Merge pull request CryptoGnome#13 from CryptoGnome/claude/issue-5-20250928-1133

Fix configuration persistence and dashboard authentication issues

Author: CryptoGnome

src/app/api/auth/check/route.ts

@@ -0,0 +1,17 @@
+import { NextResponse } from 'next/server';
+import { configLoader } from '@/lib/config/configLoader';
+
+export async function GET() {
+  try {
+    // Load config to check if password is set
+    const config = await configLoader.loadConfig();
+    const dashboardPassword = config.global?.server?.dashboardPassword;
+
+    return NextResponse.json({
+      passwordRequired: !!dashboardPassword && dashboardPassword.length > 0,
+    });
+  } catch (error) {
+    console.error('Failed to check auth status:', error);
+    return NextResponse.json({ passwordRequired: false });
+  }
+}

src/app/api/auth/logout/route.ts

@@ -3,8 +3,9 @@ import { NextRequest, NextResponse } from 'next/server';
 export async function POST(_request: NextRequest) {
   const response = NextResponse.json({ success: true });
 
-  // Delete the auth cookie
+  // Delete the auth cookies
   response.cookies.delete('auth-token');
+  response.cookies.delete('password-required');
 
   return response;
 }

src/components/AuthCheck.tsx

@@ -0,0 +1,42 @@
+'use client';
+
+import { useEffect } from 'react';
+import { useRouter } from 'next/navigation';
+
+export function AuthCheck() {
+  const router = useRouter();
+
+  useEffect(() => {
+    const checkAuth = async () => {
+      try {
+        // Check if password is required
+        const response = await fetch('/api/auth/check');
+        const data = await response.json();
+
+        // Set cookie to indicate if password is required
+        if (data.passwordRequired) {
+          document.cookie = 'password-required=true; path=/; max-age=86400'; // 24 hours
+
+          // Check if we have a valid auth token
+          const authToken = document.cookie
+            .split('; ')
+            .find(row => row.startsWith('auth-token='));
+
+          if (!authToken) {
+            // No auth token, redirect to login
+            router.push('/login?redirect=' + encodeURIComponent(window.location.pathname));
+          }
+        } else {
+          // No password required, clear the cookie
+          document.cookie = 'password-required=false; path=/; max-age=86400';
+        }
+      } catch (error) {
+        console.error('Failed to check auth status:', error);
+      }
+    };
+
+    checkAuth();
+  }, [router]);
+
+  return null; // This component doesn't render anything
+}

src/components/ConfigProvider.tsx

@@ -64,7 +64,9 @@ export default function ConfigProvider({ children }: { children: React.ReactNode
           server: {
             dashboardPassword: "",
             dashboardPort: 3000,
-            websocketPort: 8080
+            websocketPort: 8080,
+            useRemoteWebSocket: false,
+            websocketHost: null
           }
         },
         version: "1.1.0"

src/components/dashboard-layout.tsx

@@ -14,6 +14,7 @@ import { Separator } from "@/components/ui/separator"
 import { Button } from "@/components/ui/button"
 import { LogOut } from "lucide-react"
 import { useConfig } from "@/components/ConfigProvider"
+import { AuthCheck } from "@/components/AuthCheck"
 
 interface DashboardLayoutProps {
   children: React.ReactNode
@@ -42,7 +43,9 @@ export function DashboardLayout({ children }: DashboardLayoutProps) {
   };
 
   return (
-    <SidebarProvider>
+    <>
+      <AuthCheck />
+      <SidebarProvider>
       <AppSidebar />
       <SidebarInset>
         <header className="flex h-12 shrink-0 items-center gap-2 border-b px-4">
@@ -123,6 +126,7 @@ export function DashboardLayout({ children }: DashboardLayoutProps) {
           {children}
         </main>
       </SidebarInset>
-    </SidebarProvider>
+      </SidebarProvider>
+    </>
   )
 }

src/hooks/useWebSocketUrl.ts

@@ -8,9 +8,9 @@ export function useWebSocketUrl() {
     fetch('/api/config')
       .then(res => res.json())
       .then(data => {
-        const port = data.config?.global?.server?.websocketPort || 8080;
-        const useRemoteWebSocket = data.config?.global?.server?.useRemoteWebSocket || false;
-        const configHost = data.config?.global?.server?.websocketHost;
+        const port = data.global?.server?.websocketPort || 8080;
+        const useRemoteWebSocket = data.global?.server?.useRemoteWebSocket || false;
+        const configHost = data.global?.server?.websocketHost;
 
         // Determine the host based on configuration
         let host = 'localhost'; // default

src/lib/config/defaults.ts

@@ -44,6 +44,13 @@ export const DEFAULT_CONFIG: Config = {
     paperMode: true,
     positionMode: 'HEDGE',
     maxOpenPositions: 10,
+    server: {
+      dashboardPassword: '',
+      dashboardPort: 3000,
+      websocketPort: 8080,
+      useRemoteWebSocket: false,
+      websocketHost: null,
+    },
   },
   version: DEFAULT_CONFIG_VERSION,
 };

src/lib/config/migrator.ts

@@ -129,6 +129,18 @@ export function addMissingFields(userConfig: any, defaultConfig: any): any {
       if (!(field in result.global)) {
         result.global[field] = defaultConfig.global[field];
         console.log(`Added missing global field: ${field}`);
+      } else if (field === 'server' && typeof defaultConfig.global[field] === 'object' && typeof result.global[field] === 'object') {
+        // Merge server config nested fields
+        const defaultServer = defaultConfig.global.server;
+        const userServer = result.global.server || {};
+        result.global.server = { ...defaultServer, ...userServer };
+
+        // Log any new server fields that were added
+        for (const serverField in defaultServer) {
+          if (!(serverField in userServer)) {
+            console.log(`Added missing server field: ${serverField}`);
+          }
+        }
       }
     }
   }

src/lib/config/types.ts

@@ -44,6 +44,8 @@ export const serverConfigSchema = z.object({
   dashboardPassword: z.string().optional(),
   dashboardPort: z.number().optional(),
   websocketPort: z.number().optional(),
+  useRemoteWebSocket: z.boolean().optional(),
+  websocketHost: z.string().nullable().optional(),
 }).optional();
 
 export const globalConfigSchema = z.object({

src/middleware.ts

@@ -1,7 +1,7 @@
 import { NextResponse } from 'next/server';
 import type { NextRequest } from 'next/server';
 
-const PUBLIC_PATHS = ['/login', '/api/auth', '/api/health'];
+const PUBLIC_PATHS = ['/login', '/api/auth', '/api/health', '/api/config'];
 
 export async function middleware(request: NextRequest) {
   const pathname = request.nextUrl.pathname;
@@ -13,27 +13,24 @@ export async function middleware(request: NextRequest) {
 
   // Check for authentication cookie
   const authCookie = request.cookies.get('auth-token');
+  const passwordSetCookie = request.cookies.get('password-required');
 
-  // Check if this looks like a valid auth token (basic validation)
-  // Real validation happens in the API routes
+  // If we have a valid auth token, allow access
   if (authCookie && authCookie.value && authCookie.value.startsWith('YXV0aGVudGljYXRlZDo')) {
     return NextResponse.next();
   }
 
-  // Check if we're in development mode (no auth required)
-  if (process.env.NODE_ENV === 'development' && !authCookie) {
-    // In development, only redirect if there's evidence a password was set
-    // This is determined by the presence of a redirect parameter from a previous attempt
-    const hasRedirect = request.nextUrl.searchParams.get('redirect');
-    if (!hasRedirect) {
-      return NextResponse.next();
-    }
+  // Check if password is required (based on cookie set by config check)
+  if (passwordSetCookie && passwordSetCookie.value === 'true') {
+    // Password is required but no valid auth token, redirect to login
+    const loginUrl = new URL('/login', request.url);
+    loginUrl.searchParams.set('redirect', pathname);
+    return NextResponse.redirect(loginUrl);
   }
 
-  // Redirect to login page
-  const loginUrl = new URL('/login', request.url);
-  loginUrl.searchParams.set('redirect', pathname);
-  return NextResponse.redirect(loginUrl);
+  // No password required or not yet determined, allow access
+  // The client will check and set the password-required cookie if needed
+  return NextResponse.next();
 }
 
 export const config = {