Add token-based validation for authentication upload

Implemented token input for `/v1/auth/upload` API with global and instance-specific validation. Added token support to `auth_upload.html` form, refactored browser cookie handling, and improved instance page reload logic.

Author: luispater

internal/api/handlers.go

@@ -84,6 +84,34 @@ func (h *APIHandlers) validateAPIToken(c *gin.Context, instanceName string) bool
 	return false
 }
 
+// validateToken validates a token for the given instance
+func (h *APIHandlers) validateToken(token string, instanceName string) bool {
+	if token == "" {
+		return false
+	}
+
+	// Check global tokens first
+	for _, globalToken := range h.appConfig.Tokens {
+		if globalToken == token {
+			return true
+		}
+	}
+
+	// Check instance-specific tokens
+	for _, instance := range h.appConfig.Instance {
+		if instance.Name == instanceName {
+			for _, instanceToken := range instance.Tokens {
+				if instanceToken == token {
+					return true
+				}
+			}
+			break
+		}
+	}
+
+	return false
+}
+
 func (h *APIHandlers) TakeScreenshot(c *gin.Context) {
 	defer ScreenshotMutex.Unlock()
 	ScreenshotMutex.Lock()
@@ -403,8 +431,9 @@ func (h *APIHandlers) BrowserReload(c *gin.Context) {
 // AuthUpload handles the /v1/auth/upload endpoint
 func (h *APIHandlers) AuthUpload(c *gin.Context) {
 	var requestData struct {
-		Name string `json:"name" binding:"required"`
-		Auth string `json:"auth" binding:"required"`
+		Name  string `json:"name" binding:"required"`
+		Token string `json:"token" binding:"required"`
+		Auth  string `json:"auth" binding:"required"`
 	}
 
 	if err := c.ShouldBindJSON(&requestData); err != nil {
@@ -426,6 +455,12 @@ func (h *APIHandlers) AuthUpload(c *gin.Context) {
 		return
 	}
 
+	// Validate the token
+	if !h.validateToken(requestData.Token, requestData.Name) {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid verification token", "code": 401})
+		return
+	}
+
 	// Validate the auth JSON format
 	var authInfo chrome.AuthInfo
 	if err := json.Unmarshal([]byte(requestData.Auth), &authInfo); err != nil {
@@ -463,12 +498,20 @@ func (h *APIHandlers) AuthUpload(c *gin.Context) {
 
 	// Navigate to the instance URL
 	pageCtx := page.GetContext()
+	err = chrome.ClearCookies(pageCtx)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("Failed to load auth info: %v", err), "code": 500})
+		return
+	}
+	page.Close()
 
-	err = chrome.LoadAuthInfo(pageCtx, instanceConfig.URL, instanceConfig.Auth.File)
+	page, err = h.pages[instanceConfig.Name].GetBrowserManager().NewPage(instanceConfig.URL, instanceConfig.Adapter, instanceConfig.Auth.File)
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("Failed to load auth info: %v", err), "code": 500})
 		return
 	}
+	h.pages[instanceConfig.Name] = page
+	pageCtx = page.GetContext()
 
 	if err = chromedp.Run(pageCtx, chromedp.Navigate(instanceConfig.URL)); err != nil {
 		c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("Failed to reload page: %v", err), "code": 500})

internal/browser/chrome/manager.go

@@ -136,7 +136,7 @@ func (m *Manager) NewPage(url, adapterName, authFile string) (*Page, error) {
 		sniffURL = append(sniffURL, m.appConfig.Instance[i].SniffURL...)
 	}
 
-	return NewPage(m.browserCtx, adapterName, url, authFile, sniffURL)
+	return NewPage(m, adapterName, url, authFile, sniffURL)
 }
 
 func (m *Manager) Close() error {
@@ -207,6 +207,22 @@ func GetCookies(pageCtx context.Context) ([]*network.Cookie, error) {
 	return cookies, nil
 }
 
+func ClearCookies(pageCtx context.Context) error {
+	var err error
+	err = chromedp.Run(pageCtx, chromedp.ActionFunc(func(ctx context.Context) error {
+		err = network.ClearBrowserCookies().Do(ctx)
+		if err != nil {
+			return err
+		}
+		return nil
+	}))
+
+	if err != nil {
+		return fmt.Errorf("failed to clear cookies: %w", err)
+	}
+	return nil
+}
+
 // ClearBrowserCache clears the browser cache.
 func (m *Manager) ClearBrowserCache() error {
 	if m.browserCtx == nil {

internal/browser/chrome/page.go

@@ -22,6 +22,7 @@ import (
 )
 
 type Page struct {
+	manager      *Manager
 	ctx          context.Context
 	cancel       context.CancelFunc
 	queue        *utils.Queue[*AIResponse]
@@ -30,14 +31,16 @@ type Page struct {
 	URL          string
 }
 
-func NewPage(browserCtx context.Context, adapterName string, url string, authFilePath string, sniffURLs ...[]string) (*Page, error) {
+func NewPage(manager *Manager, adapterName string, url string, authFilePath string, sniffURLs ...[]string) (*Page, error) {
 	var sniffURL []string
 	if len(sniffURLs) > 0 {
 		sniffURL = sniffURLs[0]
 	} else {
 		sniffURL = make([]string, 0)
 	}
 
+	browserCtx := manager.browserCtx
+
 	if browserCtx == nil {
 		return nil, fmt.Errorf("browser context not initialized. Call LaunchBrowserAndContext first")
 	}
@@ -162,6 +165,7 @@ func NewPage(browserCtx context.Context, adapterName string, url string, authFil
 	log.Debugf("New Chromedp page (targetID: %s) created.", newTargetID)
 
 	return &Page{
+		manager:     manager,
 		ctx:         newPageCtx,
 		cancel:      newPageCancel,
 		queue:       queue,
@@ -182,6 +186,10 @@ func (p *Page) ResponseData() (*adapter.AdapterResponse, error) {
 	return nil, fmt.Errorf("adapter %s not found", p.adapterName)
 }
 
+func (p *Page) GetBrowserManager() *Manager {
+	return p.manager
+}
+
 func (p *Page) GetContext() context.Context {
 	return p.ctx
 }

internal/html/auth_upload.html

@@ -214,6 +214,14 @@ <h1>🔐 Auth Upload</h1>
                 </select>
             </div>
 
+            <div class="form-group">
+                <label for="tokenInput">Verification Token:</label>
+                <input type="password" id="tokenInput" class="form-control" placeholder="Enter your verification token" required>
+                <small style="color: #666; font-size: 0.9rem; margin-top: 5px; display: block;">
+                    Enter a global token or instance-specific token for authentication
+                </small>
+            </div>
+
             <div class="form-group">
                 <label for="authFile">Authentication JSON File:</label>
                 <div class="file-upload-wrapper">
@@ -318,9 +326,11 @@ <h1>🔐 Auth Upload</h1>
         function setupForm() {
             const form = document.getElementById('uploadForm');
             const instanceSelect = document.getElementById('instanceSelect');
-            
+            const tokenInput = document.getElementById('tokenInput');
+
             instanceSelect.addEventListener('change', updateSubmitButton);
-            
+            tokenInput.addEventListener('input', updateSubmitButton);
+
             form.addEventListener('submit', async function(e) {
                 e.preventDefault();
                 await uploadAuth();
@@ -329,23 +339,26 @@ <h1>🔐 Auth Upload</h1>
 
         function updateSubmitButton() {
             const instanceSelect = document.getElementById('instanceSelect');
+            const tokenInput = document.getElementById('tokenInput');
             const fileInput = document.getElementById('authFile');
             const submitButton = document.getElementById('submitButton');
-            
+
             const hasInstance = instanceSelect.value !== '';
+            const hasToken = tokenInput.value.trim() !== '';
             const hasFile = fileInput.files.length > 0;
-            
-            submitButton.disabled = !(hasInstance && hasFile);
+
+            submitButton.disabled = !(hasInstance && hasToken && hasFile);
         }
 
         async function uploadAuth() {
             const instanceSelect = document.getElementById('instanceSelect');
+            const tokenInput = document.getElementById('tokenInput');
             const fileInput = document.getElementById('authFile');
             const loading = document.getElementById('loading');
             const submitButton = document.getElementById('submitButton');
-            
-            if (!instanceSelect.value || !fileInput.files[0]) {
-                showMessage('Please select an instance and choose a file.', 'error');
+
+            if (!instanceSelect.value || !tokenInput.value.trim() || !fileInput.files[0]) {
+                showMessage('Please select an instance, enter a token, and choose a file.', 'error');
                 return;
             }
 
@@ -358,7 +371,7 @@ <h1>🔐 Auth Upload</h1>
                 // Read file content
                 const file = fileInput.files[0];
                 const fileContent = await readFileAsText(file);
-                
+
                 // Validate JSON
                 let authData;
                 try {
@@ -375,6 +388,7 @@ <h1>🔐 Auth Upload</h1>
                     },
                     body: JSON.stringify({
                         name: instanceSelect.value,
+                        token: tokenInput.value.trim(),
                         auth: fileContent
                     })
                 });
@@ -385,6 +399,7 @@ <h1>🔐 Auth Upload</h1>
                     showMessage('Authentication uploaded successfully!', 'success');
                     // Reset form
                     instanceSelect.value = '';
+                    tokenInput.value = '';
                     fileInput.value = '';
                     document.querySelector('.upload-text').textContent = 'Choose JSON file or drag & drop here';
                     document.querySelector('.file-upload-button').classList.remove('has-file');