Add Ed25519 Keypair Generation to GUI login & Account Key Auth for room commands#67
Merged
Add Ed25519 Keypair Generation to GUI login & Account Key Auth for room commands#67
Conversation
Add get_public_key_registered() and set_public_key_registered() to track whether the local Ed25519 public key has been registered with the signaling server. Also update save_private_key_b64() to reset the flag when a new key is saved, since the new key needs registration. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds an idempotent helper that generates an Ed25519 keypair if none exists locally and registers the public key with the signaling server. Safe to call on every login; does not raise on failure so registration is retried on the next login attempt. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Wire the Ed25519 keypair registration helper into login() so that after saving the JWT, the local keypair is ensured and registered with the server. The call is non-fatal: if registration fails, login still succeeds and registration will retry on next login. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace inline Ed25519 keypair generation and registration logic in the CLI login command with a call to the shared _ensure_keypair_registered() helper from sleap_rtc.api. This deduplicates the keypair management code between the GUI API and CLI paths while preserving identical behavior. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace direct get_jwt() + requests calls with the shared _key_request() helper in all room subcommands (list, create, info, delete, invite, join). This allows users with only an account key (no JWT) to use room commands. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
After creating or joining a room, the user is prompted to set it as their default room. Workers use the default room when --room is not specified, simplifying the workflow for account-key-only setups. Also updates room create "Next steps" text to reflect current account key workflow instead of legacy token-based instructions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix black formatting in cli.py (line length) - Replace Ed25519 mention with "encrypted end-to-end" in account keys warning - Update Workers Modal empty state to show account-key command with room ID - Update dashboard "About" section: token references → account key commands - Update CLI reference: token create → key create --save Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
alicup29
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The CLI login (
sleap-rtc login) generates an Ed25519 keypair and registers the public key with the signaling server for P2P data channel authentication. The GUI login (api.login()) did not — it only saved the JWT. This meant GUI users couldn't authenticate on WebRTC data channels when connecting to workers.This PR closes that gap and makes several related improvements:
api.login()now generates Ed25519 keypairs — the same way the CLI does, via a shared_ensure_keypair_registered()helperlist,create,info,delete,invite,join) now use_key_request()instead of requiring a JWT, so headless workers with only an account key can manage roomsroom createandroom joinnow prompt the user to set the room as their default, simplifying worker startup (no--roomflag needed)Changes
sleap_rtc/api.py_ensure_keypair_registered(auth_token, device_name)helper — generates Ed25519 keypair if missing, registers public key with server, tracks registration state viapublic_key_registeredflaglogin()(non-fatal: silently retries on next login if registration fails)sleap_rtc/auth/credentials.pyget_public_key_registered()/set_public_key_registered()for tracking server registration statesave_private_key_b64()now resetspublic_key_registered = Falsewhen a new key is savedsleap_rtc/cli.pyloginto use shared_ensure_keypair_registered()instead of inline keypair logicget_jwt()+requests.get/post/deleteto_key_request()(account key with JWT fallback)room createandroom joinroom create"Next steps" text to reflect account key workflowsleap_rtc/gui/widgets.pyWorkerSetupDialogquickstart: account key setup via Dashboard or CLI, mount registration, worker command with--account-keyTests
tests/auth/test_credentials.py— 6 tests forpublic_key_registeredflag (default, roundtrip, reset on new key, preserves other creds)tests/test_api.py— 7 tests for_ensure_keypair_registered()+ 2 tests for login integration (calls helper, succeeds even if registration fails)Test plan
uv run pytest tests/ -v --timeout=30 -x)sleap-rtc loginfrom CLI still generates keypair and registerssleap-rtc room listworks with account key (no JWT needed)room createprompts to set default room🤖 Generated with Claude Code