Skip to content

Add WebUI and multi account manage #196

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
StarryKira wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Add WebUI and multi account manage #196

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
4631464
增加WebUI
StarryKira Feb 12, 2026
edee63f
增加鉴权,修复bug
StarryKira Feb 13, 2026
d584cd0
增加鉴权,修复bug
StarryKira Feb 13, 2026
629bcdc
增加账号轮转
StarryKira Feb 15, 2026
c361511
增加账号轮转
StarryKira Feb 16, 2026
486bab8
完善功能
StarryKira Feb 16, 2026
7f07915
完善功能
StarryKira Feb 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,6 @@ tests/
*.md

.eslintcache

web/node_modules
web/dist
10 changes: 10 additions & 0 deletions .idea/.gitignore
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

59 changes: 59 additions & 0 deletions .idea/codeStyles/Project.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions .idea/codeStyles/codeStyleConfig.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions .idea/copilot-api.iml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions .idea/inspectionProfiles/Project_Default.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions .idea/modules.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions .idea/vcs.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

39 changes: 39 additions & 0 deletions Dockerfile.console
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
# Stage 1: Build frontend
FROM node:22-alpine AS web-builder
WORKDIR /app/web

COPY web/package.json ./
RUN npm install

COPY web/ ./
RUN npm run build

# Stage 2: Build backend
FROM oven/bun:1.2.19-alpine AS builder
WORKDIR /app

COPY package.json bun.lock ./
RUN bun install --frozen-lockfile

COPY . .

# Stage 3: Runtime
FROM oven/bun:1.2.19-alpine
WORKDIR /app

COPY package.json bun.lock ./
RUN bun install --frozen-lockfile --production --ignore-scripts --no-cache

COPY --from=builder /app/src ./src
COPY --from=builder /app/tsconfig.json ./
COPY --from=web-builder /app/web/dist ./web/dist

EXPOSE 3000 4141

VOLUME /root/.local/share/copilot-api

HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
CMD wget --spider -q http://localhost:3000/api/config || exit 1

ENTRYPOINT ["bun", "run", "./src/main.ts", "console"]
CMD ["--web-port", "3000", "--proxy-port", "4141"]
1 change: 1 addition & 0 deletions bun.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions eslint.config.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,5 @@ export default config({
prettier: {
plugins: ["prettier-plugin-packagejson"],
},
ignores: ["web/**"],
})
102 changes: 102 additions & 0 deletions src/console/account-store.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
import crypto from "node:crypto"
import fs from "node:fs/promises"
import path from "node:path"

import { PATHS } from "~/lib/paths"

export interface Account {
id: string
name: string
githubToken: string
accountType: string
apiKey: string
enabled: boolean
createdAt: string
}

export interface AccountStore {
accounts: Array<Account>
}

const STORE_PATH = path.join(PATHS.APP_DIR, "accounts.json")

function generateApiKey(): string {
return `cpa-${crypto.randomBytes(16).toString("hex")}`
}

async function readStore(): Promise<AccountStore> {
try {
const data = await fs.readFile(STORE_PATH)
return JSON.parse(data) as AccountStore
} catch {
return { accounts: [] }
}
}

async function writeStore(store: AccountStore): Promise<void> {
await fs.writeFile(STORE_PATH, JSON.stringify(store, null, 2))
Copy link

Copilot AI Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

writeStore writes accounts.json without setting restrictive file permissions. Since this file contains long-lived secrets (GitHub tokens + API keys), it should be created/maintained with mode 0o600 similar to ensureFile() in src/lib/paths.ts. Consider writing with { mode: 0o600 } and/or calling fs.chmod after write when needed.

Suggested change
await fs.writeFile(STORE_PATH, JSON.stringify(store, null, 2))
await fs.writeFile(STORE_PATH, JSON.stringify(store, null, 2), {
mode: 0o600,
})
// Ensure permissions are restrictive even if the file already existed
await fs.chmod(STORE_PATH, 0o600).catch(() => {})

Copilot uses AI. Check for mistakes.
}

export async function getAccounts(): Promise<Array<Account>> {
const store = await readStore()
return store.accounts
}

export async function getAccount(id: string): Promise<Account | undefined> {
const store = await readStore()
return store.accounts.find((a) => a.id === id)
}

export async function getAccountByApiKey(
apiKey: string,
): Promise<Account | undefined> {
const store = await readStore()
return store.accounts.find((a) => a.apiKey === apiKey)
}

export async function addAccount(
account: Omit<Account, "id" | "createdAt" | "apiKey">,
): Promise<Account> {
const store = await readStore()
const newAccount: Account = {
...account,
id: crypto.randomUUID(),
apiKey: generateApiKey(),
createdAt: new Date().toISOString(),
}
store.accounts.push(newAccount)
await writeStore(store)
return newAccount
}

export async function updateAccount(
id: string,
updates: Partial<Omit<Account, "id" | "createdAt" | "apiKey">>,
): Promise<Account | undefined> {
const store = await readStore()
const index = store.accounts.findIndex((a) => a.id === id)
if (index === -1) return undefined
store.accounts[index] = { ...store.accounts[index], ...updates }
await writeStore(store)
return store.accounts[index]
}

export async function deleteAccount(id: string): Promise<boolean> {
const store = await readStore()
const index = store.accounts.findIndex((a) => a.id === id)
if (index === -1) return false
store.accounts.splice(index, 1)
await writeStore(store)
return true
}

export async function regenerateApiKey(
id: string,
): Promise<Account | undefined> {
const store = await readStore()
const index = store.accounts.findIndex((a) => a.id === id)
if (index === -1) return undefined
store.accounts[index] = { ...store.accounts[index], apiKey: generateApiKey() }
await writeStore(store)
return store.accounts[index]
}
92 changes: 92 additions & 0 deletions src/console/admin-auth.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
import crypto from "node:crypto"
import fs from "node:fs/promises"
import path from "node:path"

import { PATHS } from "~/lib/paths"

interface AdminCredentials {
username: string
passwordHash: string
}

interface AdminStore {
credentials: AdminCredentials | null
sessions: Array<{ token: string; createdAt: string }>
}

const STORE_PATH = path.join(PATHS.APP_DIR, "admin.json")
const SESSION_TTL_MS = 7 * 24 * 60 * 60 * 1000 // 7 days

async function readStore(): Promise<AdminStore> {
try {
const data = await fs.readFile(STORE_PATH)
return JSON.parse(data) as AdminStore
} catch {
return { credentials: null, sessions: [] }
}
}

async function writeStore(store: AdminStore): Promise<void> {
await fs.writeFile(STORE_PATH, JSON.stringify(store, null, 2))
Comment on lines +29 to +30
Copy link

Copilot AI Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

writeStore persists admin.json (password hash + active session tokens) without setting restrictive permissions. For parity with how github_token is protected (chmod 0o600), ensure admin.json is created/written with mode 0o600 (and consider tightening directory perms as well).

Suggested change
async function writeStore(store: AdminStore): Promise<void> {
await fs.writeFile(STORE_PATH, JSON.stringify(store, null, 2))
async function ensureStoreDirSecure(): Promise<void> {
const dir = path.dirname(STORE_PATH)
await fs.mkdir(dir, { recursive: true, mode: 0o700 })
}
async function writeStore(store: AdminStore): Promise<void> {
await ensureStoreDirSecure()
await fs.writeFile(STORE_PATH, JSON.stringify(store, null, 2), {
mode: 0o600,
})
await fs.chmod(STORE_PATH, 0o600)

Copilot uses AI. Check for mistakes.
}

export async function isSetupRequired(): Promise<boolean> {
const store = await readStore()
return store.credentials === null
}

export async function setupAdmin(
username: string,
password: string,
): Promise<string> {
const store = await readStore()
if (store.credentials !== null) {
throw new Error("Admin already configured")
}
const passwordHash = await Bun.password.hash(password)
const token = generateSessionToken()
store.credentials = { username, passwordHash }
store.sessions = [{ token, createdAt: new Date().toISOString() }]
await writeStore(store)
return token
}

export async function loginAdmin(
username: string,
password: string,
): Promise<string | null> {
const store = await readStore()
if (!store.credentials) return null
if (store.credentials.username !== username) return null
const valid = await Bun.password.verify(
password,
store.credentials.passwordHash,
)
if (!valid) return null
const token = generateSessionToken()
cleanExpiredSessions(store)
store.sessions.push({ token, createdAt: new Date().toISOString() })
await writeStore(store)
return token
}

export async function validateSession(token: string): Promise<boolean> {
const store = await readStore()
const now = Date.now()
return store.sessions.some((s) => {
const age = now - new Date(s.createdAt).getTime()
return s.token === token && age < SESSION_TTL_MS
})
}

function generateSessionToken(): string {
return `session-${crypto.randomBytes(24).toString("hex")}`
}

function cleanExpiredSessions(store: AdminStore): void {
const now = Date.now()
store.sessions = store.sessions.filter((s) => {
const age = now - new Date(s.createdAt).getTime()
return age < SESSION_TTL_MS
})
}
Loading
Loading