Security fixes: swarm signature verification and error handling

This commit is contained in:
Clawd Deploy Bot
2026-01-30 16:50:49 +01:00
parent 495a037eb1
commit 50355b740a
21 changed files with 850 additions and 467 deletions
+28 -7
View File
@@ -1,13 +1,13 @@
'use client';
import { useAuth } from '@/lib/contexts/AuthContext';
import { IdentityLockScreen } from '@/components/IdentityLockScreen';
import { Loader2 } from 'lucide-react';
export default function SettingsLayout({ children }: { children: React.ReactNode }) {
const { isIdentityUnlocked, loading } = useAuth();
const { isIdentityUnlocked, isRestoring, loading } = useAuth();
if (loading) {
// Show loading while restoring or initial load
if (loading || isRestoring) {
return (
<div style={{
minHeight: '60vh',
@@ -21,12 +21,33 @@ export default function SettingsLayout({ children }: { children: React.ReactNode
);
}
// If not unlocked after restoration, user needs to re-login
// (This is rare - only happens if browser was closed or session expired)
if (!isIdentityUnlocked) {
return (
<IdentityLockScreen
title="Settings Locked"
description="To view or change your settings, you must unlock your identity. Your private keys are required to sign any changes you make."
/>
<div style={{
minHeight: '60vh',
display: 'flex',
flexDirection: 'column',
alignItems: 'center',
justifyContent: 'center',
gap: '16px',
padding: '24px',
textAlign: 'center'
}}>
<h2 style={{ fontSize: '20px', fontWeight: 600 }}>
Session Expired
</h2>
<p style={{ color: 'var(--foreground-secondary)', maxWidth: '400px' }}>
Your session has expired. Please log out and log back in to access settings.
</p>
<button
onClick={() => window.location.href = '/login'}
className="btn btn-primary"
>
Go to Login
</button>
</div>
);
}
+2 -8
View File
@@ -14,7 +14,7 @@ export default function PrivacySettingsPage() {
const [dmPrivacy, setDmPrivacy] = useState<'everyone' | 'following' | 'none'>('everyone');
const [status, setStatus] = useState<{ type: 'success' | 'error', message: string } | null>(null);
const { isIdentityUnlocked, setShowUnlockPrompt, signUserAction } = useAuth();
const { isIdentityUnlocked, signUserAction } = useAuth();
useEffect(() => {
fetch('/api/auth/me')
@@ -30,9 +30,8 @@ export default function PrivacySettingsPage() {
}, []);
const handleSave = async (newValue: 'everyone' | 'following' | 'none') => {
// If identity is locked, prompt to unlock and return
if (!isIdentityUnlocked) {
setShowUnlockPrompt(true);
setStatus({ type: 'error', message: 'Session expired. Please log in again.' });
return;
}
@@ -55,11 +54,6 @@ export default function PrivacySettingsPage() {
} else {
const data = await res.json();
setStatus({ type: 'error', message: data.error || 'Failed to save settings' });
// If error due to identity lock
if (data.error === 'Invalid signature or identity') {
setShowUnlockPrompt(true);
}
}
} catch (error) {
setStatus({ type: 'error', message: 'An error occurred' });
+3 -10
View File
@@ -13,7 +13,7 @@ export default function SecuritySettingsPage() {
const [isSubmitting, setIsSubmitting] = useState(false);
const [error, setError] = useState<string | null>(null);
const [success, setSuccess] = useState<string | null>(null);
const { isIdentityUnlocked, setShowUnlockPrompt, signUserAction } = useAuth();
const { isIdentityUnlocked, signUserAction } = useAuth();
const handleSubmit = async (e: React.FormEvent) => {
e.preventDefault();
@@ -36,11 +36,9 @@ export default function SecuritySettingsPage() {
return;
}
// If identity is locked, prompt to unlock and return
// Note: It seems redundant since they entered the password,
// but this ensures the KEY is loaded in memory.
// With persistence, identity should be unlocked
if (!isIdentityUnlocked) {
setShowUnlockPrompt(true);
setError('Your session has expired. Please log in again.');
return;
}
@@ -60,11 +58,6 @@ export default function SecuritySettingsPage() {
const data = await res.json();
if (!res.ok) {
// If error due to identity lock
if (data.error === 'Invalid signature or identity' || data.error === 'User not found') {
setShowUnlockPrompt(true);
throw new Error('Identity verification failed. Please unlock your identity.');
}
throw new Error(data.error || 'Failed to change password');
}