lee/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter.git synced 2026-05-04 08:30:39 +00:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity
Files
298f1cdb42e94c3905b5e7ffe4a4f552cf9cb3de
puter/extensions
T
History
KernelDeimos 4374281070 dev: add re-authentication flow for protect actions 
When users make sensitive changes to their account they are asked to
re-enter their password. This prevents a hijacked session from causing
futher damage.

Users created with the new OIDC flow do not necessarily have a password
set on their account, and they need to also be able to make these
changes. While removal of the password entry requirement for these users
would solve this problem, it would also make their accounts more
vulnerable. To solve this problem while maintaining the same security
standard for OIDC users, we need them to confirm via either 2FA or
re-authentication via OIDC. Since users aren't required to have 2FA, the
re-authentication via OIDC approach is also the minimum viable solution.

This commit adds OIDC re-authentication support for all endpoints under
UserProtectedEndpointsService, and makes updates to the
UIWindowChangeUsername dialog for manual testing.

Currently this implementation fails at the final submission to change
the username because of a separate issue with the correct authentication
token not being set; this is related to the separation of GUI tokens vs
http-only tokens.
2026-02-19 16:10:21 -05:00
..
app-telemetry
add extra permission check for granted apps (#2503)
2026-02-17 01:29:54 -05:00
extensionController
perf: improve tel + decrease logs (#2309)
2026-01-20 20:21:08 -08:00
hellodriver
dev: extension.span
2025-12-09 18:42:10 -05:00
metering
fix: limit open router expensive models for now (#2407)
2026-02-03 14:43:15 -08:00
puterfs
patch(puterfs): limit directory depth to 35
2026-02-13 20:53:56 -05:00
serverInfo
Feat: Add system info (Client + Server metrics) (#2311)
2026-01-27 10:29:02 -08:00
whoami
dev: add re-authentication flow for protect actions
2026-02-19 16:10:21 -05:00
.gitkeep
api.d.ts
merge users (#2441)
2026-02-07 18:44:31 -08:00
data.js
Reapply: reverted redis migration changes (#2403)
2026-02-03 11:25:28 -08:00
example_gui_extension.js
feat: support extension divs headers and tags being inserted to puter homepage load (#2221)
2025-12-24 13:48:36 -08:00
example-kv.js
exports_something.js
fix: eslint autofixable errors (#2002)
2025-11-21 13:22:19 -08:00
extension-util.js
imports_something.js
jsconfig.json
README.md
dev(extensions): [+] dev-socket
2026-02-03 19:39:07 -05:00
tsconfig.json
test: claudeService (#2074)
2025-12-01 13:39:55 -08:00
utilities.js
worker-sandbox.js
add sandboxing by default in god mode created workers (#2481)
2026-02-12 16:06:40 -08:00

README.md

Extension System Development Guide

Where to find documentation

Here

Documentation for extensions is here.

Bundled extensions

  • dev-console (extensions/dev-console/) Dev socket for running backend commands locally. Opt-in via DEVCONSOLE=1 (e.g. npm run dev). See Backend dev socket.

Not Here

Outdated documentation for extensions is here. This documentation may include some topics that are missing from the current documentation. Eventually those topics should be updated and transferred to the current documentation so that this documentation may be removed.

Reference in New Issue View Git Blame Copy Permalink