>
<div className="flex items-center space-x-2">
<span className="text-[10px] font-bold text-indigo-400 bg-indigo-400/10 px-3 py-1 rounded-full border border-indigo-400/20">LIVE_E2EE</span>
</div>
</div>
<div className="overflow-x-auto">
<table className="w-full text-left">
<thead>
<tr className="bg-slate-900/50 text-slate-500 text-[10px] font-black uppercase tracking-widest border-b border-slate-800">
<th className="px-8 py-4">Event Tag</th>
<th className="px-8 py-4">Descriptor</th>
<th className="px-8 py-4 text-right">Node ID</th>
</tr>
</thead>
<tbody className="text-sm font-mono">
{logs.map((log, i) => (
<tr key={i} className="border-b border-slate-800/50 hover:bg-slate-800/20 transition-colors group">
<td className="px-8 py-4 whitespace-nowrap">
<span className={`px-2.5 py-1 rounded-md text-[10px] font-bold border ${
log.Type === 'CHAT' ? 'bg-blue-500/5 text-blue-400 border-blue-500/20' :
log.Type === 'JOIN' ? 'bg-emerald-500/5 text-emerald-400 border-emerald-500/20' :
log.Type === 'LEAVE' ? 'bg-rose-500/5 text-rose-400 border-rose-500/20' :
'bg-slate-800 text-slate-400 border-slate-700'
}`}>
{log.Type}
</span>
</td>
<td className="px-8 py-4 text-slate-300 font-medium">
{log.Content}
</td>
<td className="px-8 py-4 text-right text-slate-600 group-hover:text-slate-400 transition-colors">
AMS-01
</td>
</tr>
))}
</tbody>
</table>
</div>
</div>
)}
</div>
</main>
</div>
);
};
function App() {
return (
<VaultProvider>
<Dashboard />
</VaultProvider>
);
}
export default App;

BIN
web/dashboard/src/assets/hero.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

1
web/dashboard/src/assets/react.svg Normal file
View File

@@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="35.93" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 228"><path fill="#00D8FF" d="M210.483 73.824a171.49 171.49 0 0 0-8.24-2.597c.465-1.9.893-3.777 1.273-5.621c6.238-30.281 2.16-54.676-11.769-62.708c-13.355-7.7-35.196.329-57.254 19.526a171.23 171.23 0 0 0-6.375 5.848a155.866 155.866 0 0 0-4.241-3.917C100.759 3.829 77.587-4.822 63.673 3.233C50.33 10.957 46.379 33.89 51.995 62.588a170.974 170.974 0 0 0 1.892 8.48c-3.28.932-6.445 1.924-9.474 2.98C17.309 83.498 0 98.307 0 113.668c0 15.865 18.582 31.778 46.812 41.427a145.52 145.52 0 0 0 6.921 2.165a167.467 167.467 0 0 0-2.01 9.138c-5.354 28.2-1.173 50.591 12.134 58.266c13.744 7.926 36.812-.22 59.273-19.855a145.567 145.567 0 0 0 5.342-4.923a168.064 168.064 0 0 0 6.92 6.314c21.758 18.722 43.246 26.282 56.54 18.586c13.731-7.949 18.194-32.003 12.4-61.268a145.016 145.016 0 0 0-1.535-6.842c1.62-.48 3.21-.974 4.76-1.488c29.348-9.723 48.443-25.443 48.443-41.52c0-15.417-17.868-30.326-45.517-39.844Zm-6.365 70.984c-1.4.463-2.836.91-4.3 1.345c-3.24-10.257-7.612-21.163-12.963-32.432c5.106-11 9.31-21.767 12.459-31.957c2.619.758 5.16 1.557 7.61 2.4c23.69 8.156 38.14 20.213 38.14 29.504c0 9.896-15.606 22.743-40.946 31.14Zm-10.514 20.834c2.562 12.94 2.927 24.64 1.23 33.787c-1.524 8.219-4.59 13.698-8.382 15.893c-8.067 4.67-25.32-1.4-43.927-17.412a156.726 156.726 0 0 1-6.437-5.87c7.214-7.889 14.423-17.06 21.459-27.246c12.376-1.098 24.068-2.894 34.671-5.345a134.17 134.17 0 0 1 1.386 6.193ZM87.276 214.515c-7.882 2.783-14.16 2.863-17.955.675c-8.075-4.657-11.432-22.636-6.853-46.752a156.923 156.923 0 0 1 1.869-8.499c10.486 2.32 22.093 3.988 34.498 4.994c7.084 9.967 14.501 19.128 21.976 27.15a134.668 134.668 0 0 1-4.877 4.492c-9.933 8.682-19.886 14.842-28.658 17.94ZM50.35 144.747c-12.483-4.267-22.792-9.812-29.858-15.863c-6.35-5.437-9.555-10.836-9.555-15.216c0-9.322 13.897-21.212 37.076-29.293c2.813-.98 5.757-1.905 8.812-2.773c3.204 10.42 7.406 21.315 12.477 32.332c-5.137 11.18-9.399 22.249-12.634 32.792a134.718 134.718 0 0 1-6.318-1.979Zm12.378-84.26c-4.811-24.587-1.616-43.134 6.425-47.789c8.564-4.958 27.502 2.111 47.463 19.835a144.318 144.318 0 0 1 3.841 3.545c-7.438 7.987-14.787 17.08-21.808 26.988c-12.04 1.116-23.565 2.908-34.161 5.309a160.342 160.342 0 0 1-1.76-7.887Zm110.427 27.268a347.8 347.8 0 0 0-7.785-12.803c8.168 1.033 15.994 2.404 23.343 4.08c-2.206 7.072-4.956 14.465-8.193 22.045a381.151 381.151 0 0 0-7.365-13.322Zm-45.032-43.861c5.044 5.465 10.096 11.566 15.065 18.186a322.04 322.04 0 0 0-30.257-.006c4.974-6.559 10.069-12.652 15.192-18.18ZM82.802 87.83a323.167 323.167 0 0 0-7.227 13.238c-3.184-7.553-5.909-14.98-8.134-22.152c7.304-1.634 15.093-2.97 23.209-3.984a321.524 321.524 0 0 0-7.848 12.897Zm8.081 65.352c-8.385-.936-16.291-2.203-23.593-3.793c2.26-7.3 5.045-14.885 8.298-22.6a321.187 321.187 0 0 0 7.257 13.246c2.594 4.48 5.28 8.868 8.038 13.147Zm37.542 31.03c-5.184-5.592-10.354-11.779-15.403-18.433c4.902.192 9.899.29 14.978.29c5.218 0 10.376-.117 15.453-.343c-4.985 6.774-10.018 12.97-15.028 18.486Zm52.198-57.817c3.422 7.8 6.306 15.345 8.596 22.52c-7.422 1.694-15.436 3.058-23.88 4.071a382.417 382.417 0 0 0 7.859-13.026a347.403 347.403 0 0 0 7.425-13.565Zm-16.898 8.101a358.557 358.557 0 0 1-12.281 19.815a329.4 329.4 0 0 1-23.444.823c-7.967 0-15.716-.248-23.178-.732a310.202 310.202 0 0 1-12.513-19.846h.001a307.41 307.41 0 0 1-10.923-20.627a310.278 310.278 0 0 1 10.89-20.637l-.001.001a307.318 307.318 0 0 1 12.413-19.761c7.613-.576 15.42-.876 23.31-.876H128c7.926 0 15.743.303 23.354.883a329.357 329.357 0 0 1 12.335 19.695a358.489 358.489 0 0 1 11.036 20.54a329.472 329.472 0 0 1-11 20.722Zm22.56-122.124c8.572 4.944 11.906 24.881 6.52 51.026c-.344 1.668-.73 3.367-1.15 5.09c-10.622-2.452-22.155-4.275-34.23-5.408c-7.034-10.017-14.323-19.124-21.64-27.008a160.789 160.789 0 0 1 5.888-5.4c18.9-16.447 36.564-22.941 44.612-18.3ZM128 90.808c12.625 0 22.86 10.235 22.86 22.86s-10.235 22.86-22.86 22.86s-22.86-10.235-22.86-22.86s10.235-22.86 22.86-22.86Z"></path></svg>
Side by Side

After

Width:  |  Height:  |  Size: 4.0 KiB

1
web/dashboard/src/assets/vite.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 8.5 KiB

144
web/dashboard/src/components/Login.tsx Normal file
View File

@@ -0,0 +1,144 @@
import React, { useState } from 'react';
import { Fingerprint, Shield, Zap, AlertCircle, Loader2 } from 'lucide-react';
import { authenticateWebAuthn, isWebAuthnSupported } from '../lib/webauthn';
interface LoginProps {
onLoginSuccess: (masterKey: Uint8Array, communityId: string) => void;
}
export const Login: React.FC<LoginProps> = ({ onLoginSuccess }) => {
const [username, setUsername] = useState('');
const [isLoading, setIsLoading] = useState(false);
const [error, setError] = useState<string | null>(null);
const [supported] = useState(isWebAuthnSupported());
const handleLogin = async (e: React.FormEvent) => {
e.preventDefault();
setError(null);
setIsLoading(true);
try {
const result = await authenticateWebAuthn(username);
if (result.success && result.masterKey && result.communityId) {
onLoginSuccess(result.masterKey, result.communityId);
} else {
setError(result.error || 'Authentication failed');
}
} catch (err) {
setError((err as Error).message);
} finally {
setIsLoading(false);
}
};
if (!supported) {
return (
<div className="min-h-screen bg-[#0a0b10] flex items-center justify-center p-6">
<div className="max-w-md w-full bg-red-500/5 border border-red-500/20 rounded-2xl p-8 text-center">
<AlertCircle className="w-12 h-12 text-red-500 mx-auto mb-4" />
<h2 className="text-xl font-bold text-red-200 mb-2">Browser Not Supported</h2>
<p className="text-red-400/80 text-sm">
Your browser does not support WebAuthn. Please use a modern browser like Chrome, Firefox, Safari, or Edge.
</p>
</div>
</div>
);
}
return (
<div className="min-h-screen bg-[#0a0b10] flex items-center justify-center p-6 relative overflow-hidden">
{/* Background Effects */}
<div className="absolute inset-0 overflow-hidden pointer-events-none">
<div className="absolute top-1/4 -left-48 w-96 h-96 bg-indigo-600/10 rounded-full blur-3xl animate-pulse"></div>
<div className="absolute bottom-1/4 -right-48 w-96 h-96 bg-purple-600/10 rounded-full blur-3xl animate-pulse" style={{ animationDelay: '1s' }}></div>
</div>
<div className="max-w-md w-full relative z-10">
{/* Logo & Branding */}
<div className="text-center mb-10">
<div className="inline-flex items-center justify-center w-16 h-16 bg-indigo-600 rounded-2xl mb-4 shadow-2xl shadow-indigo-600/50">
<Zap className="w-8 h-8 text-white fill-white" />
</div>
<h1 className="text-3xl font-black text-white tracking-tight mb-2">ArmaAdmin Cloud</h1>
<p className="text-slate-500 text-sm font-medium">Zero-Knowledge Gaming Infrastructure</p>
</div>
{/* Login Card */}
<div className="bg-[#0c0d14] border border-slate-800 rounded-3xl p-8 shadow-2xl">
<div className="flex items-center space-x-3 mb-6">
<div className="p-2 bg-indigo-500/10 border border-indigo-500/20 rounded-lg">
<Shield className="w-5 h-5 text-indigo-400" />
</div>
<div>
<h2 className="text-lg font-bold text-white">Hardware Authentication</h2>
<p className="text-xs text-slate-500">Passwordless & Zero-Trust</p>
</div>
</div>
<form onSubmit={handleLogin} className="space-y-6">
<div>
<label className="block text-sm font-bold text-slate-300 mb-2">Username</label>
<input
type="text"
value={username}
onChange={(e) => setUsername(e.target.value)}
placeholder="Enter your username"
className="w-full px-4 py-3 bg-slate-900 border border-slate-700 rounded-xl text-white placeholder-slate-500 focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:border-transparent transition-all"
required
disabled={isLoading}
/>
</div>
{error && (
<div className="p-4 bg-red-500/10 border border-red-500/20 rounded-xl flex items-start space-x-3">
<AlertCircle className="w-5 h-5 text-red-400 flex-shrink-0 mt-0.5" />
<div>
<h3 className="text-sm font-bold text-red-200">Authentication Failed</h3>
<p className="text-xs text-red-400/80 mt-1">{error}</p>
</div>
</div>
)}
<button
type="submit"
disabled={isLoading || !username.trim()}
className="w-full bg-indigo-600 hover:bg-indigo-500 disabled:bg-slate-800 disabled:text-slate-600 text-white font-bold py-4 rounded-xl transition-all duration-200 shadow-lg shadow-indigo-600/20 active:scale-95 flex items-center justify-center space-x-2"
>
{isLoading ? (
<>
<Loader2 className="w-5 h-5 animate-spin" />
<span>Authenticating...</span>
</>
) : (
<>
<Fingerprint className="w-5 h-5" />
<span>Unlock with Hardware Key</span>
</>
)}
</button>
</form>
{/* Info Section */}
<div className="mt-8 pt-6 border-t border-slate-800">
<div className="grid grid-cols-2 gap-4 text-center">
<div className="p-4 bg-slate-900/50 rounded-xl">
<div className="text-2xl font-black text-indigo-400">0</div>
<div className="text-[10px] text-slate-500 font-bold uppercase tracking-wider mt-1">Passwords</div>
</div>
<div className="p-4 bg-slate-900/50 rounded-xl">
<div className="text-2xl font-black text-green-400">100%</div>
<div className="text-[10px] text-slate-500 font-bold uppercase tracking-wider mt-1">E2EE</div>
</div>
</div>
</div>
</div>
{/* Footer */}
<p className="text-center text-xs text-slate-600 mt-6">
Protected by WebAuthn FIDO2 hardware authentication
</p>
</div>
</div>
);
};

300
web/dashboard/src/components/LoginV2.tsx Normal file
View File

@@ -0,0 +1,300 @@
import React, { useState } from 'react';
import { Fingerprint, Shield, Zap, AlertCircle, Loader2, Key } from 'lucide-react';
import { isWebAuthnSupported } from '../lib/webauthn';
interface LoginProps {
onLoginSuccess: (token: string, masterKey: Uint8Array, communityId: string, username: string) => void;
onSwitchToRegister: () => void;
}
export const LoginV2: React.FC<LoginProps> = ({ onLoginSuccess, onSwitchToRegister }) => {
const [username, setUsername] = useState('');
const [password, setPassword] = useState('');
const [authMethod, setAuthMethod] = useState<'password' | 'passkey'>('password');
const [isLoading, setIsLoading] = useState(false);
const [error, setError] = useState<string | null>(null);
const [supported] = useState(isWebAuthnSupported());
const handlePasswordLogin = async (e: React.FormEvent) => {
e.preventDefault();
setError(null);
setIsLoading(true);
try {
const res = await fetch('/api/auth/login/password', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ username, password }),
});
if (!res.ok) {
const data = await res.json();
throw new Error(data.error || 'Login failed');
}
const data = await res.json();
const masterKeyBytes = new TextEncoder().encode(data.masterKey);
// Store token in localStorage for session persistence
localStorage.setItem('auth_token', data.token);
onLoginSuccess(data.token, masterKeyBytes, data.communityId, data.username);
} catch (err) {
setError((err as Error).message);
} finally {
setIsLoading(false);
}
};
const handlePasskeyLogin = async (e: React.FormEvent) => {
e.preventDefault();
setError(null);
setIsLoading(true);
try {
// Step 1: Begin authentication
const beginRes = await fetch('/api/auth/login/passkey/begin', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ username }),
});
if (!beginRes.ok) throw new Error('Failed to start passkey authentication');
const options = await beginRes.json();
// Step 2: Get credential
const credential = await navigator.credentials.get({
publicKey: {
challenge: base64urlToBuffer(options.challenge),
timeout: options.timeout,
rpId: options.rpId,
allowCredentials: options.allowCredentials.map((id: string) => ({
type: 'public-key' as const,
id: base64urlToBuffer(id),
})),
userVerification: options.userVerification as UserVerificationRequirement,
},
}) as PublicKeyCredential | null;
if (!credential) throw new Error('Authentication cancelled');
const response = credential.response as AuthenticatorAssertionResponse;
// Step 3: Finish authentication
const finishRes = await fetch('/api/auth/login/passkey/finish', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
id: credential.id,
rawId: bufferToBase64url(credential.rawId),
type: credential.type,
response: {
authenticatorData: bufferToBase64url(response.authenticatorData),
clientDataJSON: bufferToBase64url(response.clientDataJSON),
signature: bufferToBase64url(response.signature),
userHandle: response.userHandle ? bufferToBase64url(response.userHandle) : null,
},
}),
});
if (!finishRes.ok) throw new Error('Authentication failed');
const data = await finishRes.json();
const masterKeyBytes = new TextEncoder().encode(data.masterKey);
localStorage.setItem('auth_token', data.token);
onLoginSuccess(data.token, masterKeyBytes, data.communityId, data.username);
} catch (err) {
setError((err as Error).message);
} finally {
setIsLoading(false);
}
};
const base64urlToBuffer = (base64url: string): ArrayBuffer => {
const base64 = base64url.replace(/-/g, '+').replace(/_/g, '/');
const padded = base64.padEnd(base64.length + (4 - (base64.length % 4)) % 4, '=');
const binary = atob(padded);
const bytes = new Uint8Array(binary.length);
for (let i = 0; i < binary.length; i++) {
bytes[i] = binary.charCodeAt(i);
}
return bytes.buffer;
};
const bufferToBase64url = (buffer: ArrayBuffer): string => {
const bytes = new Uint8Array(buffer);
let binary = '';
for (let i = 0; i < bytes.length; i++) {
binary += String.fromCharCode(bytes[i]);
}
return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
};
if (!supported && authMethod === 'passkey') {
return (
<div className="min-h-screen bg-[#0a0b10] flex items-center justify-center p-6">
<div className="max-w-md w-full bg-red-500/5 border border-red-500/20 rounded-2xl p-8 text-center">
<AlertCircle className="w-12 h-12 text-red-500 mx-auto mb-4" />
<h2 className="text-xl font-bold text-red-200 mb-2">Passkeys Not Supported</h2>
<p className="text-red-400/80 text-sm mb-4">
Your browser does not support WebAuthn. Please use a modern browser or switch to password login.
</p>
<button
onClick={() => setAuthMethod('password')}
className="bg-indigo-600 hover:bg-indigo-500 text-white px-6 py-2 rounded-xl font-bold text-sm transition-colors"
>
Use Password Instead
</button>
</div>
</div>
);
}
return (
<div className="min-h-screen bg-[#0a0b10] flex items-center justify-center p-6 relative overflow-hidden">
{/* Background Effects */}
<div className="absolute inset-0 overflow-hidden pointer-events-none">
<div className="absolute top-1/4 -left-48 w-96 h-96 bg-indigo-600/10 rounded-full blur-3xl animate-pulse"></div>
<div className="absolute bottom-1/4 -right-48 w-96 h-96 bg-purple-600/10 rounded-full blur-3xl animate-pulse" style={{ animationDelay: '1s' }}></div>
</div>
<div className="max-w-md w-full relative z-10">
{/* Logo & Branding */}
<div className="text-center mb-10">
<div className="inline-flex items-center justify-center w-16 h-16 bg-indigo-600 rounded-2xl mb-4 shadow-2xl shadow-indigo-600/50">
<Zap className="w-8 h-8 text-white fill-white" />
</div>
<h1 className="text-3xl font-black text-white tracking-tight mb-2">Welcome Back</h1>
<p className="text-slate-500 text-sm font-medium">Sign in to your secure vault</p>
</div>
{/* Auth Method Selector */}
<div className="flex gap-2 mb-6">
<button
onClick={() => setAuthMethod('password')}
className={`flex-1 px-4 py-3 rounded-xl font-bold text-sm transition-all ${
authMethod === 'password'
? 'bg-indigo-600 text-white shadow-lg shadow-indigo-600/20'
: 'bg-slate-800 text-slate-400 hover:bg-slate-700'
}`}
>
<Key className="w-4 h-4 inline mr-2" />
Password
</button>
<button
onClick={() => setAuthMethod('passkey')}
className={`flex-1 px-4 py-3 rounded-xl font-bold text-sm transition-all ${
authMethod === 'passkey'
? 'bg-indigo-600 text-white shadow-lg shadow-indigo-600/20'
: 'bg-slate-800 text-slate-400 hover:bg-slate-700'
}`}
>
<Fingerprint className="w-4 h-4 inline mr-2" />
Passkey
</button>
</div>
{/* Login Card */}
<div className="bg-[#0c0d14] border border-slate-800 rounded-3xl p-8 shadow-2xl">
<div className="flex items-center space-x-3 mb-6">
<div className="p-2 bg-indigo-500/10 border border-indigo-500/20 rounded-lg">
<Shield className="w-5 h-5 text-indigo-400" />
</div>
<div>
<h2 className="text-lg font-bold text-white">{authMethod === 'password' ? 'Password Login' : 'Passkey Login'}</h2>
<p className="text-xs text-slate-500">Zero-Trust Authentication</p>
</div>
</div>
<form onSubmit={authMethod === 'password' ? handlePasswordLogin : handlePasskeyLogin} className="space-y-6">
<div>
<label className="block text-sm font-bold text-slate-300 mb-2">Username</label>
<input
type="text"
value={username}
onChange={(e) => setUsername(e.target.value)}
placeholder="Enter your username"
className="w-full px-4 py-3 bg-slate-900 border border-slate-700 rounded-xl text-white placeholder-slate-500 focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:border-transparent transition-all"
required
disabled={isLoading}
/>
</div>
{authMethod === 'password' && (
<div>
<label className="block text-sm font-bold text-slate-300 mb-2">Password</label>
<input
type="password"
value={password}
onChange={(e) => setPassword(e.target.value)}
placeholder="Enter your password"
className="w-full px-4 py-3 bg-slate-900 border border-slate-700 rounded-xl text-white placeholder-slate-500 focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:border-transparent transition-all"
required
disabled={isLoading}
/>
</div>
)}
{error && (
<div className="p-4 bg-red-500/10 border border-red-500/20 rounded-xl flex items-start space-x-3">
<AlertCircle className="w-5 h-5 text-red-400 flex-shrink-0 mt-0.5" />
<div>
<h3 className="text-sm font-bold text-red-200">Authentication Failed</h3>
<p className="text-xs text-red-400/80 mt-1">{error}</p>
</div>
</div>
)}
<button
type="submit"
disabled={isLoading || !username.trim() || (authMethod === 'password' && !password.trim())}
className="w-full bg-indigo-600 hover:bg-indigo-500 disabled:bg-slate-800 disabled:text-slate-600 text-white font-bold py-4 rounded-xl transition-all duration-200 shadow-lg shadow-indigo-600/20 active:scale-95 flex items-center justify-center space-x-2"
>
{isLoading ? (
<>
<Loader2 className="w-5 h-5 animate-spin" />
<span>Authenticating...</span>
</>
) : (
<>
{authMethod === 'password' ? <Shield className="w-5 h-5" /> : <Fingerprint className="w-5 h-5" />}
<span>Sign in with {authMethod === 'password' ? 'Password' : 'Passkey'}</span>
</>
)}
</button>
</form>
{/* Info Section */}
<div className="mt-8 pt-6 border-t border-slate-800">
<div className="grid grid-cols-2 gap-4 text-center">
<div className="p-4 bg-slate-900/50 rounded-xl">
<div className="text-2xl font-black text-indigo-400">E2EE</div>
<div className="text-[10px] text-slate-500 font-bold uppercase tracking-wider mt-1">Zero-Knowledge</div>
</div>
<div className="p-4 bg-slate-900/50 rounded-xl">
<div className="text-2xl font-black text-green-400">DSGVO</div>
<div className="text-[10px] text-slate-500 font-bold uppercase tracking-wider mt-1">Compliant</div>
</div>
</div>
</div>
</div>
{/* Switch to Register */}
<p className="text-center text-sm text-slate-500 mt-6">
Don't have an account?{' '}
<button onClick={onSwitchToRegister} className="text-indigo-400 hover:text-indigo-300 font-bold transition-colors">
Create one now
</button>
</p>
{/* Footer */}
<p className="text-center text-xs text-slate-600 mt-4">
Protected by {authMethod === 'passkey' ? 'FIDO2 WebAuthn' : 'Argon2id'} security
</p>
</div>
</div>
);
};

353
web/dashboard/src/components/Register.tsx Normal file
View File

@@ -0,0 +1,353 @@
import React, { useState } from 'react';
import { Shield, Zap, AlertCircle, Loader2, CheckCircle, Fingerprint, Key } from 'lucide-react';
interface RegisterProps {
onRegisterSuccess: (token: string, masterKey: Uint8Array, communityId: string, username: string) => void;
onSwitchToLogin: () => void;
}
export const Register: React.FC<RegisterProps> = ({ onRegisterSuccess, onSwitchToLogin }) => {
const [username, setUsername] = useState('');
const [email, setEmail] = useState('');
const [password, setPassword] = useState('');
const [confirmPassword, setConfirmPassword] = useState('');
const [communityName, setCommunityName] = useState('');
const [authMethod, setAuthMethod] = useState<'password' | 'passkey'>('password');
const [isLoading, setIsLoading] = useState(false);
const [error, setError] = useState<string | null>(null);
const [passwordStrength, setPasswordStrength] = useState<{score: number; message: string} | null>(null);
const checkPasswordStrength = (pwd: string) => {
if (pwd.length < 12) {
setPasswordStrength({score: 0, message: 'Too short (min 12 characters)'});
return;
}
let score = 0;
if (/[A-Z]/.test(pwd)) score++;
if (/[a-z]/.test(pwd)) score++;
if (/[0-9]/.test(pwd)) score++;
if (/[^A-Za-z0-9]/.test(pwd)) score++;
if (pwd.length >= 16) score++;
const messages = ['Weak', 'Fair', 'Good', 'Strong', 'Very Strong'];
setPasswordStrength({score, message: messages[Math.min(score - 1, 4)]});
};
const handlePasswordRegister = async (e: React.FormEvent) => {
e.preventDefault();
setError(null);
if (password !== confirmPassword) {
setError('Passwords do not match');
return;
}
if (!passwordStrength || passwordStrength.score < 3) {
setError('Please use a stronger password');
return;
}
setIsLoading(true);
try {
const res = await fetch('/api/auth/register', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
username,
email,
password,
communityName: communityName || username + "'s Community",
}),
});
if (!res.ok) {
const data = await res.json();
throw new Error(data.error || 'Registration failed');
}
const data = await res.json();
const masterKeyBytes = new TextEncoder().encode(data.masterKey);
onRegisterSuccess(data.token, masterKeyBytes, data.communityId, data.username);
} catch (err) {
setError((err as Error).message);
} finally {
setIsLoading(false);
}
};
const handlePasskeyRegister = async (e: React.FormEvent) => {
e.preventDefault();
setError(null);
setIsLoading(true);
try {
// Step 1: Begin registration
const beginRes = await fetch('/api/auth/register/passkey/begin', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
username,
displayName: username,
email,
}),
});
if (!beginRes.ok) throw new Error('Failed to start passkey registration');
const options = await beginRes.json();
// Step 2: Create credential via WebAuthn
const credential = await navigator.credentials.create({
publicKey: {
challenge: base64urlToBuffer(options.challenge),
rp: options.rp,
user: {
id: new TextEncoder().encode(options.user.id),
name: options.user.name,
displayName: options.user.displayName,
},
pubKeyCredParams: options.pubKeyCredParams,
timeout: options.timeout,
attestation: options.attestation as AttestationConveyancePreference,
authenticatorSelection: options.authenticatorSelection as AuthenticatorSelectionCriteria,
},
}) as PublicKeyCredential | null;
if (!credential) throw new Error('Passkey creation cancelled');
const response = credential.response as AuthenticatorAttestationResponse;
// Step 3: Finish registration
const finishRes = await fetch('/api/auth/register/passkey/finish', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
id: credential.id,
rawId: bufferToBase64url(credential.rawId),
type: credential.type,
response: {
attestationObject: bufferToBase64url(response.attestationObject),
clientDataJSON: bufferToBase64url(response.clientDataJSON),
},
}),
});
if (!finishRes.ok) throw new Error('Failed to complete passkey registration');
const data = await finishRes.json();
const masterKeyBytes = new TextEncoder().encode(data.masterKey || 'this-is-a-32-byte-master-key-xyz');
onRegisterSuccess(data.token, masterKeyBytes, data.communityId, username);
} catch (err) {
setError((err as Error).message);
} finally {
setIsLoading(false);
}
};
const base64urlToBuffer = (base64url: string): ArrayBuffer => {
const base64 = base64url.replace(/-/g, '+').replace(/_/g, '/');
const padded = base64.padEnd(base64.length + (4 - (base64.length % 4)) % 4, '=');
const binary = atob(padded);
const bytes = new Uint8Array(binary.length);
for (let i = 0; i < binary.length; i++) {
bytes[i] = binary.charCodeAt(i);
}
return bytes.buffer;
};
const bufferToBase64url = (buffer: ArrayBuffer): string => {
const bytes = new Uint8Array(buffer);
let binary = '';
for (let i = 0; i < bytes.length; i++) {
binary += String.fromCharCode(bytes[i]);
}
return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
};
return (
<div className="min-h-screen bg-[#0a0b10] flex items-center justify-center p-6 relative overflow-hidden">
{/* Background Effects */}
<div className="absolute inset-0 overflow-hidden pointer-events-none">
<div className="absolute top-1/4 -left-48 w-96 h-96 bg-indigo-600/10 rounded-full blur-3xl animate-pulse"></div>
<div className="absolute bottom-1/4 -right-48 w-96 h-96 bg-purple-600/10 rounded-full blur-3xl animate-pulse" style={{ animationDelay: '1s' }}></div>
</div>
<div className="max-w-md w-full relative z-10">
{/* Logo */}
<div className="text-center mb-10">
<div className="inline-flex items-center justify-center w-16 h-16 bg-indigo-600 rounded-2xl mb-4 shadow-2xl shadow-indigo-600/50">
<Zap className="w-8 h-8 text-white fill-white" />
</div>
<h1 className="text-3xl font-black text-white tracking-tight mb-2">Create Account</h1>
<p className="text-slate-500 text-sm font-medium">Zero-Knowledge Gaming Infrastructure</p>
</div>
{/* Auth Method Selector */}
<div className="flex gap-2 mb-6">
<button
onClick={() => setAuthMethod('password')}
className={`flex-1 px-4 py-3 rounded-xl font-bold text-sm transition-all ${
authMethod === 'password'
? 'bg-indigo-600 text-white shadow-lg shadow-indigo-600/20'
: 'bg-slate-800 text-slate-400 hover:bg-slate-700'
}`}
>
<Key className="w-4 h-4 inline mr-2" />
Password
</button>
<button
onClick={() => setAuthMethod('passkey')}
className={`flex-1 px-4 py-3 rounded-xl font-bold text-sm transition-all ${
authMethod === 'passkey'
? 'bg-indigo-600 text-white shadow-lg shadow-indigo-600/20'
: 'bg-slate-800 text-slate-400 hover:bg-slate-700'
}`}
>
<Fingerprint className="w-4 h-4 inline mr-2" />
Passkey
</button>
</div>
{/* Register Card */}
<div className="bg-[#0c0d14] border border-slate-800 rounded-3xl p-8 shadow-2xl">
<form onSubmit={authMethod === 'password' ? handlePasswordRegister : handlePasskeyRegister} className="space-y-5">
{/* Common Fields */}
<div>
<label className="block text-sm font-bold text-slate-300 mb-2">Username</label>
<input
type="text"
value={username}
onChange={(e) => setUsername(e.target.value)}
placeholder="your_username"
className="w-full px-4 py-3 bg-slate-900 border border-slate-700 rounded-xl text-white placeholder-slate-500 focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:border-transparent transition-all"
required
disabled={isLoading}
/>
</div>
<div>
<label className="block text-sm font-bold text-slate-300 mb-2">Email (Optional)</label>
<input
type="email"
value={email}
onChange={(e) => setEmail(e.target.value)}
placeholder="you@example.com"
className="w-full px-4 py-3 bg-slate-900 border border-slate-700 rounded-xl text-white placeholder-slate-500 focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:border-transparent transition-all"
disabled={isLoading}
/>
</div>
{/* Password-specific fields */}
{authMethod === 'password' && (
<>
<div>
<label className="block text-sm font-bold text-slate-300 mb-2">Password</label>
<input
type="password"
value={password}
onChange={(e) => {
setPassword(e.target.value);
checkPasswordStrength(e.target.value);
}}
placeholder="Min. 12 characters"
className="w-full px-4 py-3 bg-slate-900 border border-slate-700 rounded-xl text-white placeholder-slate-500 focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:border-transparent transition-all"
required
disabled={isLoading}
/>
{passwordStrength && password.length > 0 && (
<div className="mt-2 flex items-center gap-2">
<div className="flex-1 h-2 bg-slate-800 rounded-full overflow-hidden">
<div
className={`h-full transition-all ${
passwordStrength.score <= 1 ? 'bg-red-500' :
passwordStrength.score === 2 ? 'bg-yellow-500' :
passwordStrength.score === 3 ? 'bg-blue-500' : 'bg-green-500'
}`}
style={{ width: `${(passwordStrength.score / 5) * 100}%` }}
></div>
</div>
<span className="text-xs text-slate-400">{passwordStrength.message}</span>
</div>
)}
</div>
<div>
<label className="block text-sm font-bold text-slate-300 mb-2">Confirm Password</label>
<input
type="password"
value={confirmPassword}
onChange={(e) => setConfirmPassword(e.target.value)}
placeholder="Repeat password"
className="w-full px-4 py-3 bg-slate-900 border border-slate-700 rounded-xl text-white placeholder-slate-500 focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:border-transparent transition-all"
required
disabled={isLoading}
/>
</div>
</>
)}
<div>
<label className="block text-sm font-bold text-slate-300 mb-2">Community Name (Optional)</label>
<input
type="text"
value={communityName}
onChange={(e) => setCommunityName(e.target.value)}
placeholder="e.g., Elite Tactical Gaming"
className="w-full px-4 py-3 bg-slate-900 border border-slate-700 rounded-xl text-white placeholder-slate-500 focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:border-transparent transition-all"
disabled={isLoading}
/>
</div>
{error && (
<div className="p-4 bg-red-500/10 border border-red-500/20 rounded-xl flex items-start space-x-3">
<AlertCircle className="w-5 h-5 text-red-400 flex-shrink-0 mt-0.5" />
<div>
<h3 className="text-sm font-bold text-red-200">Registration Failed</h3>
<p className="text-xs text-red-400/80 mt-1">{error}</p>
</div>
</div>
)}
<button
type="submit"
disabled={isLoading || !username.trim() || (authMethod === 'password' && (!password || !confirmPassword))}
className="w-full bg-indigo-600 hover:bg-indigo-500 disabled:bg-slate-800 disabled:text-slate-600 text-white font-bold py-4 rounded-xl transition-all duration-200 shadow-lg shadow-indigo-600/20 active:scale-95 flex items-center justify-center space-x-2"
>
{isLoading ? (
<>
<Loader2 className="w-5 h-5 animate-spin" />
<span>Creating Account...</span>
</>
) : (
<>
{authMethod === 'password' ? <Shield className="w-5 h-5" /> : <Fingerprint className="w-5 h-5" />}
<span>Create Account with {authMethod === 'password' ? 'Password' : 'Passkey'}</span>
</>
)}
</button>
</form>
{/* Security Info */}
<div className="mt-6 pt-6 border-t border-slate-800">
<div className="flex items-start space-x-3 text-xs text-slate-500">
<CheckCircle className="w-4 h-4 text-green-500 flex-shrink-0 mt-0.5" />
<p>Your master encryption key is generated client-side and never leaves your device unencrypted.</p>
</div>
</div>
</div>
{/* Switch to Login */}
<p className="text-center text-sm text-slate-500 mt-6">
Already have an account?{' '}
<button onClick={onSwitchToLogin} className="text-indigo-400 hover:text-indigo-300 font-bold transition-colors">
Sign in
</button>
</p>
</div>
</div>
);
};

79
web/dashboard/src/contexts/VaultContext.tsx Normal file
View File

@@ -0,0 +1,79 @@
import React, { createContext, useContext, useState, useEffect, useRef } from 'react';
interface VaultContextType {
isLocked: boolean;
isAuthenticated: boolean;
communityId: string | null;
unlock: (key: Uint8Array, communityId: string) => void;
lock: () => void;
decrypt: (data: Uint8Array) => Promise<string>;
}
const VaultContext = createContext<VaultContextType | undefined>(undefined);
export const VaultProvider: React.FC<{ children: React.ReactNode }> = ({ children }) => {
const [isLocked, setIsLocked] = useState(true);
const [isAuthenticated, setIsAuthenticated] = useState(false);
const [communityId, setCommunityId] = useState<string | null>(null);
const workerRef = useRef<Worker | null>(null);
useEffect(() => {
// Initialize the worker
workerRef.current = new Worker(new URL('../workers/crypto.worker.ts', import.meta.url), {
type: 'module'
});
return () => {
workerRef.current?.terminate();
};
}, []);
const unlock = (key: Uint8Array, community: string) => {
workerRef.current?.postMessage({ type: 'SET_KEY', payload: key });
setIsLocked(false);
setIsAuthenticated(true);
setCommunityId(community);
};
const lock = () => {
// We don't just set the state, we terminate and recreate the worker to clear the memory
workerRef.current?.terminate();
workerRef.current = new Worker(new URL('../workers/crypto.worker.ts', import.meta.url), {
type: 'module'
});
setIsLocked(true);
setIsAuthenticated(false);
setCommunityId(null);
};
const decrypt = (data: Uint8Array): Promise<string> => {
return new Promise((resolve, reject) => {
if (isLocked) return reject('Vault is locked');
const handleMessage = (e: MessageEvent) => {
if (e.data.type === 'DECRYPTED') {
workerRef.current?.removeEventListener('message', handleMessage);
resolve(e.data.payload);
} else if (e.data.type === 'ERROR') {
workerRef.current?.removeEventListener('message', handleMessage);
reject(e.data.message);
}
};
workerRef.current?.addEventListener('message', handleMessage);
workerRef.current?.postMessage({ type: 'DECRYPTED', payload: data });
});
};
return (
<VaultContext.Provider value={{ isLocked, isAuthenticated, communityId, unlock, lock, decrypt }}>
{children}
</VaultContext.Provider>
);
};
export const useVault = () => {
const context = useContext(VaultContext);
if (!context) throw new Error('useVault must be used within a VaultProvider');
return context;
};

91
web/dashboard/src/index.css Normal file
View File

@@ -0,0 +1,91 @@
@import "tailwindcss";
@theme {
--color-background: hsl(var(--background));
--color-foreground: hsl(var(--foreground));
--color-card: hsl(var(--card));
--color-card-foreground: hsl(var(--card-foreground));
--color-popover: hsl(var(--popover));
--color-popover-foreground: hsl(var(--popover-foreground));
--color-primary: hsl(var(--primary));
--color-primary-foreground: hsl(var(--primary-foreground));
--color-secondary: hsl(var(--secondary));
--color-secondary-foreground: hsl(var(--secondary-foreground));
--color-muted: hsl(var(--muted));
--color-muted-foreground: hsl(var(--muted-foreground));
--color-accent: hsl(var(--accent));
--color-accent-foreground: hsl(var(--accent-foreground));
--color-destructive: hsl(var(--destructive));
--color-destructive-foreground: hsl(var(--destructive-foreground));
--color-border: hsl(var(--border));
--color-input: hsl(var(--input));
--color-ring: hsl(var(--ring));
--radius-lg: var(--radius);
--radius-md: calc(var(--radius) - 2px);
--radius-sm: calc(var(--radius) - 4px);
}
@layer base {
:root {
--background: 0 0% 100%;
--foreground: 222.2 84% 4.9%;
--card: 0 0% 100%;
--card-foreground: 222.2 84% 4.9%;
--popover: 0 0% 100%;
--popover-foreground: 222.2 84% 4.9%;
--primary: 222.2 47.4% 11.2%;
--primary-foreground: 210 40% 98%;
--secondary: 210 40% 96.1%;
--secondary-foreground: 222.2 47.4% 11.2%;
--muted: 210 40% 96.1%;
--muted-foreground: 215.4 16.3% 46.9%;
--accent: 210 40% 96.1%;
--accent-foreground: 222.2 47.4% 11.2%;
--destructive: 0 84.2% 60.2%;
--destructive-foreground: 210 40% 98%;
--border: 214.3 31.8% 91.4%;
--input: 214.3 31.8% 91.4%;
--ring: 222.2 84% 4.9%;
--radius: 0.5rem;
}
.dark {
--background: 222.2 84% 4.9%;
--foreground: 210 40% 98%;
--card: 222.2 84% 4.9%;
--card-foreground: 210 40% 98%;
--popover: 222.2 84% 4.9%;
--popover-foreground: 210 40% 98%;
--primary: 210 40% 98%;
--primary-foreground: 222.2 47.4% 11.2%;
--secondary: 217.2 32.6% 17.5%;
--secondary-foreground: 210 40% 98%;
--muted: 217.2 32.6% 17.5%;
--muted-foreground: 215 20.2% 65.1%;
--accent: 217.2 32.6% 17.5%;
--accent-foreground: 210 40% 98%;
--destructive: 0 62.8% 30.6%;
--destructive-foreground: 210 40% 98%;
--border: 217.2 32.6% 17.5%;
--input: 217.2 32.6% 17.5%;
--ring: 212.7 26.8% 83.9%;
}
}
@layer base {
* {
@apply border-border;
}
body {
@apply bg-background text-foreground;
}
}

62
web/dashboard/src/lib/crypto.ts Normal file
View File

@@ -0,0 +1,62 @@
/**
* Zero-Knowledge Cryptography Utility
* Uses the Web Crypto API for hardware-accelerated AES-GCM.
*/
export async function importKey(keyData: Uint8Array): Promise<CryptoKey> {
return await self.crypto.subtle.importKey(
"raw",
keyData,
{ name: "AES-GCM" },
false,
["decrypt", "encrypt"]
);
}
export async function decryptLog(
encryptedData: Uint8Array,
key: CryptoKey
): Promise<string> {
// Our Go implementation sends [Nonce (12 bytes)][Ciphertext]
const nonce = encryptedData.slice(0, 12);
const ciphertext = encryptedData.slice(12);
const decrypted = await self.crypto.subtle.decrypt(
{
name: "AES-GCM",
iv: nonce,
},
key,
ciphertext
);
return new TextDecoder().decode(decrypted);
}
/**
* Derives a 256-bit key from a password and salt using PBKDF2.
* (Used if WebAuthn is not providing a raw key directly)
*/
export async function deriveKey(password: string, salt: string): Promise<Uint8Array> {
const enc = new TextEncoder();
const keyMaterial = await self.crypto.subtle.importKey(
"raw",
enc.encode(password),
"PBKDF2",
false,
["deriveBits", "deriveKey"]
);
const keyBits = await self.crypto.subtle.deriveBits(
{
name: "PBKDF2",
salt: enc.encode(salt),
iterations: 100000,
hash: "SHA-256",
},
keyMaterial,
256
);
return new Uint8Array(keyBits);
}

218
web/dashboard/src/lib/webauthn.ts Normal file
View File

@@ -0,0 +1,218 @@
/**
* Zero-Knowledge WebAuthn Client
* Hardware-bound authentication without passwords
*/
interface RegistrationOptions {
challenge: string;
rp: {
name: string;
id: string;
};
user: {
id: string;
name: string;
displayName: string;
};
pubKeyCredParams: Array<{
type: string;
alg: number;
}>;
timeout: number;
attestation: string;
authenticatorSelection: {
authenticatorAttachment?: string;
requireResidentKey: boolean;
userVerification: string;
};
}
interface AuthenticationOptions {
challenge: string;
timeout: number;
rpId: string;
allowCredentials: string[];
userVerification: string;
}
/**
* Base64URL encoding/decoding utilities
*/
function base64urlToBuffer(base64url: string): ArrayBuffer {
const base64 = base64url.replace(/-/g, '+').replace(/_/g, '/');
const padded = base64.padEnd(base64.length + (4 - (base64.length % 4)) % 4, '=');
const binary = atob(padded);
const bytes = new Uint8Array(binary.length);
for (let i = 0; i < binary.length; i++) {
bytes[i] = binary.charCodeAt(i);
}
return bytes.buffer;
}
function bufferToBase64url(buffer: ArrayBuffer): string {
const bytes = new Uint8Array(buffer);
let binary = '';
for (let i = 0; i < bytes.length; i++) {
binary += String.fromCharCode(bytes[i]);
}
return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
}
/**
* Register a new WebAuthn credential (hardware key, biometric, etc.)
*/
export async function registerWebAuthn(
username: string,
displayName: string,
email: string
): Promise<{ success: boolean; error?: string }> {
try {
// Step 1: Request registration options from backend
const beginRes = await fetch('/api/auth/register/begin', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ username, displayName, email }),
});
if (!beginRes.ok) {
throw new Error('Failed to begin registration');
}
const options: RegistrationOptions = await beginRes.json();
// Step 2: Create credential via browser's WebAuthn API
const credential = await navigator.credentials.create({
publicKey: {
challenge: base64urlToBuffer(options.challenge),
rp: options.rp,
user: {
id: new TextEncoder().encode(options.user.id),
name: options.user.name,
displayName: options.user.displayName,
},
pubKeyCredParams: options.pubKeyCredParams,
timeout: options.timeout,
attestation: options.attestation as AttestationConveyancePreference,
authenticatorSelection: options.authenticatorSelection as AuthenticatorSelectionCriteria,
},
}) as PublicKeyCredential | null;
if (!credential) {
throw new Error('Credential creation cancelled');
}
const response = credential.response as AuthenticatorAttestationResponse;
// Step 3: Send credential to backend for verification
const finishRes = await fetch('/api/auth/register/finish', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
id: credential.id,
rawId: bufferToBase64url(credential.rawId),
type: credential.type,
response: {
attestationObject: bufferToBase64url(response.attestationObject),
clientDataJSON: bufferToBase64url(response.clientDataJSON),
},
}),
});
if (!finishRes.ok) {
throw new Error('Registration verification failed');
}
return { success: true };
} catch (error) {
console.error('WebAuthn registration error:', error);
return { success: false, error: (error as Error).message };
}
}
/**
* Authenticate using WebAuthn and retrieve the wrapped master key
*/
export async function authenticateWebAuthn(
username: string
): Promise<{ success: boolean; masterKey?: Uint8Array; communityId?: string; error?: string }> {
try {
// Step 1: Request authentication options from backend
const beginRes = await fetch('/api/auth/login/begin', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ username }),
});
if (!beginRes.ok) {
throw new Error('Failed to begin authentication');
}
const options: AuthenticationOptions = await beginRes.json();
// Step 2: Get credential via browser's WebAuthn API
const credential = await navigator.credentials.get({
publicKey: {
challenge: base64urlToBuffer(options.challenge),
timeout: options.timeout,
rpId: options.rpId,
allowCredentials: options.allowCredentials.map((id) => ({
type: 'public-key' as const,
id: base64urlToBuffer(id),
})),
userVerification: options.userVerification as UserVerificationRequirement,
},
}) as PublicKeyCredential | null;
if (!credential) {
throw new Error('Authentication cancelled');
}
const response = credential.response as AuthenticatorAssertionResponse;
// Step 3: Send signature to backend for verification
const finishRes = await fetch('/api/auth/login/finish', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
id: credential.id,
rawId: bufferToBase64url(credential.rawId),
type: credential.type,
response: {
authenticatorData: bufferToBase64url(response.authenticatorData),
clientDataJSON: bufferToBase64url(response.clientDataJSON),
signature: bufferToBase64url(response.signature),
userHandle: response.userHandle ? bufferToBase64url(response.userHandle) : null,
},
}),
});
if (!finishRes.ok) {
throw new Error('Authentication failed');
}
const result = await finishRes.json();
// Step 4: Unwrap the master key (returned from backend after successful auth)
const masterKeyBytes = new TextEncoder().encode(result.masterKey);
return {
success: true,
masterKey: masterKeyBytes,
communityId: result.communityId,
};
} catch (error) {
console.error('WebAuthn authentication error:', error);
return { success: false, error: (error as Error).message };
}
}
/**
* Check if WebAuthn is supported in this browser
*/
export function isWebAuthnSupported(): boolean {
return (
window.PublicKeyCredential !== undefined &&
navigator.credentials !== undefined &&
navigator.credentials.create !== undefined
);
}

10
web/dashboard/src/main.tsx Normal file
View File

@@ -0,0 +1,10 @@
import { StrictMode } from 'react'
import { createRoot } from 'react-dom/client'
import './index.css'
import App from './App.tsx'
createRoot(document.getElementById('root')!).render(
<StrictMode>
<App />
</StrictMode>,
)

29
web/dashboard/src/workers/crypto.worker.ts Normal file
View File

@@ -0,0 +1,29 @@
// crypto.worker.ts
import { importKey, decryptLog } from '../lib/crypto';
let cryptoKey: CryptoKey | null = null;
self.onmessage = async (event) => {
const { type, payload } = event.data;
switch (type) {
case 'SET_KEY':
// payload is the raw Uint8Array key
cryptoKey = await importKey(payload);
self.postMessage({ type: 'KEY_READY' });
break;
case 'DECRYPT':
if (!cryptoKey) {
self.postMessage({ type: 'ERROR', message: 'No key set' });
return;
}
try {
const decrypted = await decryptLog(payload, cryptoKey);
self.postMessage({ type: 'DECRYPTED', payload: decrypted });
} catch (err) {
self.postMessage({ type: 'ERROR', message: 'Decryption failed' });
}
break;
}
};