indifferentketchup/broccolini-bot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security hardening

Browse Source
This commit is contained in:
indifferentketchup
2026-04-18 11:10:41 +00:00
parent a409203025
commit 21618efbad
36 changed files with 1455 additions and 283 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
settings-site/public/css/login.css Normal file
View File

@@ -0,0 +1,49 @@
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
font-family: 'Inter', sans-serif;
background: #0f1117;
color: #e0e0e0;
display: flex;
align-items: center;
justify-content: center;
min-height: 100vh;
}
.login-card {
background: #1e2235;
border: 1px solid #2a2d3e;
border-radius: 16px;
padding: 48px 40px;
width: 380px;
text-align: center;
box-shadow: 0 8px 32px rgba(0, 0, 0, 0.4);
}
.login-card h1 { font-size: 22px; font-weight: 700; margin-bottom: 8px; }
.login-card p { font-size: 14px; color: #888; margin-bottom: 32px; }
.login-card input {
width: 100%;
padding: 12px 16px;
background: #0f1117;
border: 1px solid #2a2d3e;
border-radius: 8px;
color: #e0e0e0;
font-size: 14px;
margin-bottom: 16px;
outline: none;
transition: border-color 200ms;
}
.login-card input:focus { border-color: #5865f2; }
.login-card button {
width: 100%;
padding: 12px;
background: #5865f2;
color: #fff;
border: none;
border-radius: 8px;
font-size: 14px;
font-weight: 600;
cursor: pointer;
transition: background 200ms;
}
.login-card button:hover { background: #4752c4; }
.error { color: #ed4245; font-size: 13px; margin-top: 8px; display: none; }
.error.visible { display: block; }

23
settings-site/public/css/main.css
View File

@@ -132,3 +132,26 @@ body { font-family: 'Inter', sans-serif; background: var(--bg); color: var(--tex
.loading.hidden { display: none; }
.spinner { width: 40px; height: 40px; border: 3px solid var(--border); border-top-color: var(--accent); border-radius: 50%; animation: spin 0.8s linear infinite; }
@keyframes spin { to { transform: rotate(360deg); } }
/* Notifications section */
#s-notifications .notif-tabs { display: flex; gap: 8px; flex-wrap: wrap; margin-bottom: 16px; }
#s-notifications .notif-tab-btn { border: 1px solid var(--border); background: var(--surface); color: var(--text); border-radius: 8px; padding: 8px 12px; cursor: pointer; }
#s-notifications .notif-tab-btn.active { border-color: var(--accent); color: var(--accent); }
#s-notifications .notif-panel.hidden { display: none; }
#s-notifications .notif-editor { border: 1px solid var(--border); border-radius: 10px; padding: 14px; margin-bottom: 14px; background: var(--surface); }
#s-notifications .notif-chips { display: flex; gap: 8px; flex-wrap: wrap; margin: 10px 0; min-height: 28px; }
#s-notifications .notif-chip { display: inline-flex; align-items: center; gap: 8px; border: 1px solid var(--border); background: var(--bg); border-radius: 999px; padding: 4px 10px; font-size: 12px; }
#s-notifications .notif-chip button { border: none; background: transparent; color: var(--text-muted); cursor: pointer; padding: 0; line-height: 1; font-size: 14px; }
#s-notifications .notif-input-row { display: flex; gap: 8px; flex-wrap: wrap; align-items: center; }
#s-notifications .notif-input-row input { width: 220px; }
#s-notifications .notif-presets { display: flex; gap: 8px; flex-wrap: wrap; margin-top: 10px; }
#s-notifications .notif-presets button { padding: 6px 10px; border-radius: 8px; border: 1px solid var(--border); background: var(--bg); color: var(--text); cursor: pointer; }
#s-notifications .notif-trigger { margin-top: 10px; }
#s-notifications .notif-trigger summary { cursor: pointer; color: var(--text-muted); font-weight: 600; margin-bottom: 10px; }
/* Logging section cross-link hint */
.logging-hint { color: var(--text-muted); font-size: 13px; }
.logging-hint a { color: var(--accent); }
/* Logout form inline layout */
.logout-form { display: inline; }

33
settings-site/public/index.html
View File

@@ -36,7 +36,7 @@
<span id="bot-status-text">Checking...</span>
</div>
<div class="actions">
<form action="/logout" method="POST" style="display:inline"><button type="submit">Logout</button></form>
<button type="button" id="logout-btn">Logout</button>
</div>
</div>
@@ -159,23 +159,6 @@
<div class="section" id="s-notifications">
<div class="section-header"><h2>Notifications</h2><p>Threshold milestones and trigger conditions by alert category</p><span class="chevron">&#9660;</span></div>
<div class="section-body">
<style>
#s-notifications .notif-tabs { display:flex; gap:8px; flex-wrap:wrap; margin-bottom:16px; }
#s-notifications .notif-tab-btn { border:1px solid var(--border); background:var(--surface-2); color:var(--text); border-radius:8px; padding:8px 12px; cursor:pointer; }
#s-notifications .notif-tab-btn.active { border-color:var(--accent); color:var(--accent); }
#s-notifications .notif-panel.hidden { display:none; }
#s-notifications .notif-editor { border:1px solid var(--border); border-radius:10px; padding:14px; margin-bottom:14px; background:var(--surface-2); }
#s-notifications .notif-chips { display:flex; gap:8px; flex-wrap:wrap; margin:10px 0; min-height:28px; }
#s-notifications .notif-chip { display:inline-flex; align-items:center; gap:8px; border:1px solid var(--border); background:var(--surface); border-radius:999px; padding:4px 10px; font-size:12px; }
#s-notifications .notif-chip button { border:none; background:transparent; color:var(--text-muted); cursor:pointer; padding:0; line-height:1; font-size:14px; }
#s-notifications .notif-input-row { display:flex; gap:8px; flex-wrap:wrap; align-items:center; }
#s-notifications .notif-input-row input { width:220px; }
#s-notifications .notif-presets { display:flex; gap:8px; flex-wrap:wrap; margin-top:10px; }
#s-notifications .notif-presets button { padding:6px 10px; border-radius:8px; border:1px solid var(--border); background:var(--surface); color:var(--text); cursor:pointer; }
#s-notifications .notif-trigger { margin-top:10px; }
#s-notifications .notif-trigger summary { cursor:pointer; color:var(--text-muted); font-weight:600; margin-bottom:10px; }
</style>
<input type="hidden" data-key="NOTIFICATION_THRESHOLDS_JSON">
<div class="notif-tabs" role="tablist" aria-label="Notification categories">
@@ -294,7 +277,7 @@
<div class="section" id="s-logging">
<div class="section-header"><h2>Logging</h2><p>Log channel configuration (channels set in Channels section)</p><span class="chevron">&#9660;</span></div>
<div class="section-body"><div class="field-grid">
<div class="field full-width"><p style="color:var(--text-muted);font-size:13px;">Log channels are configured in the <a href="/channels" style="color:var(--accent);">Channels</a> section. This section shows which logs are active based on configured channels.</p></div>
<div class="field full-width"><p class="logging-hint">Log channels are configured in the <a href="/channels">Channels</a> section. This section shows which logs are active based on configured channels.</p></div>
</div></div>
</div>
@@ -359,7 +342,6 @@
<div class="field"><label>Settings Port</label><input type="number" data-key="SETTINGS_PORT"></div>
<div class="field"><label>Settings Domain</label><input type="text" data-key="SETTINGS_DOMAIN"></div>
<div class="field"><label>Internal API Port</label><input type="number" data-key="INTERNAL_API_PORT"></div>
<div class="field"><label>Internal API Secret</label><input type="password" data-key="INTERNAL_API_SECRET"></div>
<div class="field"><label>Support Name</label><input type="text" data-key="SUPPORT_NAME"></div>
<div class="field"><label>Logo URL</label><input type="text" data-key="LOGO_URL"></div>
<div class="field full-width"><label>Game List (comma-separated)</label><textarea data-key="GAME_LIST" rows="3"></textarea></div>
@@ -378,10 +360,9 @@
<div id="save-bar" class="save-bar">
<span id="change-count">0 unsaved changes</span>
<div class="save-actions">
<button onclick="saveConfig('apply')">Save &amp; Apply</button>
<button onclick="saveConfig('pending')" class="secondary">Save (pending restart)</button>
<button onclick="saveConfig('restart')" class="danger">Save &amp; Restart Now</button>
<button onclick="openScheduleModal()" class="secondary">Schedule restart...</button>
<button type="button" id="save-btn">Save</button>
<button type="button" id="save-restart-btn" class="danger">Save &amp; Restart Now</button>
<button type="button" id="schedule-restart-btn" class="secondary">Schedule restart...</button>
</div>
</div>
@@ -391,8 +372,8 @@
<h3>Schedule restart</h3>
<input type="datetime-local" id="schedule-datetime">
<div class="modal-actions">
<button onclick="confirmScheduledRestart()">Schedule</button>
<button onclick="document.getElementById('schedule-modal').classList.add('hidden')" class="secondary">Cancel</button>
<button type="button" id="schedule-confirm-btn">Schedule</button>
<button type="button" id="schedule-cancel-btn" class="secondary">Cancel</button>
</div>
</div>
</div>

62
settings-site/public/js/app.js
View File

@@ -1,6 +1,19 @@
let savedConfig = {};
let pendingChanges = {};
let notificationThresholdsState = {};
let csrfToken = '';
async function fetchCsrfToken() {
const res = await fetch('/api/csrf-token', { credentials: 'same-origin' });
if (!res.ok) throw new Error('Failed to fetch CSRF token');
const data = await res.json();
csrfToken = data.csrfToken;
return csrfToken;
}
function csrfHeaders(base = {}) {
return { ...base, 'x-csrf-token': csrfToken };
}
const NOTIFICATION_PRESETS = ['15m', '30m', '1h', '2h', '4h', '8h', '1d'];
const NOTIFICATION_TAB_KEYS = {
@@ -80,8 +93,9 @@ const NOTIFICATION_ALERT_DESCRIPTIONS = {
async function init() {
document.getElementById('loading').classList.remove('hidden');
try {
await fetchCsrfToken();
const [config] = await Promise.all([
fetch('/api/config').then(r => r.json()),
fetch('/api/config', { credentials: 'same-origin' }).then(r => r.json()),
DiscordFields.fetchGuildData()
]);
savedConfig = config;
@@ -177,10 +191,16 @@ function updateSaveBar() {
}
async function saveConfig(mode) {
const buttons = document.querySelectorAll('#save-bar button');
buttons.forEach(b => b.disabled = true);
try {
if (mode === 'restart' && !confirm('Save changes and restart the bot now?')) {
return;
}
const res = await fetch('/api/config', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
credentials: 'same-origin',
headers: csrfHeaders({ 'Content-Type': 'application/json' }),
body: JSON.stringify(pendingChanges)
});
const data = await res.json();
@@ -191,19 +211,25 @@ async function saveConfig(mode) {
document.querySelectorAll('.changed').forEach(el => el.classList.remove('changed'));
showToast(`${data.applied.length} settings saved.`, 'success');
}
if (data.errors && data.errors.length > 0) {
const hasErrors = data.errors && data.errors.length > 0;
if (hasErrors) {
showToast(`Errors: ${data.errors.join(', ')}`, 'error');
}
if (mode === 'restart') {
if (mode === 'restart' && !hasErrors) {
await fetch('/api/restart', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
credentials: 'same-origin',
headers: csrfHeaders({ 'Content-Type': 'application/json' }),
body: JSON.stringify({ mode: 'immediate' })
});
showToast('Restart initiated.', 'warning');
} else if (mode === 'restart' && hasErrors) {
showToast('Restart cancelled due to save errors.', 'warning');
}
} catch (e) {
showToast('Failed to save. Bot may be unreachable.', 'error');
} finally {
buttons.forEach(b => b.disabled = false);
}
}
@@ -221,13 +247,36 @@ async function confirmScheduledRestart() {
if (!dt) return;
await fetch('/api/restart', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
credentials: 'same-origin',
headers: csrfHeaders({ 'Content-Type': 'application/json' }),
body: JSON.stringify({ mode: 'scheduled', scheduledFor: new Date(dt).toISOString() })
});
document.getElementById('schedule-modal').classList.add('hidden');
showToast(`Restart scheduled for ${new Date(dt).toLocaleString()}`, 'warning');
}
async function doLogout() {
try {
await fetch('/logout', {
method: 'POST',
credentials: 'same-origin',
headers: csrfHeaders()
});
} catch (e) { /* ignore */ }
window.location.href = '/login';
}
function setupActionButtons() {
document.getElementById('save-btn')?.addEventListener('click', () => saveConfig('save'));
document.getElementById('save-restart-btn')?.addEventListener('click', () => saveConfig('restart'));
document.getElementById('schedule-restart-btn')?.addEventListener('click', openScheduleModal);
document.getElementById('schedule-confirm-btn')?.addEventListener('click', confirmScheduledRestart);
document.getElementById('schedule-cancel-btn')?.addEventListener('click', () => {
document.getElementById('schedule-modal').classList.add('hidden');
});
document.getElementById('logout-btn')?.addEventListener('click', doLogout);
}
function showToast(message, type = 'success') {
const toast = document.createElement('div');
toast.className = `toast toast-${type}`;
@@ -470,6 +519,7 @@ function setupSidebarRouting() {
document.addEventListener('DOMContentLoaded', async () => {
setupSidebarRouting();
setupActionButtons();
await init();
navigate(location.pathname, false);
});

36
settings-site/public/js/login.js Normal file
View File

@@ -0,0 +1,36 @@
async function fetchCsrfToken() {
const res = await fetch('/api/csrf-token', { credentials: 'same-origin' });
if (!res.ok) throw new Error('Failed to fetch CSRF token');
const data = await res.json();
return data.csrfToken;
}
document.getElementById('login-form').addEventListener('submit', async (e) => {
e.preventDefault();
const password = document.getElementById('password').value;
const errorEl = document.getElementById('error');
errorEl.classList.remove('visible');
try {
const csrfToken = await fetchCsrfToken();
const res = await fetch('/login', {
method: 'POST',
credentials: 'same-origin',
headers: {
'Content-Type': 'application/json',
'x-csrf-token': csrfToken
},
body: JSON.stringify({ password })
});
if (res.ok) {
window.location.href = '/';
} else {
const data = await res.json().catch(() => ({}));
errorEl.textContent = data.error || 'Invalid password';
errorEl.classList.add('visible');
}
} catch (err) {
errorEl.textContent = 'Login failed. Please try again.';
errorEl.classList.add('visible');
}
});

30
settings-site/public/login.html
View File

@@ -6,18 +6,7 @@
<title>Broccolini Settings - Login</title>
<link rel="preconnect" href="https://fonts.googleapis.com">
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet">
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body { font-family: 'Inter', sans-serif; background: #0f1117; color: #e0e0e0; display: flex; align-items: center; justify-content: center; min-height: 100vh; }
.login-card { background: #1e2235; border: 1px solid #2a2d3e; border-radius: 16px; padding: 48px 40px; width: 380px; text-align: center; box-shadow: 0 8px 32px rgba(0,0,0,0.4); }
.login-card h1 { font-size: 22px; font-weight: 700; margin-bottom: 8px; }
.login-card p { font-size: 14px; color: #888; margin-bottom: 32px; }
.login-card input { width: 100%; padding: 12px 16px; background: #0f1117; border: 1px solid #2a2d3e; border-radius: 8px; color: #e0e0e0; font-size: 14px; margin-bottom: 16px; outline: none; transition: border-color 200ms; }
.login-card input:focus { border-color: #5865f2; }
.login-card button { width: 100%; padding: 12px; background: #5865f2; color: #fff; border: none; border-radius: 8px; font-size: 14px; font-weight: 600; cursor: pointer; transition: background 200ms; }
.login-card button:hover { background: #4752c4; }
.error { color: #ed4245; font-size: 13px; margin-top: 8px; display: none; }
</style>
<link rel="stylesheet" href="/css/login.css">
</head>
<body>
<div class="login-card">
@@ -29,21 +18,6 @@
<div class="error" id="error">Invalid password</div>
</form>
</div>
<script>
document.getElementById('login-form').addEventListener('submit', async (e) => {
e.preventDefault();
const password = document.getElementById('password').value;
const res = await fetch('/login', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ password })
});
if (res.ok) {
window.location.href = '/';
} else {
document.getElementById('error').style.display = 'block';
}
});
</script>
<script src="/js/login.js"></script>
</body>
</html>