github/AutoGPT
1
1
Fork 0
mirror of https://github.com/Significant-Gravitas/AutoGPT.git synced 2026-01-09 15:17:59 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
2af9d75decf4d8ac7490c9408527eb99e76fb505
AutoGPT/autogpt_platform/frontend/package.json
Ubbe 2af9d75dec feat(frontend): enforce auth through httpOnly cookies (#10201) 
### Changes 🏗️

Implemented `httpOnly` cookies 🍪 for secure session management 💆🏽 

- 🙏🏽 **Moved all API requests to server-side execution** for maximum XSS
protection
- All authentication now happens server-side with `httpOnly` cookies (no
JWT tokens exposed to client)
- Created `proxyApiRequest()` and `proxyFileUpload()` server actions to
handle all communication with API
- Updated `BackendAPI._request()` to always use proxy approach for
consistent security

- 🚧 **Exception: WebSocket authentication** requires client-side token
exposure
- Added `getWebSocketToken()` server action to securely provide tokens
only for WebSocket connections
  - Maintains secure architecture while we keep the real-time features

- 🧹 **Abstracted implementation details** into reusable helper functions
  - Reduced proxy actions from 157 lines to 48 lines (70% reduction)
- Added flexible content-type support ( _JSON, form-urlencoded, custom_
)
  - Enhanced error handling for graceful logout scenarios
  
- 📙 **Renamed `/reset_password` page to `/reset-password`**
  - couldn't resist sorry... snake case URLs get me 

### Checklist 📋

#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
  <!-- Put your test plan here: -->
  - [x] Verify all API requests work through server-side proxy
  - [x] Confirm httpOnly cookies prevent client-side JWT access
  - [x] Test WebSocket connections work with server-provided tokens
  - [x] Verify logout scenarios don't throw authentication errors
  - [x] Check file uploads work securely through proxy
  - [x] Validate zero breaking changes for existing BackendAPI calls

---------

Co-authored-by: Nicholas Tindle <nicholas.tindle@agpt.co>
Co-authored-by: Nicholas Tindle <nicktindle@outlook.com>
Co-authored-by: Swifty <craigswift13@gmail.com>
2025-06-26 13:27:23 +00:00

136 lines
4.5 KiB
JSON
Raw Blame History

{
"name": "frontend",
"version": "0.3.4",
"private": true,
"scripts": {
"dev": "next dev --turbo",
"build": "pnpm run generate:api-client && SKIP_STORYBOOK_TESTS=true next build",
"start": "next start",
"start:standalone": "cd .next/standalone && node server.js",
"lint": "next lint && prettier --check .",
"format": "prettier --write .",
"type-check": "tsc --noEmit",
"test": "next build --turbo && playwright test",
"test-ui": "next build --turbo && playwright test --ui",
"test:no-build": "playwright test",
"gentests": "playwright codegen http://localhost:3000",
"storybook": "storybook dev -p 6006",
"build-storybook": "storybook build",
"test-storybook": "test-storybook",
"fetch:openapi": "curl http://localhost:8006/openapi.json > ./src/api/openapi.json && prettier --write ./src/api/openapi.json",
"generate:api-client": "orval --config ./orval.config.ts",
"generate:api-all": "pnpm run fetch:openapi && pnpm run generate:api-client"
},
"browserslist": [
"defaults"
],
"dependencies": {
"@faker-js/faker": "9.8.0",
"@hookform/resolvers": "5.1.1",
"@next/third-parties": "15.3.3",
"@phosphor-icons/react": "2.1.10",
"@radix-ui/react-alert-dialog": "1.1.14",
"@radix-ui/react-avatar": "1.1.10",
"@radix-ui/react-checkbox": "1.3.2",
"@radix-ui/react-collapsible": "1.1.11",
"@radix-ui/react-context-menu": "2.2.15",
"@radix-ui/react-dialog": "1.1.14",
"@radix-ui/react-dropdown-menu": "2.1.15",
"@radix-ui/react-icons": "1.3.2",
"@radix-ui/react-label": "2.1.7",
"@radix-ui/react-popover": "1.1.14",
"@radix-ui/react-radio-group": "1.3.7",
"@radix-ui/react-scroll-area": "1.2.9",
"@radix-ui/react-select": "2.2.5",
"@radix-ui/react-separator": "1.1.7",
"@radix-ui/react-slot": "1.2.3",
"@radix-ui/react-switch": "1.2.5",
"@radix-ui/react-tabs": "1.1.12",
"@radix-ui/react-toast": "1.2.14",
"@radix-ui/react-tooltip": "1.2.7",
"@sentry/nextjs": "9.27.0",
"@supabase/ssr": "0.6.1",
"@supabase/supabase-js": "2.50.0",
"@tanstack/react-query": "5.80.7",
"@tanstack/react-table": "8.21.3",
"@types/jaro-winkler": "0.2.4",
"@xyflow/react": "12.6.4",
"ajv": "8.17.1",
"boring-avatars": "1.11.2",
"class-variance-authority": "0.7.1",
"clsx": "2.1.1",
"cmdk": "1.1.1",
"cookie": "1.0.2",
"date-fns": "4.1.0",
"dotenv": "16.5.0",
"elliptic": "6.6.1",
"embla-carousel-react": "8.6.0",
"framer-motion": "12.16.0",
"geist": "1.4.2",
"jaro-winkler": "0.2.8",
"launchdarkly-react-client-sdk": "3.8.1",
"lodash": "4.17.21",
"lucide-react": "0.513.0",
"moment": "2.30.1",
"next": "15.3.3",
"next-themes": "0.4.6",
"party-js": "2.2.0",
"react": "18.3.1",
"react-day-picker": "9.7.0",
"react-dom": "18.3.1",
"react-drag-drop-files": "2.4.0",
"react-hook-form": "7.57.0",
"react-icons": "5.5.0",
"react-markdown": "9.0.3",
"react-modal": "3.16.3",
"react-shepherd": "6.1.8",
"recharts": "2.15.3",
"shepherd.js": "14.5.0",
"tailwind-merge": "2.6.0",
"tailwindcss-animate": "1.0.7",
"uuid": "11.1.0",
"zod": "3.25.56"
},
"devDependencies": {
"@chromatic-com/storybook": "4.0.0",
"@playwright/test": "1.53.1",
"@storybook/addon-a11y": "9.0.12",
"@storybook/addon-docs": "9.0.12",
"@storybook/addon-links": "9.0.12",
"@storybook/addon-onboarding": "9.0.12",
"@storybook/nextjs": "9.0.12",
"@tanstack/eslint-plugin-query": "5.78.0",
"@tanstack/react-query-devtools": "5.80.10",
"@types/canvas-confetti": "1.9.0",
"@types/lodash": "4.17.18",
"@types/negotiator": "0.6.4",
"@types/node": "22.15.30",
"@types/react": "18.3.17",
"@types/react-dom": "18.3.5",
"@types/react-modal": "3.16.3",
"axe-playwright": "2.1.0",
"chromatic": "11.25.2",
"concurrently": "9.1.2",
"eslint": "8.57.1",
"eslint-config-next": "15.3.4",
"eslint-plugin-storybook": "9.0.12",
"import-in-the-middle": "1.14.2",
"msw": "2.10.2",
"msw-storybook-addon": "2.0.5",
"orval": "7.10.0",
"postcss": "8.5.6",
"prettier": "3.5.3",
"prettier-plugin-tailwindcss": "0.6.12",
"require-in-the-middle": "7.5.2",
"storybook": "9.0.12",
"tailwindcss": "3.4.17",
"typescript": "5.8.3"
},
"msw": {
"workerDirectory": [
"public"
]
},
"packageManager": "pnpm@10.11.1+sha256.211e9990148495c9fc30b7e58396f7eeda83d9243eb75407ea4f8650fb161f7c"
}
Reference in New Issue View Git Blame Copy Permalink