root/navi-1

Fork: 0

root / navi-1

History for navi-1 / webclient / src / components / settings / ShowTokenModal.vue

2026-05-24	342db21 Browse files » Show copied checkmark on token copy button for 1.5s ... Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 24 May
9582516 Browse files » Apply review fixes to API token auth system ... Backend: - navi/auth/deps.py: replace 3 DB round-trips with single JOIN query for token resolution; update last_used_at still separate (best-effort) - navi/api/routes/api_tokens.py: replace asyncpg-specific "UPDATE 1" string check with RETURNING id fetchrow; increase token_prefix from 8 to 12 chars for better visual identification; add security notes - tests/unit/auth/test_api_tokens.py: update tests for JOIN query and RETURNING-based revoke Frontend: - webclient/src/components/settings/ShowTokenModal.vue: new modal that shows the plain token in a readonly field with copy button and explicit warning — replaces the transient toast notification - webclient/src/components/settings/ApiKeysPanel.vue: use ShowTokenModal - webclient/src/composables/useWebSocket.js: add security comment about localStorage XSS risk and query param log exposure Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 24 May

2026-05-24

342db21
Browse files »

Show copied checkmark on token copy button for 1.5s ...

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Eugene Sukhodolskiy committed on 24 May

9582516
Browse files »

Apply review fixes to API token auth system ...

Backend:
- navi/auth/deps.py: replace 3 DB round-trips with single JOIN query for
  token resolution; update last_used_at still separate (best-effort)
- navi/api/routes/api_tokens.py: replace asyncpg-specific "UPDATE 1"
  string check with RETURNING id fetchrow; increase token_prefix from
  8 to 12 chars for better visual identification; add security notes
- tests/unit/auth/test_api_tokens.py: update tests for JOIN query and
  RETURNING-based revoke

Frontend:
- webclient/src/components/settings/ShowTokenModal.vue: new modal that
  shows the plain token in a readonly field with copy button and
  explicit warning — replaces the transient toast notification
- webclient/src/components/settings/ApiKeysPanel.vue: use ShowTokenModal
- webclient/src/composables/useWebSocket.js: add security comment about
  localStorage XSS risk and query param log exposure

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Eugene Sukhodolskiy committed on 24 May