8538dc5b66
Critical Security Fixes: 1. Remove default credentials from login page (inst_012 compliance) 2. Create auth-check.js utility for client-side authentication 3. Add authentication redirects to all admin pages Authentication Protection: - All admin pages now check for valid JWT token on load - Redirect to login if unauthenticated or token expired - Token expiration validation (client-side check) - Role verification (admin/moderator required) - Periodic token validity checks (every 5 minutes) Files Protected: ✅ /admin/dashboard.html ✅ /admin/rule-manager.html ✅ /admin/project-manager.html ✅ /admin/claude-md-migrator.html ✅ /admin/blog-curation.html ✅ /admin/audit-analytics.html (login.html excluded - entry point) Authentication Flow: 1. User accesses admin page 2. auth-check.js runs immediately 3. Check localStorage for admin_token 4. Parse JWT to verify expiration and role 5. If invalid: redirect to /admin/login.html with reason 6. If valid: allow page to load normally API Security (already in place): - All /api/admin/* endpoints require JWT - authenticateToken middleware validates tokens - requireRole middleware enforces admin/moderator access Addresses security concerns: - inst_012: No internal/confidential data exposure - inst_013: No sensitive runtime data in public endpoints - inst_014: No API surface enumeration - inst_015: No internal documentation exposure Remaining Recommendations: - Change default admin password on production (MANUAL STEP) - Consider IP whitelist for /admin/* (optional) - Add rate limiting to /api/auth/login (future enhancement) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
94 lines
4.3 KiB
HTML
94 lines
4.3 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<title>Admin Login | Tractatus Framework</title>
|
|
<link rel="stylesheet" href="/css/tailwind.css?v=1759833751">
|
|
</head>
|
|
<body class="bg-gray-50">
|
|
|
|
<div class="min-h-screen flex items-center justify-center py-12 px-4 sm:px-6 lg:px-8">
|
|
<div class="max-w-md w-full space-y-8">
|
|
|
|
<!-- Header -->
|
|
<div>
|
|
<div class="mx-auto h-12 w-12 bg-blue-600 rounded-lg flex items-center justify-center">
|
|
<svg aria-hidden="true" class="h-8 w-8 text-white" fill="none" stroke="currentColor" viewBox="0 0 24 24">
|
|
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z"/>
|
|
</svg>
|
|
</div>
|
|
<h2 class="mt-6 text-center text-3xl font-extrabold text-gray-900">
|
|
Admin Portal
|
|
</h2>
|
|
<p class="mt-2 text-center text-sm text-gray-600">
|
|
Tractatus Framework Management
|
|
</p>
|
|
</div>
|
|
|
|
<!-- Login Form -->
|
|
<form id="login-form" class="mt-8 space-y-6">
|
|
<div class="rounded-md shadow-sm space-y-4">
|
|
<div>
|
|
<label for="email" class="block text-sm font-medium text-gray-700">Email address</label>
|
|
<input id="email" name="email" type="email" autocomplete="email" required
|
|
class="mt-1 appearance-none relative block w-full px-3 py-2 border border-gray-300 placeholder-gray-500 text-gray-900 rounded-lg focus:outline-none focus:ring-blue-500 focus:border-blue-500 focus:z-10 sm:text-sm"
|
|
placeholder="admin@tractatus.local">
|
|
</div>
|
|
<div>
|
|
<label for="password" class="block text-sm font-medium text-gray-700">Password</label>
|
|
<input id="password" name="password" type="password" autocomplete="current-password" required
|
|
class="mt-1 appearance-none relative block w-full px-3 py-2 border border-gray-300 placeholder-gray-500 text-gray-900 rounded-lg focus:outline-none focus:ring-blue-500 focus:border-blue-500 focus:z-10 sm:text-sm"
|
|
placeholder="••••••••">
|
|
</div>
|
|
</div>
|
|
|
|
<!-- Error Message -->
|
|
<div id="error-message" class="hidden rounded-md bg-red-50 p-4">
|
|
<div class="flex">
|
|
<div class="flex-shrink-0">
|
|
<svg aria-hidden="true" class="h-5 w-5 text-red-400" fill="currentColor" viewBox="0 0 20 20">
|
|
<path fill-rule="evenodd" d="M10 18a8 8 0 100-16 8 8 0 000 16zM8.707 7.293a1 1 0 00-1.414 1.414L8.586 10l-1.293 1.293a1 1 0 101.414 1.414L10 11.414l1.293 1.293a1 1 0 001.414-1.414L11.414 10l1.293-1.293a1 1 0 00-1.414-1.414L10 8.586 8.707 7.293z" clip-rule="evenodd"/>
|
|
</svg>
|
|
</div>
|
|
<div class="ml-3">
|
|
<p id="error-text" class="text-sm font-medium text-red-800"></p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<!-- Submit Button -->
|
|
<div>
|
|
<button type="submit" id="login-btn"
|
|
class="group relative w-full flex justify-center py-2 px-4 border border-transparent text-sm font-medium rounded-md text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500">
|
|
<span class="absolute left-0 inset-y-0 flex items-center pl-3">
|
|
<svg aria-hidden="true" class="h-5 w-5 text-blue-500 group-hover:text-blue-400" fill="currentColor" viewBox="0 0 20 20">
|
|
<path fill-rule="evenodd" d="M5 9V7a5 5 0 0110 0v2a2 2 0 012 2v5a2 2 0 01-2 2H5a2 2 0 01-2-2v-5a2 2 0 012-2zm8-2v2H7V7a3 3 0 016 0z" clip-rule="evenodd"/>
|
|
</svg>
|
|
</span>
|
|
Sign in
|
|
</button>
|
|
</div>
|
|
|
|
<!-- Helper Text -->
|
|
<div class="text-center">
|
|
<p class="text-sm text-gray-600">
|
|
Enter your admin credentials to continue
|
|
</p>
|
|
</div>
|
|
</form>
|
|
|
|
<!-- Back to Home -->
|
|
<div class="text-center">
|
|
<a href="/" class="text-sm font-medium text-blue-600 hover:text-blue-500">
|
|
← Back to home
|
|
</a>
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
<script src="/js/admin/login.js?v=1759833751"></script>
|
|
|
|
</body>
|
|
</html>
|