fix: auth bypass, SPA serving, and provider improvements (#97)

* feat(chat): polish syntax highlighting and tool payload rendering (#94) * [verified] feat(chat): polish syntax highlighting and tool payload rendering * [verified] fix(chat): tighten large tool payload rendering * docs: update data volume path in Docker docs Align documentation with docker-compose.yml change: hermes-web-ui-data -> hermes-web-ui, /app/dist/data -> /root/.hermes-web-ui Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: bundle server build and restructure service modules - Add build-server.mjs script for standalone server compilation - Add logger service with structured output - Restructure auth, gateway-manager, hermes-cli, hermes services - Update docker-compose volume mount path - Update tsconfig and entry point for bundled server Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: separate controllers from routes and centralize route registration - Extract business logic from route handlers into controllers/ - Add centralized route registry in routes/index.ts with public/auth/protected layers - Replace global auth whitelist with sequential middleware registration - Extract shared helpers to services/config-helpers.ts - Allow custom provider name to be user-editable in ProviderFormModal - Deduplicate custom providers by poolKey instead of base_url in getAvailable Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: auth bypass via path case, SPA serving, and provider improvements - Fix auth bypass: path case-insensitive check for /api, /v1, /upload - Fix SPA returning 401: skip auth for non-API paths (static files) - Fix profile switch: use local loading state instead of shared store ref - Auto-append /v1 to base_url when fetching models (frontend + backend) - Guard .env writing to built-in providers only - Add builtin field to provider presets, enable base_url input in form - Print auth token to console on startup (pino only writes to file) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Zhicheng Han <43314240+hanzckernel@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-21 12:35:48 +08:00
parent 21296a416b
commit 477af66232
65 changed files with 2743 additions and 2621 deletions
@@ -62,11 +62,11 @@ AUTH_DISABLED=false
 | Path | Description |
 |---|---|
 | `${HERMES_DATA_DIR}` (`./hermes_data`) | Hermes runtime data (sessions, config, profiles) |
-| `${HERMES_DATA_DIR}/hermes-web-ui-data` | Web UI data (auth token) |
+| `${HERMES_DATA_DIR}/hermes-web-ui` | Web UI data (auth token, etc.) |

 - Hermes data persists in `./hermes_data`, mapped to `/home/agent/.hermes` in the container.
- Web UI auth token persists in `./hermes_data/hermes-web-ui-data/.token`.
- When `AUTH_DISABLED=false`, the token is auto-generated on first run and printed to container logs.
+- Web UI data persists in `./hermes_data/hermes-web-ui/`, mapped to `/root/.hermes-web-ui` in the container.
+- When `AUTH_DISABLED=false`, the auth token is auto-generated on first run and printed to container logs.
 - Deleting the token file and restarting will generate a new one.

 ## Port Mapping
@@ -96,7 +96,7 @@ View auth token:
 ```bash
 docker compose logs hermes-webui | grep token
 # or
-cat ./hermes_data/hermes-web-ui-data/.token
+cat ./hermes_data/hermes-web-ui/.token
 ```

 Stop: