Security & Style 1.0.1
Architecture Change
- Extracted UI from Java — All HTML/CSS/JS moved from embedded Java string (WebServer.java ~900 lines removed) to standalone files
Authentication System
- BCrypt — Passwords hashed with BCrypt instead of plaintext
- Session Tokens — UUID v4 generated per login, stored in server-side sessions map
- HttpOnly Cookie — Token transmitted via Set-Cookie: token=xxx; HttpOnly; Path=/; SameSite=Lax; Max-Age=300
- Session Expiry — 5 minutes inactivity timeout, auto-refreshes on each API call
- Backward compat — getToken(session) checks both Cookie header AND query param ?token=
- Logout — clears server session + deletes cookie
Login Flow
- Username + Password login (not single token)
- Default user: admin / admin123 auto-created on first run
- mustChange flag — If password is still admin123, forces password change modal
- Heartbeat API — Global 2-minute interval keeps session alive; 401 → auto-logout
- Button loading state — "Signing in…" with disabled button during login request
Theme System
- Light/Dark toggle — Button in sidebar (bottom, before Logout)
- CSS Variables — 30+ CSS custom properties, overridden in body.dark
- Dark theme: #12121f background, #1c1c33 cards, #c0c0d0 text
- color-scheme: dark on dark mode (native scrollbar/input)
- localStorage persists theme preference
- Auto-applies on page load from saved preference
Fixed Sidebar
- position: fixed — Sidebar no longer scrolls with page content
- left: 0; top: 0; bottom: 0; z-index: 50
- Content area uses padding-left: 240px
- Mobile: padding-top: 60px + sidebar becomes top bar
### MinePanel v1.0.1
Major Architecture Update
- Extracted all UI files from embedded Java strings
- Moved HTML, CSS, and JavaScript into standalone resource files
- Removed around 900 lines from
WebServer.java - Improved maintainability and frontend development workflow
Security & Authentication
- Added username/password login
- Added BCrypt password hashing
- Added UUID v4 session tokens
- Added HttpOnly cookie-based sessions
- Added 5-minute inactivity timeout
- Added forced password change for the default admin account
- Added logout session cleanup
UI Improvements
- Added Light/Dark theme toggle
- Added persistent theme preference
- Added fixed sidebar layout
- Improved mobile layout
- Added login loading state
Compatibility
- Token lookup now supports both cookie-based sessions and
?token=query parameter for backward compatibility