Pulse/internal
rcourtman accecdb50b Make api_tokens.json authoritative source for API tokens (fixes #685)
This is the proper architectural fix for #685. The previous commit was a
bandaid that prevented unnecessary .env writes. This commit addresses the
root cause: dual-source-of-truth for API tokens (.env vs api_tokens.json).

Changes:

1. Startup Migration (config.go:896-951):
   - When loading config, if API_TOKEN/API_TOKENS exist in .env but not in
     api_tokens.json, automatically migrate them
   - Migrated tokens are named "Migrated from .env (prefix)" for clarity
   - Logs a deprecation warning: API_TOKEN/API_TOKENS in .env are deprecated
   - Leaves .env untouched (safe for existing deployments)

2. Config Watcher Changes (watcher.go:338-424):
   - Only load tokens from .env if api_tokens.json is EMPTY
   - Once api_tokens.json has records, it becomes the authoritative source
   - .env changes no longer trigger token overwrites when api_tokens.json exists
   - Logs debug message when ignoring env tokens

Result:
- Existing deployments: env tokens automatically migrated to api_tokens.json
- UI-created tokens: never overwritten by .env changes
- Dark mode toggle: no longer triggers token reload from .env
- Backward compatible: fresh installs with API_TOKEN in .env still work
- Migration path: users can safely keep API_TOKEN in .env, it will be ignored

Future improvement: Add UI warning when API_TOKEN/API_TOKENS still present
in .env, prompting users to rotate tokens via the UI.
2025-11-11 00:17:40 +00:00
..
alerts feat: Add mdadm RAID monitoring support for host agents 2025-11-09 16:36:33 +00:00
api Fix bootstrap token path display for Docker deployments (related to #680) 2025-11-09 23:41:55 +00:00
auth Fix config backup/restore by enforcing 12-char minimum password (related to #646) 2025-11-07 22:51:55 +00:00
config Make api_tokens.json authoritative source for API tokens (fixes #685) 2025-11-11 00:17:40 +00:00
crypto Harden setup token flow and enforce encrypted persistence 2025-10-25 16:00:37 +00:00
discovery Fix P1/P2 infrastructure issues: panic recovery and optimizations 2025-11-07 09:55:22 +00:00
dockeragent Fix critical version embedding issues for 4.26 release 2025-11-06 11:42:52 +00:00
errors Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
hostagent feat: Add mdadm RAID monitoring support for host agents 2025-11-09 16:36:33 +00:00
hostmetrics Normalize docker agent version handling 2025-10-28 08:42:58 +00:00
logging feat: comprehensive diagnostics and observability improvements 2025-10-21 12:37:39 +00:00
mdadm feat: Add mdadm RAID monitoring support for host agents 2025-11-09 16:36:33 +00:00
metrics Add comprehensive alert system reliability improvements 2025-11-06 16:46:30 +00:00
mock Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
models feat: Add mdadm RAID monitoring support for host agents 2025-11-09 16:36:33 +00:00
monitoring feat: Add mdadm RAID monitoring support for host agents 2025-11-09 16:36:33 +00:00
notifications Improve table column widths and sparkline visibility 2025-11-09 23:36:52 +00:00
sensors feat: Add temperature collection to pulse-host-agent (related to #661) 2025-11-07 22:54:40 +00:00
ssh/knownhosts feat(security): Add SSH output limits and improve host key management 2025-11-07 17:09:02 +00:00
system Enhance container detection for temperature SSH safeguards (refs #601) 2025-11-04 22:30:35 +00:00
tempproxy Fix temperature data intermittency caused by proxy rate limit retries 2025-11-05 10:20:15 +00:00
types Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
updates Add support for linux-386 and linux-armv6 architectures (related to #674) 2025-11-09 08:35:24 +00:00
utils Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
websocket Fix P1: Add shutdown mechanism to WebSocket Hub 2025-11-07 10:20:26 +00:00