feat: Companion app config panel auth and mobile UI#29
Open
adityastic wants to merge 1 commit into
Open
Conversation
Serve the RBAC config through a one-time panel token so iframe WebViews can authenticate, and add responsive CSS for phones and the HA app. Co-authored-by: Cursor <cursoragent@cursor.com>
adityastic
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Serve the RBAC config through a one-time panel token so iframe WebViews can authenticate, and add responsive CSS for phones and the HA app. The config UI runs in an iframe, and mobile WebViews can’t read the parent Home Assistant session or localStorage the way a normal browser tab can.
This PR fixes that by serving the config through /api/rbac/panel with short-lived, one-time auth tokens injected server-side. A small script in the main HA frontend (iframe-auth-relay.js) requests those tokens and points the iframe at the authenticated URL. config.html has a lightweight bootstrap for the redirect, with a localStorage fallback on desktop.
It also fixes a reload bug where the sidebar panel and relay script disappeared after reloading the integration, and adds mobile.css (cursor did a pretty great job at generating the CSS for me) so the config UI is usable on phones with less overflow, round avatars, and layouts that fit narrow screens.