feat: enhanced settings popup — password, token, log level, retention#347
Conversation
|
Consolidated review — Elena, Milo, Clementine 🔴 Fix before merge1. Timing-safe password comparison ( if not hmac.compare_digest(current, auth_state.admin_password):
2. Backend minimum password length if len(new_password) < 4:
return {"error": "Password too short"}, 400🟡 Recommended3. Retention floor in @success_max.setter
def success_max(self, value: int) -> None:
self._success_max = max(50000, value)4. Countdown font rendering .settings-token-row .countdown {
font-family: var(--sans, system-ui, sans-serif);
}
.settings-token-row .countdown .countdown-time {
font-family: var(--mono);
font-variant-numeric: tabular-nums;
}🟢 Low priority5. Inline style cleanup — token row and rotate select have inline ✅ Previously raised (Jun 29), now resolved
✅ What's solid
|
Replace == / != with hmac.compare_digest in: - admin_login: password verification - change_password: current password verification - check_admin_auth: admin token verification Prevents timing side-channel attacks on auth credentials. Follow-up to review on #347.
Settings popup expanded from 2 to 7 operational controls: - Admin password change (current password required, rate-limited) - Admin token copy + force-rotate + auto-rotate countdown (configurable 5/15/30/60 min, monospace digits with CJK text) - Log level selector (Normal / Verbose / Debug with bodies) - Auto-refresh interval (1s-30s or off, localStorage) - Credential visibility toggle - Log retention caps (success min 50k, error min 5k) Backend: - AuthState: _recalculate_admin_token(), rotate_internal_token(), change_password() with timing-safe comparisons - PUT /admin/api/config/password — rate-limited password change - POST /admin/api/token/rotate — ephemeral token rotation - PUT /admin/api/config/server — extended for credential_visible, request_log caps, verbose, log_bodies with backend floor guards - _sync_auth_middleware: syncs admin password on hot-reload - _reload_gateway_config: hot-reloads log level + retention caps - PersistenceManager: success_max/error_max setters CLI: - llm-rosetta-gateway set-password — forgot-password recovery (no current password, interactive getpass, min 4 chars) Full bilingual i18n (en/zh) for all new strings.
bdf3979 to
6bd2f31
Compare
Summary
Expanded the Settings popup from 2 items (theme/language) to 7 operational controls, plus admin token management and password change.
New features
PUT /admin/api/config/password— rate-limited, hot-reloadsPOST /admin/api/token/rotate— new internal_token + recalculated admin_tokenPUT /admin/api/config/server, hot-reloadssetup_logging()localStoragePUT /admin/api/config/serverPUT /admin/api/config/server, hot-reloadsPersistenceManagercapsllm-rosetta-gateway set-passwordBackend changes
AuthState: added_recalculate_admin_token(),rotate_internal_token(),change_password()methods (refactored from inline HMAC)_sync_auth_middleware(): now syncs admin password on config hot-reload_reload_gateway_config(): hot-reloads log level + retention capsPersistenceManager: addedsuccess_max/error_maxsettersGET /admin/api/config: now includesdebugsection in responseTest plan
ruff check+ruff format+ty checkall passllm-rosetta-gateway set-password