mirror of
https://github.com/myronblair/jarvis
synced 2026-06-30 17:50:23 -05:00
fix: inject token as JS global (no sessionStorage needed), skip bridge.php, direct login→app
This commit is contained in:
@@ -959,14 +959,18 @@ window.addEventListener("load", () => {
|
|||||||
initVoice();
|
initVoice();
|
||||||
loadVoices();
|
loadVoices();
|
||||||
|
|
||||||
// Check if already logged in
|
// Check if already logged in — prefer PHP-injected global, fall back to sessionStorage
|
||||||
const saved = sessionStorage.getItem('jarvis_token');
|
const saved = (typeof __jarvisToken !== 'undefined' ? __jarvisToken : null)
|
||||||
|
|| sessionStorage.getItem('jarvis_token');
|
||||||
|
const savedUser = (typeof __jarvisUser !== 'undefined' ? __jarvisUser : null)
|
||||||
|
|| sessionStorage.getItem('jarvis_user') || '';
|
||||||
const autoReload = sessionStorage.getItem('jarvis_autoreload') === '1';
|
const autoReload = sessionStorage.getItem('jarvis_autoreload') === '1';
|
||||||
sessionStorage.removeItem('jarvis_autoreload');
|
sessionStorage.removeItem('jarvis_autoreload');
|
||||||
if (saved) {
|
if (saved) {
|
||||||
sessionToken = saved;
|
sessionToken = saved;
|
||||||
sessionUser = sessionStorage.getItem('jarvis_user') || '';
|
sessionUser = savedUser;
|
||||||
showApp(sessionUser, null, autoReload);
|
try { sessionStorage.setItem('jarvis_token', saved); sessionStorage.setItem('jarvis_user', savedUser); } catch(e) {}
|
||||||
|
showApp(savedUser, null, autoReload);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|||||||
@@ -9,6 +9,11 @@ if (empty($_SESSION['jarvis_token'])) {
|
|||||||
$token = $_SESSION['jarvis_token'];
|
$token = $_SESSION['jarvis_token'];
|
||||||
$name = $_SESSION['jarvis_name'] ?? '';
|
$name = $_SESSION['jarvis_name'] ?? '';
|
||||||
$html = file_get_contents(__DIR__ . '/index.html');
|
$html = file_get_contents(__DIR__ . '/index.html');
|
||||||
$inject = '<script>sessionStorage.setItem("jarvis_token",' . json_encode($token)
|
// Inject token as JS globals — no sessionStorage dependency at all
|
||||||
. ');sessionStorage.setItem("jarvis_user",' . json_encode($name) . ');</script>';
|
$inject = '<script data-cfasync="false">'
|
||||||
|
. 'var __jarvisToken=' . json_encode($token) . ';'
|
||||||
|
. 'var __jarvisUser=' . json_encode($name) . ';'
|
||||||
|
. 'try{sessionStorage.setItem("jarvis_token",__jarvisToken);'
|
||||||
|
. 'sessionStorage.setItem("jarvis_user",__jarvisUser);}catch(e){}'
|
||||||
|
. '</script>';
|
||||||
echo str_replace('<head>', '<head>' . $inject, $html);
|
echo str_replace('<head>', '<head>' . $inject, $html);
|
||||||
|
|||||||
@@ -20,7 +20,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||||||
$_SESSION['jarvis_user_id'] = $user['id'];
|
$_SESSION['jarvis_user_id'] = $user['id'];
|
||||||
$_SESSION['jarvis_name'] = $user['display_name'];
|
$_SESSION['jarvis_name'] = $user['display_name'];
|
||||||
$pdo->prepare('UPDATE users SET last_seen=NOW() WHERE id=?')->execute([$user['id']]);
|
$pdo->prepare('UPDATE users SET last_seen=NOW() WHERE id=?')->execute([$user['id']]);
|
||||||
header('Location: /bridge.php');
|
header('Location: /');
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
$error = 'ACCESS DENIED';
|
$error = 'ACCESS DENIED';
|
||||||
|
|||||||
Reference in New Issue
Block a user