feat(studio): registry credentials panel in Settings (v0.44.0)

The hub install path now reads `~/.fai/registry-token` as a
fallback when `FAI_REGISTRY_TOKEN` is unset (platform v0.10.92).
Studio now writes that file directly: a fresh operator pastes
the PAT into Settings → Registry credentials, hits Save, and
the next install attempt resolves the auth wall without any
shell or env-var setup.

The token never round-trips back into Studio after save —
status is shown only as "Configured (40 chars)" / "Not set"
with no display of the secret itself. The Clear action deletes
the file. On Unix the file is chmod-ed to 0600 (owner-only
read/write); Windows leaves the default user ACL in place.

Storage is strictly local: `~/.fai/registry-token`, never sent
to a remote service. The hint text under the field says so to
make the data flow explicit.

Signed-off-by: flemming-it <stefan.a.flemming@googlemail.com>
This commit is contained in:
flemming-it 2026-05-09 13:38:47 +02:00
parent 01f3f773cf
commit 878f0a4e28
8 changed files with 464 additions and 6 deletions

View file

@ -433,6 +433,22 @@
"@flowsOpenInEditorFailed": {
"placeholders": { "error": { "type": "String" } }
},
"registryCredentialsHeader": "REGISTRY-ZUGANGSDATEN",
"registryCredentialsBlurb": "Token zum Herunterladen von .fai-Modulen aus einer Registry mit Anmeldepflicht (Forgejo, private GitHub-Repos). Gespeichert in ~/.fai/registry-token, Modus 0600. Die Umgebungsvariable FAI_REGISTRY_TOKEN hat weiterhin Vorrang, wenn gesetzt.",
"registryTokenStatusConfigured": "Konfiguriert ({chars} Zeichen)",
"@registryTokenStatusConfigured": { "placeholders": { "chars": { "type": "int" } } },
"registryTokenStatusNotSet": "Nicht gesetzt",
"registryTokenFieldLabel": "Token",
"registryTokenFieldHint": "Forgejo- oder GitHub-PAT einfügen",
"registryTokenSaveButton": "Speichern",
"registryTokenClearButton": "Entfernen",
"registryTokenStorageHint": "Lokal gespeichert in ~/.fai/registry-token. Wird nie an einen Remote-Dienst übertragen.",
"registryTokenSavedToast": "Registry-Token gespeichert.",
"registryTokenClearedToast": "Registry-Token entfernt.",
"registryTokenSaveFailedToast": "Speichern fehlgeschlagen: {error}",
"@registryTokenSaveFailedToast": {
"placeholders": { "error": { "type": "String" } }
},
"welcomeChecklistAllSetTitle": "Du bist eingerichtet.",
"welcomeChecklistAllSetBody": "Drei Stränge, an denen du als nächstes ziehen kannst:",
"welcomeChecklistNextAuditTitle": "Audit-Log lesen",