PATCH { status: "on" } no longer works in current UpSnap version.
Switch to GET /api/upsnap/wake/{id} with 10s timeout (WoL packet
is sent immediately, endpoint blocks until device responds).
Co-Authored-By: Claude <noreply@anthropic.com>
- XSS: escape serviceName in waking page HTML
- Session TTL: 24h expiration with periodic cleanup
- Rate limit: 5 login attempts / 15 min per IP
- CORS: restrict to same-origin + localhost
- SSRF: block localhost/metadata in service targets
- UpSnap: log response bodies on auth/wake failures
Co-Authored-By: Claude <noreply@anthropic.com>
createAdaptorServer creates a new HTTP server on each request,
which breaks Hono routing. getRequestListener gives a proper
request handler for use with an existing server.
Co-Authored-By: Claude <noreply@anthropic.com>
UpSnap uses PocketBase which moved admins to _superusers collection
in v0.23+. Try _superusers first, fallback to users.
Co-Authored-By: Claude <noreply@anthropic.com>
ServiceManager with JSON file persistence replaces static env var config.
CRUD API endpoints (POST/PUT/DELETE /api/services) with WebSocket broadcast.
Dashboard: add/edit/delete services via modal form.
Co-Authored-By: Claude <noreply@anthropic.com>
- Add 5-second polling interval to refresh all dashboard data
- IdleTimer now counts down every second client-side
- Timer turns orange when < 60 seconds remain
- ServiceList shows target URL, health status, and last check time
- Unhealthy services now show red dot instead of gray
Co-Authored-By: Claude <noreply@anthropic.com>
