Updated the README

Added new security layers
2025-08-22 12:39:51 -04:00
parent fb7428064f
commit 720c7e0b52
7 changed files with 695 additions and 552 deletions
--- a/client/auth_callback.html
+++ b/client/auth_callback.html
@@ -1,43 +1,20 @@
 <!doctype html>
-<html>
-<head>
-  <meta charset="utf-8"/>
-  <title>GreenCoast — Auth Callback</title>
-  <meta name="viewport" content="width=device-width, initial-scale=1"/>
-  <style>
-    body { font-family: system-ui, -apple-system, Segoe UI, Roboto, Arial; background:#0b1117; color:#e6edf3; display:flex; align-items:center; justify-content:center; height:100vh; }
-    .card { background:#0f1621; padding:1rem 1.2rem; border-radius:14px; max-width:560px; }
-    .muted{ color:#8b949e; }
-  </style>
-</head>
-<body>
-  <div class="card">
-    <h3>Signing you in…</h3>
-    <div id="msg" class="muted">Please wait.</div>
-  </div>
-<script type="module">
-  const params = new URLSearchParams(location.search);
-  const code = params.get("code");
-  const origin = location.origin; // shard and client served together
-  const msg = (t)=>document.getElementById("msg").textContent = t;
-
-  async function run() {
-    if (!code) { msg("Missing 'code' parameter."); return; }
-    try {
-      const r = await fetch(origin + "/v1/auth/discord/callback?assent=1&code=" + encodeURIComponent(code));
-      if (!r.ok) { msg("Exchange failed: " + r.status); return; }
-      const j = await r.json();
-      const key = "gc_client_config_v1";
-      const cfg = JSON.parse(localStorage.getItem(key) || "{}");
-      cfg.bearer = j.token;
-      localStorage.setItem(key, JSON.stringify(cfg));
-      msg("Success. Redirecting…");
-      setTimeout(()=>location.href="/", 800);
-    } catch(e) {
-      msg("Error: " + (e?.message || e));
-    }
-  }
-  run();
+<meta charset="utf-8">
+<title>Signing you in…</title>
+<script>
+(function(){
+  const hash = new URLSearchParams(location.hash.slice(1));
+  const bearer = hash.get("bearer");
+  const next = hash.get("next") || "/";
+  try {
+    // Prefer sessionStorage; keep localStorage for backward compatibility
+    if (bearer) sessionStorage.setItem("gc_bearer", bearer);
+    const k = "gc_client_config_v1";
+    const cfg = JSON.parse(localStorage.getItem(k) || "{}");
+    if (bearer) cfg.bearer = bearer;
+    localStorage.setItem(k, JSON.stringify(cfg));
+  } catch {}
+  history.replaceState(null, "", next);
+  location.href = next;
+})();
 </script>
-</body>
-</html>