-
Stefy Lanza (nextime / spora ) authored
The front reverse-proxied every page navigation to the primary engine, so opening any page while that engine was mid-generation (event loop busy) made the whole UI hang until generation finished. Now the front renders the UI pages itself (dashboard, models, tokens, users, tasks, settings, archive, chat, login, change-password) and serves the admin static assets + favicon locally. Sessions are validated locally: the cookie is HMAC-signed with the secret under config_dir (shared via auth.json), so the front authenticates it with no round-trip to a busy engine — and matches the port-derived session_<port> cookie name by signature, not by exact name. Mutating auth actions (login/logout/change-password POST) and all /admin/api/* data calls still fall through to the catch-all proxy and reach the engine. New: codai/frontproxy/ui_pages.py (register_ui_pages), wired in build_app before the catch-all. Verified via TestClient: local render, unauth->login redirect, authed render, static, and POST/logout pass-through. Co-Authored-By:
Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_011DDv7BchtZQWsnPG6Jm49m
a4eb2cc7