Archive/screentinker

Fork 0

mirror of https://github.com/screentinker/screentinker.git synced 2026-05-15 07:32:23 -06:00

Commit graph

Author	SHA1	Message	Date
ScreenTinker	261f74e1e4	Rewrite Pi setup script as all-in-one installer Turns the Raspberry Pi script from a basic Chromium kiosk launcher into a full installer with two modes: - All-in-One: installs Node.js, clones the repo, runs the server on port 3001, and launches the kiosk pointing at localhost. One Pi does everything. - Player-Only: connects to an existing server; same kiosk behavior as before but with better Chromium flags and crash-flag cleanup. Other changes: - Detects Pi OS Lite vs Desktop and adjusts strategy (startx + vt1 for Lite, plain kiosk launcher for Desktop) - Auto-login on tty1 for Lite installs - GPU memory, overscan, console-blanking, and watchdog tweaks - screentinker-{status,update,logs} management commands - MOTD with command hints - Cleans up the legacy remotedisplay.service / kiosk script on upgrade so old installs migrate cleanly - set -euo pipefail, root check, architecture check, tee'd log at /var/log/screentinker-setup.log Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-23 18:26:49 -05:00
ScreenTinker	772ead28a2	Fix reset-admin.js: honor recovery token in requireAuth scripts/reset-admin.js signed a JWT with a synthetic id ("recovery-XXX") and instructed the operator to paste it into localStorage. But the requireAuth middleware always SELECTs the user row by id, so every authed API call under the recovery token returned 401 "User not found" and the recovery flow was effectively dead. Fix: - reset-admin.js now sets a `recovery: true` claim on the JWT. - requireAuth / optionalAuth short-circuit the DB lookup when decoded.recovery === true and synthesize a req.user record in memory (role: admin, plan_id: enterprise). The synthetic user is never persisted, so FK-constrained writes that expect a real user (creating devices, etc.) will still fail — which is fine, recovery is only meant to let the operator reset a password or create a fresh admin via the Settings UI. Security: a recovery token still requires the jwtSecret to sign, so only someone with filesystem access to the server can mint one. Token TTL remains 1h. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-21 19:08:49 -05:00
ScreenTinker	1594a9d4a4	Initial open source release ScreenTinker - open source digital signage management software. MIT License, all features included, no license gates. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-08 12:14:53 -05:00

Author

SHA1

Message

Date

ScreenTinker

261f74e1e4

Rewrite Pi setup script as all-in-one installer

Turns the Raspberry Pi script from a basic Chromium kiosk launcher
into a full installer with two modes:

- All-in-One: installs Node.js, clones the repo, runs the server
  on port 3001, and launches the kiosk pointing at localhost. One
  Pi does everything.
- Player-Only: connects to an existing server; same kiosk behavior
  as before but with better Chromium flags and crash-flag cleanup.

Other changes:
- Detects Pi OS Lite vs Desktop and adjusts strategy (startx + vt1
  for Lite, plain kiosk launcher for Desktop)
- Auto-login on tty1 for Lite installs
- GPU memory, overscan, console-blanking, and watchdog tweaks
- screentinker-{status,update,logs} management commands
- MOTD with command hints
- Cleans up the legacy remotedisplay.service / kiosk script on
  upgrade so old installs migrate cleanly
- set -euo pipefail, root check, architecture check, tee'd log at
  /var/log/screentinker-setup.log

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-23 18:26:49 -05:00

ScreenTinker

772ead28a2

Fix reset-admin.js: honor recovery token in requireAuth

scripts/reset-admin.js signed a JWT with a synthetic id ("recovery-XXX")
and instructed the operator to paste it into localStorage. But the
requireAuth middleware always SELECTs the user row by id, so every
authed API call under the recovery token returned 401 "User not found"
and the recovery flow was effectively dead.

Fix:
- reset-admin.js now sets a `recovery: true` claim on the JWT.
- requireAuth / optionalAuth short-circuit the DB lookup when
  decoded.recovery === true and synthesize a req.user record in
  memory (role: admin, plan_id: enterprise). The synthetic user is
  never persisted, so FK-constrained writes that expect a real
  user (creating devices, etc.) will still fail — which is fine,
  recovery is only meant to let the operator reset a password or
  create a fresh admin via the Settings UI.

Security: a recovery token still requires the jwtSecret to sign,
so only someone with filesystem access to the server can mint one.
Token TTL remains 1h.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-21 19:08:49 -05:00

ScreenTinker

1594a9d4a4

Initial open source release

ScreenTinker - open source digital signage management software.
MIT License, all features included, no license gates.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-04-08 12:14:53 -05:00

3 commits