feat(secrets-mcp): public home at /, login at /login (0.2.2)

Bump secrets-mcp to 0.2.2 and sync Cargo.lock. Add home.html landing with SEO and footer link to the refining/secrets repository; serve it at / and expose /login for sign-in. Update OAuth error redirects and dashboard unauthenticated redirects to /login. Improve login page meta tags, back-home link, and OAuth error alert. Refresh llms.txt and robots.txt. Made-with: Cursor
2026-03-22 16:11:59 +08:00
parent 1e597559a2
commit 719bdd7e08
7 changed files with 383 additions and 18 deletions
--- a/crates/secrets-mcp/src/web.rs
+++ b/crates/secrets-mcp/src/web.rs
@@ -39,6 +39,15 @@ const SESSION_LOGIN_PROVIDER: &str = "login_provider";
 #[template(path = "login.html")]
 struct LoginTemplate {
    has_google: bool,
+    base_url: String,
+    version: &'static str,
+}
+
+#[derive(Template)]
+#[template(path = "home.html")]
+struct HomeTemplate {
+    is_logged_in: bool,
+    base_url: String,
    version: &'static str,
 }

@@ -134,7 +143,8 @@ pub fn web_router() -> Router<AppState> {
            "/.well-known/oauth-protected-resource",
            get(oauth_protected_resource_metadata),
        )
-        .route("/", get(login_page))
+        .route("/", get(home_page))
+        .route("/login", get(login_page))
        .route("/auth/google", get(auth_google))
        .route("/auth/google/callback", get(auth_google_callback))
        .route("/auth/logout", post(auth_logout))
@@ -188,6 +198,21 @@ async fn favicon_svg() -> Response {
        .expect("favicon response")
 }

+// ── Home page (public) ───────────────────────────────────────────────────────
+
+async fn home_page(
+    State(state): State<AppState>,
+    session: Session,
+) -> Result<Response, StatusCode> {
+    let is_logged_in = current_user_id(&session).await.is_some();
+    let tmpl = HomeTemplate {
+        is_logged_in,
+        base_url: state.base_url.clone(),
+        version: env!("CARGO_PKG_VERSION"),
+    };
+    render_template(tmpl)
+}
+
 // ── Login page ────────────────────────────────────────────────────────────────

 async fn login_page(
@@ -200,6 +225,7 @@ async fn login_page(

    let tmpl = LoginTemplate {
        has_google: state.google_config.is_some(),
+        base_url: state.base_url.clone(),
        version: env!("CARGO_PKG_VERSION"),
    };
    render_template(tmpl)
@@ -282,16 +308,16 @@ where
 {
    if let Some(err) = params.error {
        tracing::warn!(provider, error = %err, "OAuth error");
-        return Ok(Redirect::to("/?error=oauth_error").into_response());
+        return Ok(Redirect::to("/login?error=oauth_error").into_response());
    }

    let Some(code) = params.code else {
        tracing::warn!(provider, "OAuth callback missing code");
-        return Ok(Redirect::to("/?error=oauth_missing_code").into_response());
+        return Ok(Redirect::to("/login?error=oauth_missing_code").into_response());
    };
    let Some(returned_state) = params.state.as_deref() else {
        tracing::warn!(provider, "OAuth callback missing state");
-        return Ok(Redirect::to("/?error=oauth_missing_state").into_response());
+        return Ok(Redirect::to("/login?error=oauth_missing_state").into_response());
    };

    let expected_state: Option<String> = session.get(SESSION_OAUTH_STATE).await.map_err(|e| {
@@ -304,7 +330,7 @@ where
            expected_present = expected_state.is_some(),
            "OAuth state mismatch (empty session often means SameSite=Strict or server restart)"
        );
-        return Ok(Redirect::to("/?error=oauth_state").into_response());
+        return Ok(Redirect::to("/login?error=oauth_state").into_response());
    }
    if let Err(e) = session.remove::<String>(SESSION_OAUTH_STATE).await {
        tracing::warn!(provider, error = %e, "failed to remove oauth_state from session");
@@ -430,7 +456,7 @@ async fn dashboard(
    session: Session,
 ) -> Result<Response, StatusCode> {
    let Some(user_id) = current_user_id(&session).await else {
-        return Ok(Redirect::to("/").into_response());
+        return Ok(Redirect::to("/login").into_response());
    };

    let user = match get_user_by_id(&state.pool, user_id).await.map_err(|e| {
@@ -438,7 +464,7 @@ async fn dashboard(
        StatusCode::INTERNAL_SERVER_ERROR
    })? {
        Some(u) => u,
-        None => return Ok(Redirect::to("/").into_response()),
+        None => return Ok(Redirect::to("/login").into_response()),
    };

    let tmpl = DashboardTemplate {
@@ -457,7 +483,7 @@ async fn audit_page(
    session: Session,
 ) -> Result<Response, StatusCode> {
    let Some(user_id) = current_user_id(&session).await else {
-        return Ok(Redirect::to("/").into_response());
+        return Ok(Redirect::to("/login").into_response());
    };

    let user = match get_user_by_id(&state.pool, user_id).await.map_err(|e| {
@@ -465,7 +491,7 @@ async fn audit_page(
        StatusCode::INTERNAL_SERVER_ERROR
    })? {
        Some(u) => u,
-        None => return Ok(Redirect::to("/").into_response()),
+        None => return Ok(Redirect::to("/login").into_response()),
    };

    let rows = list_for_user(&state.pool, user_id, 100)