From 2bb9bc13579be4df65a57b8d94e936bfc6484b41 Mon Sep 17 00:00:00 2001 From: BoulderBadgeDad Date: Wed, 10 Jun 2026 22:38:10 -0700 Subject: [PATCH] Settings: reorganize Security into clear groups with visible prerequisites MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The security section had grown into a flat pile of toggles with hidden dependencies. Regrouped into three labelled cards so it reads top-to-bottom: - πŸ”‘ Lock with a PIN β€” set PIN (Step 1) β†’ Require PIN - πŸ‘€ User accounts (login) β€” Step 1 admin password β†’ Step 2 recovery question β†’ Step 3 Require login. The Step 3 toggle is now visually LOCKED (greyed + disabled + "set the admin password first" hint) until an admin password exists, so the anti-lockout rule is obvious instead of surfacing as a 400 on save. It unlocks the moment the password is saved. - 🌐 Reverse proxy & remote access β€” the proxy toggle, with the auth-proxy header nested under it (indented), plus WebSocket origins. - get_all_profiles/get_profile now expose has_password + has_recovery so the UI can reflect setup state; updateRequireLoginGate() drives the lock. - New .security-subgroup/.security-subhead/.security-nested/.security-locked CSS. All IDs + handlers preserved. Inert unless used; default install unaffected. 64 script-split integrity tests pass. --- database/music_database.py | 4 + webui/index.html | 175 ++++++++++++++++++++----------------- webui/static/init.js | 24 ++++- webui/static/settings.js | 4 + webui/static/style.css | 35 ++++++++ 5 files changed, 163 insertions(+), 79 deletions(-) diff --git a/database/music_database.py b/database/music_database.py index 5816065c..1a2bca8b 100644 --- a/database/music_database.py +++ b/database/music_database.py @@ -5246,6 +5246,8 @@ class MusicDatabase: 'avatar_url': row['avatar_url'] if 'avatar_url' in columns else None, 'is_admin': bool(row['is_admin']), 'has_pin': row['pin_hash'] is not None, + 'has_password': row['password_hash'] is not None if 'password_hash' in columns else False, + 'has_recovery': row['recovery_answer_hash'] is not None if 'recovery_answer_hash' in columns else False, 'home_page': row['home_page'] if 'home_page' in columns else None, 'allowed_pages': json.loads(ap_raw) if ap_raw else None, 'can_download': bool(row['can_download']) if 'can_download' in columns else True, @@ -5276,6 +5278,8 @@ class MusicDatabase: 'avatar_url': row['avatar_url'] if 'avatar_url' in columns else None, 'is_admin': bool(row['is_admin']), 'has_pin': row['pin_hash'] is not None, + 'has_password': row['password_hash'] is not None if 'password_hash' in columns else False, + 'has_recovery': row['recovery_answer_hash'] is not None if 'recovery_answer_hash' in columns else False, 'home_page': row['home_page'] if 'home_page' in columns else None, 'allowed_pages': json.loads(ap_raw) if ap_raw else None, 'can_download': bool(row['can_download']) if 'can_download' in columns else True, diff --git a/webui/index.html b/webui/index.html index 8da0f94a..b7bcf9b7 100644 --- a/webui/index.html +++ b/webui/index.html @@ -5993,100 +5993,119 @@ - +
-

πŸ”’ Security

- -