Ole-Morten Duesund
5e5bf92afb
After a page reload the SPA rehydrates session.user from /me but the
DEK lives only in memory and is intentionally gone. Previously this
manifested as:
- "Logg inn på nytt med passordet ditt" line under each private
row (vague — full re-login replaces the cookie too)
- A raw "not_logged_in" Error.message on saving a private activity
- Export silently dropping every private row from the file
New UnlockBanner.svelte mounts unconditionally in App.svelte and
renders only when session.user is set but session.dek is null. It
takes the password inline and runs the existing login() flow — same
challenge/derive/unwrap path — so the existing wrapped DEK is
recovered and all the user's private ciphertexts stay readable.
Replacing the cookie as a side effect is fine.
Polished a few other DEK-missing paths:
- ActivityRow's private branch now says "Lås opp øverst på siden"
instead of "Logg inn på nytt"
- ActivityForm has a pre-flight check before submit + a friendly
catch for the internal dek_missing sentinel
- Profile's "Last ned eksport" refuses early with a "lås opp"
pointer instead of producing a quietly truncated export
|
||
|---|---|---|
| .. | ||
| public | ||
| src | ||
| index.html | ||
| svelte.config.js | ||
| tsconfig.json | ||
| vite.config.ts | ||