feat(auth): challenge-response verification on every connection attempt#3
Open
genspark-ai-developer[bot] wants to merge 1 commit intomainfrom
Open
feat(auth): challenge-response verification on every connection attempt#3genspark-ai-developer[bot] wants to merge 1 commit intomainfrom
genspark-ai-developer[bot] wants to merge 1 commit intomainfrom
Conversation
- server/routes/auth.ts: fix ordering bug — check challenge expiry
BEFORE deleting it from the DB; return distinct 'challenge_expired'
error code so clients can give a clear message
- src/services/api.js: centralise all fetch calls in apiFetch() which
surfaces network errors clearly; add verifyConnection() helper that
runs the full challenge→sign→verify round-trip in one call
- src/pages/Setup.jsx: after activation, immediately run
verifyConnection() to confirm the server accepted the keys before
saving the vault; show per-step status ('Generating keys…',
'Activating…', 'Verifying…'); show human-readable errors on failure;
same verification step added to the import-from-file flow
- src/pages/Unlock.jsx: use verifyConnection() directly; add granular
status labels for each step; distinguish 'wrong password' from
'server rejected credentials' from 'server unreachable'
- src/pages/Entry.jsx: silent-mode auto-unlock now runs
verifyConnection() and shows step-level progress; error screen
differentiates connection errors from vault errors, and the Retry
button properly re-runs the whole check cycle
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements the requirement: before letting a user in, perform a full challenge-response round-trip to confirm the credentials actually work. If verification fails, show a clear error and block access.
Changes
server/routes/auth.ts— bug fixchallenge_expirederror code so the client can distinguish "wrong credentials" from "took too long".src/services/api.js— hardened fetch layerapiFetch()wrapper that:fetch()throwing) and surfaces them as "Cannot reach server. Check that it is running."errorfield.verifyConnection(number, privateSigningKeyJwk)helper — performs the complete challenge → sign → verify sequence in one call. Used by all three entry-point screens.src/pages/Setup.jsx— verification after activationverifyConnection()is immediately called to confirm the keys work.src/pages/Unlock.jsx— verification on password unlockverifyConnection()after the vault is decrypted.src/pages/Entry.jsx— verification on silent auto-unlockverifyConnection()before navigating to/.