From e01db2ed26dd69d98f56d84632abf77cf93501e0 Mon Sep 17 00:00:00 2001 From: gilesb Date: Wed, 7 Jan 2026 18:02:34 +0000 Subject: [PATCH] fix: require login to view runs and cache in UI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Runs list now requires login, shows only user's own runs - Cache list now requires login to view 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- server.py | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/server.py b/server.py index ded1139..fba56e6 100644 --- a/server.py +++ b/server.py @@ -836,16 +836,16 @@ async def ui_runs(request: Request): current_user = get_user_from_cookie(request) runs = list_all_runs() - # Filter runs by user if logged in - # Match both plain username and ActivityPub format (@user@domain) - if current_user: - actor_id = f"@{current_user}@{L2_DOMAIN}" - runs = [r for r in runs if r.username in (current_user, actor_id)] + # Require login to see runs + if not current_user: + return '

Login to see your runs.

' + + # Filter runs by user - match both plain username and ActivityPub format (@user@domain) + actor_id = f"@{current_user}@{L2_DOMAIN}" + runs = [r for r in runs if r.username in (current_user, actor_id)] if not runs: - if current_user: - return '

You have no runs yet. Use the CLI to start a run.

' - return '

No runs yet. Login to see your runs.

' + return '

You have no runs yet. Use the CLI to start a run.

' html_parts = ['
'] @@ -923,6 +923,10 @@ async def ui_cache_list(request: Request): """HTMX partial: list of cached items.""" current_user = get_user_from_cookie(request) + # Require login to see cache + if not current_user: + return '

Login to see cached content.

' + # Get all cached files cache_items = [] if CACHE_DIR.exists():