admin/markbase
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat: Add 10-second timeout for admin re-authentication

Browse Source 
Security enhancement:
- Admin must re-enter password if Settings closed >10 seconds
- localStorage stores admin_close_time when closing Settings
- toggleSettings() checks elapsed time since last close
- If elapsed >10s: clear token, show login modal
- If elapsed <=10s: open Settings directly (no password)

Implementation:
- Added localStorage.admin_close_time tracking
- Modified toggleSettings() to check timeout
- Clear close_time when opening Settings
- Clear close_time on new login
- Clear close_time when token removed

User workflow:
1. Login → Settings open
2. Close Settings → record close_time
3. Re-open immediately (<10s) → direct access
4. Re-open after 10s → password required

Files changed: src/page.html (+15 lines in toggleSettings, +1 line in submitAdminLogin)

Security: Prevents unauthorized access if admin leaves Settings open and returns later
This commit is contained in:
Warren
2026-05-16 21:26:35 +08:00
parent ed9f4490c8
commit 0a0e4a8b9c
1 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/page.html
View File

@@ -137,8 +137,22 @@ var _sv=false;
function toggleSettings(){ function toggleSettings(){
var token=localStorage.getItem('admin_token'); var token=localStorage.getItem('admin_token');
var lastClose=localStorage.getItem('admin_close_time');
if(token){ if(token){
// Check if closed more than 10 seconds ago
if(lastClose){
var now=Date.now();
var elapsed=(now-parseInt(lastClose))/1000;
if(elapsed>10){
// Token expired (>10s since close), clear and show login
localStorage.removeItem('admin_token');
localStorage.removeItem('admin_close_time');
showAdminLoginModal();
return;
}
}
// Verify token validity // Verify token validity
fetch('/api/v2/admin/verify',{ fetch('/api/v2/admin/verify',{
headers:{'Authorization':'Bearer '+token} headers:{'Authorization':'Bearer '+token}
@@ -149,15 +163,24 @@ function toggleSettings(){
// Token valid, open settings // Token valid, open settings
_sv=!_sv; _sv=!_sv;
document.getElementById("mb-settings-panel").classList.toggle("active",_sv); document.getElementById("mb-settings-panel").classList.toggle("active",_sv);
if(_sv)loadSettings(); if(_sv){
loadSettings();
// Clear close time when opening
localStorage.removeItem('admin_close_time');
}else{
// Record close time when closing
localStorage.setItem('admin_close_time',Date.now());
}
}else{ }else{
// Token invalid, remove and show login // Token invalid, remove and show login
localStorage.removeItem('admin_token'); localStorage.removeItem('admin_token');
localStorage.removeItem('admin_close_time');
showAdminLoginModal(); showAdminLoginModal();
} }
}) })
.catch(function(e){ .catch(function(e){
localStorage.removeItem('admin_token'); localStorage.removeItem('admin_token');
localStorage.removeItem('admin_close_time');
showAdminLoginModal(); showAdminLoginModal();
}); });
}else{ }else{
@@ -203,6 +226,7 @@ function submitAdminLogin(){
.then(function(d){ .then(function(d){
if(d.token){ if(d.token){
localStorage.setItem('admin_token',d.token); localStorage.setItem('admin_token',d.token);
localStorage.removeItem('admin_close_time'); // Clear close time on new login
document.getElementById('mb-admin-modal').classList.remove('active'); document.getElementById('mb-admin-modal').classList.remove('active');
toast('Admin authenticated ✓'); toast('Admin authenticated ✓');
toggleSettings(); // Re-open settings toggleSettings(); // Re-open settings