Skip to content

Security & Style 1.0.1

Choose a tag to compare

@FlaxiGG FlaxiGG released this 15 Jun 07:42
da10309

Architecture Change

  • Extracted UI from Java — All HTML/CSS/JS moved from embedded Java string (WebServer.java ~900 lines removed) to standalone files

Authentication System

  • BCrypt — Passwords hashed with BCrypt instead of plaintext
  • Session Tokens — UUID v4 generated per login, stored in server-side sessions map
  • HttpOnly Cookie — Token transmitted via Set-Cookie: token=xxx; HttpOnly; Path=/; SameSite=Lax; Max-Age=300
  • Session Expiry — 5 minutes inactivity timeout, auto-refreshes on each API call
  • Backward compat — getToken(session) checks both Cookie header AND query param ?token=
  • Logout — clears server session + deletes cookie

Login Flow

  • Username + Password login (not single token)
  • Default user: admin / admin123 auto-created on first run
  • mustChange flag — If password is still admin123, forces password change modal
  • Heartbeat API — Global 2-minute interval keeps session alive; 401 → auto-logout
  • Button loading state — "Signing in…" with disabled button during login request

Theme System

  • Light/Dark toggle — Button in sidebar (bottom, before Logout)
  • CSS Variables — 30+ CSS custom properties, overridden in body.dark
  • Dark theme: #12121f background, #1c1c33 cards, #c0c0d0 text
  • color-scheme: dark on dark mode (native scrollbar/input)
  • localStorage persists theme preference
  • Auto-applies on page load from saved preference

Fixed Sidebar

  • position: fixed — Sidebar no longer scrolls with page content
  • left: 0; top: 0; bottom: 0; z-index: 50
  • Content area uses padding-left: 240px
  • Mobile: padding-top: 60px + sidebar becomes top bar

### MinePanel v1.0.1

Major Architecture Update

  • Extracted all UI files from embedded Java strings
  • Moved HTML, CSS, and JavaScript into standalone resource files
  • Removed around 900 lines from WebServer.java
  • Improved maintainability and frontend development workflow

Security & Authentication

  • Added username/password login
  • Added BCrypt password hashing
  • Added UUID v4 session tokens
  • Added HttpOnly cookie-based sessions
  • Added 5-minute inactivity timeout
  • Added forced password change for the default admin account
  • Added logout session cleanup

UI Improvements

  • Added Light/Dark theme toggle
  • Added persistent theme preference
  • Added fixed sidebar layout
  • Improved mobile layout
  • Added login loading state

Compatibility

  • Token lookup now supports both cookie-based sessions and ?token= query parameter for backward compatibility