update beta ProxMenux 1.2.1.1-beta

AppImage/lib/api-config.ts

@@ -91,7 +91,22 @@ export async function fetchApi<T>(endpoint: string, options?: RequestInit): Prom
 
     if (!response.ok) {
       if (response.status === 401) {
-        console.error("[v0] fetchApi: 401 UNAUTHORIZED -", endpoint, "- Token present:", !!token)
+        // Token is missing, expired, or signed under a previous JWT_SECRET
+        // (audit Tier 4 #22 rotates per-install). Drop the stale token and
+        // bounce the user to login — the previous behavior just threw and
+        // left the dashboard stuck on a blank state. Audit Tier 2 residual.
+        if (typeof window !== "undefined") {
+          try {
+            localStorage.removeItem("proxmenux-auth-token")
+          } catch {
+            // localStorage might be unavailable in private browsing — ignore.
+          }
+          // Avoid redirect loops if we're already on the auth page.
+          const path = window.location.pathname
+          if (!path.startsWith("/auth") && !path.startsWith("/login")) {
+            window.location.assign("/")
+          }
+        }
         throw new Error(`Unauthorized: ${endpoint}`)
       }
       throw new Error(`API request failed: ${response.status} ${response.statusText}`)

AppImage/lib/health-thresholds.ts

@@ -0,0 +1,147 @@
+// Shared accessor for the user-configurable health thresholds.
+//
+// The backend exposes the full tree at `GET /api/health/thresholds`.
+// Several frontend components need *just* the disk-temperature pair
+// per drive class to color badges, chart bands, and SVG bands in the
+// SMART report — copy-pasting the numbers around led to two
+// inconsistent versions diverging from the backend (see Sprint 14.5).
+//
+// This module memoises the last fetched payload (TTL 30s) and exposes:
+//
+//   * `getDiskTempThresholdsSync(diskType)` — synchronous read with a
+//     conservative fallback to the backend defaults. Safe to call from
+//     anywhere, including a render path that can't await.
+//   * `loadDiskTempThresholds()` — async fetch + cache update. Returns
+//     the cached map; call once on mount of any component that uses
+//     the sync getter to ensure the cache is warm.
+//   * `useDiskTempThresholds()` — React hook that fires the fetch on
+//     mount, re-renders when fresh data arrives, and returns the
+//     current map (defaults until the first fetch lands).
+//
+// The cache is shared across components so opening multiple disk
+// modals in quick succession doesn't re-hit the API for each.
+
+import { useEffect, useState } from "react"
+import { fetchApi } from "./api-config"
+
+export type DiskClass = "HDD" | "SSD" | "NVMe" | "SAS"
+
+export interface DiskTempThreshold {
+  warn: number
+  hot: number
+}
+
+export type DiskTempMap = Record<DiskClass, DiskTempThreshold>
+
+// Fallback values when the API hasn't responded yet (or fails). These
+// match the recommended defaults baked into `health_thresholds.py`.
+// Keeping them duplicated here is intentional: the alternative is
+// blocking every render until the API comes back, which is worse UX.
+export const DEFAULT_DISK_TEMP: DiskTempMap = {
+  HDD: { warn: 60, hot: 65 },
+  SSD: { warn: 70, hot: 75 },
+  NVMe: { warn: 80, hot: 85 },
+  SAS: { warn: 55, hot: 65 },
+}
+
+const CACHE_TTL_MS = 30_000
+
+// Module-level cache — shared by every component that imports this.
+let cached: DiskTempMap = DEFAULT_DISK_TEMP
+let cachedAt = 0
+let inflight: Promise<DiskTempMap> | null = null
+
+// Subscribers are notified when a fresh fetch lands, so the
+// `useDiskTempThresholds` hook can re-render. Plain JS pub/sub —
+// nothing fancier needed here.
+const subscribers = new Set<(map: DiskTempMap) => void>()
+
+interface ApiThresholdsResponse {
+  success: boolean
+  thresholds?: {
+    disk_temperature?: {
+      hdd?: { warning?: { value: number }; critical?: { value: number } }
+      ssd?: { warning?: { value: number }; critical?: { value: number } }
+      nvme?: { warning?: { value: number }; critical?: { value: number } }
+      sas?: { warning?: { value: number }; critical?: { value: number } }
+    }
+  }
+}
+
+function pick(node: any, key: string, fallback: number): number {
+  const v = node?.[key]?.value
+  return typeof v === "number" && isFinite(v) ? v : fallback
+}
+
+function parse(payload: ApiThresholdsResponse): DiskTempMap {
+  const dt = payload?.thresholds?.disk_temperature
+  if (!dt) return { ...DEFAULT_DISK_TEMP }
+  return {
+    HDD: {
+      warn: pick(dt.hdd, "warning", DEFAULT_DISK_TEMP.HDD.warn),
+      hot: pick(dt.hdd, "critical", DEFAULT_DISK_TEMP.HDD.hot),
+    },
+    SSD: {
+      warn: pick(dt.ssd, "warning", DEFAULT_DISK_TEMP.SSD.warn),
+      hot: pick(dt.ssd, "critical", DEFAULT_DISK_TEMP.SSD.hot),
+    },
+    NVMe: {
+      warn: pick(dt.nvme, "warning", DEFAULT_DISK_TEMP.NVMe.warn),
+      hot: pick(dt.nvme, "critical", DEFAULT_DISK_TEMP.NVMe.hot),
+    },
+    SAS: {
+      warn: pick(dt.sas, "warning", DEFAULT_DISK_TEMP.SAS.warn),
+      hot: pick(dt.sas, "critical", DEFAULT_DISK_TEMP.SAS.hot),
+    },
+  }
+}
+
+export async function loadDiskTempThresholds(force = false): Promise<DiskTempMap> {
+  const now = Date.now()
+  if (!force && cachedAt && now - cachedAt < CACHE_TTL_MS) return cached
+  if (inflight) return inflight
+  inflight = (async () => {
+    try {
+      const res = await fetchApi<ApiThresholdsResponse>("/api/health/thresholds")
+      if (res?.success) {
+        cached = parse(res)
+        cachedAt = Date.now()
+        subscribers.forEach((cb) => cb(cached))
+      }
+    } catch {
+      // Leave previous cache in place; defaults are good enough.
+    } finally {
+      inflight = null
+    }
+    return cached
+  })()
+  return inflight
+}
+
+export function getDiskTempThresholdsSync(diskType: string | undefined): DiskTempThreshold {
+  const t = (diskType || "").toUpperCase()
+  if (t === "HDD") return cached.HDD
+  if (t === "SSD") return cached.SSD
+  if (t === "NVME") return cached.NVMe
+  if (t === "SAS") return cached.SAS
+  // Unknown class — assume SSD-ish numbers (mid-range).
+  return cached.SSD
+}
+
+/** React hook: triggers a load on mount, re-renders on cache update. */
+export function useDiskTempThresholds(): DiskTempMap {
+  const [map, setMap] = useState<DiskTempMap>(cached)
+  useEffect(() => {
+    let alive = true
+    const sub = (m: DiskTempMap) => { if (alive) setMap(m) }
+    subscribers.add(sub)
+    loadDiskTempThresholds().then((m) => { if (alive) setMap(m) })
+    return () => { alive = false; subscribers.delete(sub) }
+  }, [])
+  return map
+}
+
+/** Imperative invalidate — call after the user saves new thresholds. */
+export function invalidateDiskTempThresholdsCache() {
+  cachedAt = 0
+}

AppImage/lib/terminal-clipboard.ts

@@ -0,0 +1,127 @@
+/**
+ * Clipboard helpers for the web terminals.
+ *
+ * Mobile browsers (iOS Safari, Android Chrome) don't expose xterm.js's text
+ * selection / clipboard the same way desktop does, and the mobile toolbar
+ * around our terminals doesn't include explicit copy/paste keys. The helpers
+ * below give the toolbar a robust path that:
+ *   - Uses the modern async Clipboard API on HTTPS / localhost.
+ *   - Falls back to a hidden <textarea> + document.execCommand on plain HTTP
+ *     (where the async API is gated by the secure-context requirement).
+ *   - Surfaces a user-visible cue (no toast manager in this stack yet) by
+ *     returning a result the caller can react to.
+ */
+
+// xterm.js is imported dynamically by the terminal components and the
+// `term` field is typed `any` there. We mirror that here with a minimal
+// structural type so this helper has no hard dependency on @xterm/xterm.
+type XtermLike = { getSelection?: () => string }
+
+export type ClipboardResult = {
+  ok: boolean
+  /** Bytes / chars copied (only meaningful on copy). */
+  length?: number
+  /** Best-effort error string for logging — never surfaced verbatim to the user. */
+  error?: string
+}
+
+/**
+ * Copies the current xterm selection to the clipboard. If there is no active
+ * selection, returns ok=false with length=0 so the caller can decide whether to
+ * show a "select text first" hint.
+ */
+export async function copyTerminalSelection(term: XtermLike | null | undefined): Promise<ClipboardResult> {
+  const text = term?.getSelection?.() ?? ""
+  if (!text) {
+    return { ok: false, length: 0, error: "no-selection" }
+  }
+  return copyText(text)
+}
+
+/**
+ * Reads text from the clipboard and feeds it to the terminal via `sendFn`.
+ * The `sendFn` is the WebSocket sender (or any fn that takes a string and
+ * pushes it to the remote PTY). Any newlines remain intact so that pasting
+ * a multi-line block triggers as Enter on each line — same as desktop xterm.
+ *
+ * Mobile users on plain HTTP (the common case for this dashboard — accessed
+ * via `http://<host>:8008` from an iPad/phone on the LAN) hit two layers of
+ * blocking:
+ *   1. `window.isSecureContext` is false on plain HTTP, so the legacy code
+ *      skipped the async API and surfaced a silent error.
+ *   2. There is no `execCommand('paste')` equivalent that works portably.
+ *
+ * The fix here:
+ *   - Attempt `navigator.clipboard.readText()` even when not secure-context;
+ *     many modern browsers permit it on localhost/LAN with user gesture, and
+ *     when they don't they throw, which falls through cleanly.
+ *   - If that fails / returns empty, fall back to `window.prompt()`. The
+ *     native prompt accepts a long-press paste from the OS clipboard on
+ *     every mobile platform, so the user can finish the paste manually
+ *     with one extra tap. Empty / cancelled prompt returns ok=false.
+ */
+export async function pasteFromClipboard(
+  sendFn: (text: string) => void,
+): Promise<ClipboardResult> {
+  // Path 1 — async Clipboard API. Try regardless of `isSecureContext` so
+  // browsers that allow it on LAN-HTTP (Chrome on Android, Firefox) can
+  // succeed. Throws on iOS Safari / strict configurations — we fall through.
+  try {
+    if (typeof navigator !== "undefined" && navigator.clipboard?.readText) {
+      const text = await navigator.clipboard.readText()
+      if (text) {
+        sendFn(text)
+        return { ok: true, length: text.length }
+      }
+    }
+  } catch {
+    // Permission denied / not focused / insecure context — fall through to prompt().
+  }
+
+  // Path 2 — `window.prompt()` fallback. Universally supported, accepts a
+  // long-press paste from the system clipboard, and works over plain HTTP.
+  // This is the path mobile users without HTTPS rely on.
+  try {
+    const text = typeof window !== "undefined"
+      ? window.prompt("Paste content for the terminal:", "")
+      : null
+    if (text) {
+      sendFn(text)
+      return { ok: true, length: text.length }
+    }
+    return { ok: false, error: "user-cancelled" }
+  } catch (e) {
+    return { ok: false, error: e instanceof Error ? e.message : "prompt-failed" }
+  }
+}
+
+async function copyText(text: string): Promise<ClipboardResult> {
+  // Preferred path: async Clipboard API on HTTPS / localhost.
+  try {
+    if (typeof navigator !== "undefined" && navigator.clipboard && window.isSecureContext) {
+      await navigator.clipboard.writeText(text)
+      return { ok: true, length: text.length }
+    }
+  } catch {
+    // fall through
+  }
+  // Legacy fallback: hidden textarea + execCommand("copy"). Works on plain HTTP
+  // where the async API is blocked by the secure-context gate.
+  try {
+    const textarea = document.createElement("textarea")
+    textarea.value = text
+    textarea.style.position = "fixed"
+    textarea.style.left = "-9999px"
+    textarea.style.top = "-9999px"
+    textarea.style.opacity = "0"
+    textarea.readOnly = true
+    document.body.appendChild(textarea)
+    textarea.focus()
+    textarea.select()
+    const ok = document.execCommand("copy")
+    document.body.removeChild(textarea)
+    return ok ? { ok: true, length: text.length } : { ok: false, error: "execCommand-failed" }
+  } catch (e) {
+    return { ok: false, error: e instanceof Error ? e.message : "fallback-failed" }
+  }
+}

AppImage/lib/terminal-ws.ts

@@ -0,0 +1,47 @@
+/**
+ * Helpers for opening WebSocket connections that require a single-use ticket.
+ *
+ * The browser WebSocket API does not allow custom request headers, so the JWT
+ * Bearer token used for REST calls cannot be sent on the handshake. Instead we
+ * POST to /api/terminal/ticket (which does require the Bearer token), receive
+ * a one-shot ticket with TTL ~5s, and append it to the WebSocket URL as a
+ * query parameter. The backend consumes the ticket atomically on handshake.
+ *
+ * See AppImage/scripts/flask_terminal_routes.py — `_issue_terminal_ticket`,
+ * `_consume_terminal_ticket`, `_ws_auth_check`.
+ */
+
+import { fetchApi } from "@/lib/api-config"
+
+type TicketResponse = {
+  success?: boolean
+  ticket?: string
+  ttl_seconds?: number
+}
+
+/**
+ * Fetch a one-shot terminal ticket from the backend. Returns the ticket string
+ * or null if the call fails. Callers should treat null as "open without ticket"
+ * — the backend's _ws_auth_check still accepts unticketed handshakes when auth
+ * is disabled or declined, so a fresh-install / no-auth setup keeps working.
+ */
+export async function fetchTerminalTicket(): Promise<string | null> {
+  try {
+    const res = await fetchApi<TicketResponse>("/api/terminal/ticket", { method: "POST" })
+    return typeof res?.ticket === "string" && res.ticket.length > 0 ? res.ticket : null
+  } catch {
+    return null
+  }
+}
+
+/**
+ * Take a base WebSocket URL (e.g. "ws://host:8008/ws/terminal") and return a
+ * URL with `?ticket=<value>` appended. If the ticket fetch fails the original
+ * URL is returned unchanged so the handshake can still succeed in unauth mode.
+ */
+export async function getTicketedWsUrl(baseUrl: string): Promise<string> {
+  const ticket = await fetchTerminalTicket()
+  if (!ticket) return baseUrl
+  const sep = baseUrl.includes("?") ? "&" : "?"
+  return `${baseUrl}${sep}ticket=${encodeURIComponent(ticket)}`
+}