fix: recognize claude auth token env

2026-06-03 02:55:39 +08:00 · 2026-06-02 14:18:32 +03:00
5 changed files with 9 additions and 72 deletions
--- a/index.html
+++ b/index.html
@@ -5,9 +5,6 @@
    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
    <link rel="icon" type="image/png" href="/favicon.png" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no, viewport-fit=cover" />
-    <link rel="preconnect" href="https://fonts.googleapis.com" />
-    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
-    <link href="https://fonts.googleapis.com/css2?family=Outfit:wght@400;500;600;700;800&display=swap" rel="stylesheet" />
    <title>CloudCLI UI</title>
    
    <!-- PWA Manifest -->
--- a/package-lock.json
+++ b/package-lock.json
@@ -39,7 +39,6 @@
        "cmdk": "^1.1.1",
        "cors": "^2.8.5",
        "cross-spawn": "^7.0.3",
-        "dompurify": "^3.4.7",
        "express": "^4.18.2",
        "fuse.js": "^7.0.0",
        "gray-matter": "^4.0.3",
@@ -4581,13 +4580,6 @@
        "@types/node": "*"
      }
    },
-    "node_modules/@types/trusted-types": {
-      "version": "2.0.7",
-      "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz",
-      "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==",
-      "license": "MIT",
-      "optional": true
-    },
    "node_modules/@types/unist": {
      "version": "3.0.3",
      "resolved": "https://registry.npmjs.org/@types/unist/-/unist-3.0.3.tgz",
@@ -7493,15 +7485,6 @@
        "node": ">=0.10.0"
      }
    },
-    "node_modules/dompurify": {
-      "version": "3.4.7",
-      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.4.7.tgz",
-      "integrity": "sha512-2jBxDJY4RR06tQNy4w5FlFH7kfxsQZlufd0sbv+chfHCxeJwrFw2baUDsSwvBISD4K4RDbd0PTfy3uNXsR6siA==",
-      "license": "(MPL-2.0 OR Apache-2.0)",
-      "optionalDependencies": {
-        "@types/trusted-types": "^2.0.7"
-      }
-    },
    "node_modules/dot-prop": {
      "version": "5.3.0",
      "resolved": "https://registry.npmjs.org/dot-prop/-/dot-prop-5.3.0.tgz",
--- a/package.json
+++ b/package.json
@@ -96,7 +96,6 @@
    "cmdk": "^1.1.1",
    "cors": "^2.8.5",
    "cross-spawn": "^7.0.3",
-    "dompurify": "^3.4.7",
    "express": "^4.18.2",
    "fuse.js": "^7.0.0",
    "gray-matter": "^4.0.3",
--- a/src/components/plugins/view/PluginIcon.tsx
+++ b/src/components/plugins/view/PluginIcon.tsx
@@ -1,6 +1,4 @@
 import { useState, useEffect } from 'react';
-import DOMPurify from 'dompurify';
-
 import { authenticatedFetch } from '../../../utils/api';

 type Props = {
@@ -12,48 +10,6 @@ type Props = {
 // Module-level cache so repeated renders don't re-fetch
 const svgCache = new Map<string, string>();

-const FORBIDDEN_SVG_TAGS = [
-  'script',
-  'foreignObject',
-  'iframe',
-  'object',
-  'embed',
-  'link',
-  'meta',
-  'style',
-  'animate',
-  'set',
-  'animateTransform',
-  'animateMotion',
-];
-
-const FORBIDDEN_SVG_ATTRS = [
-  'href',
-  'xlink:href',
-  'src',
-  'style',
-];
-
-function sanitizeSvg(svgText: string): string | null {
-  const sanitized = DOMPurify.sanitize(svgText, {
-    USE_PROFILES: { svg: true, svgFilters: true },
-    FORBID_TAGS: FORBIDDEN_SVG_TAGS,
-    FORBID_ATTR: FORBIDDEN_SVG_ATTRS,
-  });
-
-  if (!sanitized) return null;
-
-  try {
-    const doc = new DOMParser().parseFromString(sanitized, 'image/svg+xml');
-    const root = doc.documentElement;
-    if (!root || root.nodeName.toLowerCase() !== 'svg') return null;
-    if (doc.querySelector('parsererror')) return null;
-    return sanitized;
-  } catch {
-    return null;
-  }
-}
-
 export default function PluginIcon({ pluginName, iconFile, className }: Props) {
  const url = iconFile
    ? `/api/plugins/${encodeURIComponent(pluginName)}/assets/${encodeURIComponent(iconFile)}`
@@ -68,11 +24,9 @@ export default function PluginIcon({ pluginName, iconFile, className }: Props) {
        return r.text();
      })
      .then((text) => {
-        if (!text) return;
-        const sanitized = sanitizeSvg(text);
-        if (sanitized) {
-          svgCache.set(url, sanitized);
-          setSvg(sanitized);
+        if (text && text.trimStart().startsWith('<svg')) {
+          svgCache.set(url, text);
+          setSvg(text);
        }
      })
      .catch(() => {});
@@ -81,6 +35,10 @@ export default function PluginIcon({ pluginName, iconFile, className }: Props) {
  if (!svg) return <span className={className} />;

  return (
-    <span className={className} dangerouslySetInnerHTML={{ __html: svg }} />
+    <span
+      className={className}
+      // SVG is fetched from the user's own installed plugin — same trust level as the plugin code itself
+      dangerouslySetInnerHTML={{ __html: svg }}
+    />
  );
 }
--- a/src/index.css
+++ b/src/index.css
@@ -128,7 +128,7 @@
  
  body {
    @apply bg-background text-foreground;
-    font-family: "Outfit", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
+    font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
    margin: 0;
    padding: 0;
  }