prefill username in login

2026-02-06 18:10:32 +00:00 · 2026-02-05 16:55:00 -08:00
10 changed files with 366 additions and 322 deletions
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -97,7 +97,7 @@
    "siteGeneralDescription": "Allgemeine Einstellungen für diesen Standort konfigurieren",
    "siteSettingDescription": "Standorteinstellungen konfigurieren",
    "siteSetting": "{siteName} Einstellungen",
-    "siteNewtTunnel": "Newt Standort (empfohlen)",
+    "siteNewtTunnel": "Neuer Standort (empfohlen)",
    "siteNewtTunnelDescription": "Einfachster Weg, einen Einstiegspunkt in jedes Netzwerk zu erstellen. Keine zusätzliche Einrichtung.",
    "siteWg": "Einfacher WireGuard Tunnel",
    "siteWgDescription": "Verwende jeden WireGuard-Client, um einen Tunnel einzurichten. Manuelles NAT-Setup erforderlich.",
@@ -107,7 +107,7 @@
    "siteSeeAll": "Alle Standorte anzeigen",
    "siteTunnelDescription": "Legen Sie fest, wie Sie sich mit dem Standort verbinden möchten",
    "siteNewtCredentials": "Zugangsdaten",
-    "siteNewtCredentialsDescription": "So wird sich der Standort mit dem Server authentifizieren",
+    "siteNewtCredentialsDescription": "So wird sich die Seite mit dem Server authentifizieren",
    "remoteNodeCredentialsDescription": "So wird sich der entfernte Node mit dem Server authentifizieren",
    "siteCredentialsSave": "Anmeldedaten speichern",
    "siteCredentialsSaveDescription": "Du kannst das nur einmal sehen. Stelle sicher, dass du es an einen sicheren Ort kopierst.",
@@ -2503,7 +2503,7 @@
    "deviceModel": "Gerätemodell",
    "serialNumber": "Seriennummer",
    "hostname": "Hostname",
-    "firstSeen": "Zuerst gesehen",
+    "firstSeen": "Erster Blick",
    "lastSeen": "Zuletzt gesehen",
    "biometricsEnabled": "Biometrie aktiviert",
    "diskEncrypted": "Festplatte verschlüsselt",
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -60,32 +60,32 @@
        "@radix-ui/react-tabs": "1.1.13",
        "@radix-ui/react-toast": "1.2.15",
        "@radix-ui/react-tooltip": "1.2.8",
-        "@react-email/components": "1.0.7",
-        "@react-email/render": "2.0.4",
-        "@react-email/tailwind": "2.0.4",
+        "@react-email/components": "1.0.2",
+        "@react-email/render": "2.0.0",
+        "@react-email/tailwind": "2.0.2",
        "@simplewebauthn/browser": "13.2.2",
        "@simplewebauthn/server": "13.2.2",
        "@tailwindcss/forms": "0.5.11",
-        "@tanstack/react-query": "5.90.20",
+        "@tanstack/react-query": "5.90.12",
        "@tanstack/react-table": "8.21.3",
        "arctic": "3.7.0",
-        "axios": "1.13.4",
+        "axios": "1.13.2",
        "better-sqlite3": "11.9.1",
        "canvas-confetti": "1.9.4",
        "class-variance-authority": "0.7.1",
        "clsx": "2.1.1",
        "cmdk": "1.1.1",
        "cookie-parser": "1.4.7",
-        "cors": "2.8.6",
+        "cors": "2.8.5",
        "crypto-js": "4.2.0",
        "d3": "7.9.0",
        "date-fns": "4.1.0",
        "drizzle-orm": "0.45.1",
        "eslint": "9.39.2",
-        "eslint-config-next": "16.1.6",
+        "eslint-config-next": "16.1.0",
        "express": "5.2.1",
        "express-rate-limit": "8.2.1",
-        "glob": "13.0.1",
+        "glob": "13.0.0",
        "helmet": "8.1.0",
        "http-errors": "2.0.1",
        "input-otp": "1.4.2",
@@ -94,7 +94,7 @@
        "js-yaml": "4.1.1",
        "jsonwebtoken": "9.0.3",
        "lucide-react": "0.562.0",
-        "maxmind": "5.0.5",
+        "maxmind": "5.0.1",
        "moment": "2.30.1",
        "next": "15.5.9",
        "next-intl": "4.7.0",
@@ -106,16 +106,16 @@
        "pg": "8.17.1",
        "posthog-node": "5.23.0",
        "qrcode.react": "4.2.0",
-        "react": "19.2.4",
+        "react": "19.2.3",
        "react-day-picker": "9.13.0",
-        "react-dom": "19.2.4",
+        "react-dom": "19.2.3",
        "react-easy-sort": "1.8.0",
        "react-hook-form": "7.71.1",
        "react-icons": "5.5.0",
        "recharts": "2.15.4",
        "reodotdev": "1.0.0",
        "resend": "6.8.0",
-        "semver": "7.7.4",
+        "semver": "7.7.3",
        "stripe": "20.2.0",
        "swagger-ui-express": "5.0.1",
        "tailwind-merge": "3.4.0",
@@ -129,7 +129,7 @@
        "ws": "8.19.0",
        "yaml": "2.8.2",
        "yargs": "18.0.0",
-        "zod": "4.3.6",
+        "zod": "4.3.5",
        "zod-validation-error": "5.0.0"
    },
    "devDependencies": {
@@ -150,7 +150,7 @@
        "@types/nodemailer": "7.0.4",
        "@types/nprogress": "0.2.3",
        "@types/pg": "8.16.0",
-        "@types/react": "19.2.13",
+        "@types/react": "19.2.7",
        "@types/react-dom": "19.2.3",
        "@types/semver": "7.7.1",
        "@types/swagger-ui-express": "4.1.8",
--- a/server/routers/site/createSite.ts
+++ b/server/routers/site/createSite.ts
@@ -17,6 +17,7 @@ import { hashPassword } from "@server/auth/password";
 import { isValidIP } from "@server/lib/validators";
 import { isIpInCidr } from "@server/lib/ip";
 import { verifyExitNodeOrgAccess } from "#dynamic/lib/exitNodes";
+import { build } from "@server/build";

 const createSiteParamsSchema = z.strictObject({
    orgId: z.string()
@@ -258,19 +259,7 @@ export async function createSite(
        let newSite: Site;

        await db.transaction(async (trx) => {
-            if (type == "newt") {
-                [newSite] = await trx
-                    .insert(sites)
-                    .values({
-                        orgId,
-                        name,
-                        niceId,
-                        address: updatedAddress || null,
-                        type,
-                        dockerSocketEnabled: true
-                    })
-                    .returning();
-            } else if (type == "wireguard") {
+            if (type == "wireguard" || type == "newt") {
                // we are creating a site with an exit node (tunneled)
                if (!subnet) {
                    return next(
@@ -322,9 +311,11 @@ export async function createSite(
                        exitNodeId,
                        name,
                        niceId,
+                        address: updatedAddress || null,
                        subnet,
                        type,
-                        pubKey: pubKey || null
+                        dockerSocketEnabled: type == "newt",
+                        ...(pubKey && type == "wireguard" && { pubKey })
                    })
                    .returning();
            } else if (type == "local") {
--- a/src/app/auth/login/device/page.tsx
+++ b/src/app/auth/login/device/page.tsx
@@ -7,22 +7,35 @@ import { cache } from "react";
 export const dynamic = "force-dynamic";

 type Props = {
-    searchParams: Promise<{ code?: string }>;
+    searchParams: Promise<{ code?: string; user?: string }>;
 };

+function deviceRedirectSearchParams(params: {
+    code?: string;
+    user?: string;
+}): string {
+    const search = new URLSearchParams();
+    if (params.code) search.set("code", params.code);
+    if (params.user) search.set("user", params.user);
+    const q = search.toString();
+    return q ? `?${q}` : "";
+}
+
 export default async function DeviceLoginPage({ searchParams }: Props) {
    const user = await verifySession({ forceLogin: true });

    const params = await searchParams;
    const code = params.code || "";
+    const defaultUser = params.user;

    if (!user) {
-        const redirectDestination = code
-            ? `/auth/login/device?code=${encodeURIComponent(code)}`
-            : "/auth/login/device";
-        redirect(
-            `/auth/login?forceLogin=true&redirect=${encodeURIComponent(redirectDestination)}`
-        );
+        const redirectDestination = `/auth/login/device${deviceRedirectSearchParams({ code, user: params.user })}`;
+        const loginUrl = new URL("/auth/login", "http://x");
+        loginUrl.searchParams.set("forceLogin", "true");
+        loginUrl.searchParams.set("redirect", redirectDestination);
+        if (defaultUser) loginUrl.searchParams.set("user", defaultUser);
+        console.log("loginUrl", loginUrl.pathname + loginUrl.search);
+        redirect(loginUrl.pathname + loginUrl.search);
    }

    const userName = user
@@ -37,6 +50,7 @@ export default async function DeviceLoginPage({ searchParams }: Props) {
            userEmail={user?.email || ""}
            userName={userName}
            initialCode={code}
+            userQueryParam={defaultUser}
        />
    );
 }
--- a/src/app/auth/login/page.tsx
+++ b/src/app/auth/login/page.tsx
@@ -72,6 +72,8 @@ export default async function Page(props: {
        searchParams.redirect = redirectUrl;
    }

+    const defaultUser = searchParams.user as string | undefined;
+
    // Only use SmartLoginForm if NOT (OSS build OR org-only IdP enabled)
    const useSmartLogin =
        build === "saas" || (build === "enterprise" && env.flags.useOrgOnlyIdp);
@@ -151,6 +153,7 @@ export default async function Page(props: {
                            <SmartLoginForm
                                redirect={redirectUrl}
                                forceLogin={forceLogin}
+                                defaultUser={defaultUser}
                            />
                        </CardContent>
                    </Card>
@@ -165,6 +168,7 @@ export default async function Page(props: {
                        (build === "saas" || env.flags.useOrgOnlyIdp)
                    }
                    searchParams={searchParams}
+                    defaultUser={defaultUser}
                />
            )}

--- a/src/components/DashboardLoginForm.tsx
+++ b/src/components/DashboardLoginForm.tsx
@@ -29,6 +29,7 @@ type DashboardLoginFormProps = {
    searchParams?: {
        [key: string]: string | string[] | undefined;
    };
+    defaultUser?: string;
 };

 export default function DashboardLoginForm({
@@ -36,7 +37,8 @@ export default function DashboardLoginForm({
    idps,
    forceLogin,
    showOrgLogin,
-    searchParams
+    searchParams,
+    defaultUser
 }: DashboardLoginFormProps) {
    const router = useRouter();
    const { env } = useEnvContext();
@@ -75,6 +77,7 @@ export default function DashboardLoginForm({
                    redirect={redirect}
                    idps={idps}
                    forceLogin={forceLogin}
+                    defaultEmail={defaultUser}
                    onLogin={(redirectUrl) => {
                        if (redirectUrl) {
                            const safe = cleanRedirect(redirectUrl);
--- a/src/components/DeviceLoginForm.tsx
+++ b/src/components/DeviceLoginForm.tsx
@@ -55,12 +55,14 @@ type DeviceLoginFormProps = {
    userEmail: string;
    userName?: string;
    initialCode?: string;
+    userQueryParam?: string;
 };

 export default function DeviceLoginForm({
    userEmail,
    userName,
-    initialCode = ""
+    initialCode = "",
+    userQueryParam
 }: DeviceLoginFormProps) {
    const router = useRouter();
    const { env } = useEnvContext();
@@ -219,9 +221,12 @@ export default function DeviceLoginForm({
            const currentSearch =
                typeof window !== "undefined" ? window.location.search : "";
            const redirectTarget = `/auth/login/device${currentSearch || ""}`;
-            router.push(
-                `/auth/login?forceLogin=true&redirect=${encodeURIComponent(redirectTarget)}`
-            );
+            const loginUrl = new URL("/auth/login", "http://x");
+            loginUrl.searchParams.set("forceLogin", "true");
+            loginUrl.searchParams.set("redirect", redirectTarget);
+            if (userQueryParam)
+                loginUrl.searchParams.set("user", userQueryParam);
+            router.push(loginUrl.pathname + loginUrl.search);
            router.refresh();
        }
    }
--- a/src/components/LoginForm.tsx
+++ b/src/components/LoginForm.tsx
@@ -54,6 +54,7 @@ type LoginFormProps = {
    idps?: LoginFormIDP[];
    orgId?: string;
    forceLogin?: boolean;
+    defaultEmail?: string;
 };

 export default function LoginForm({
@@ -61,7 +62,8 @@ export default function LoginForm({
    onLogin,
    idps,
    orgId,
-    forceLogin
+    forceLogin,
+    defaultEmail
 }: LoginFormProps) {
    const router = useRouter();

@@ -116,7 +118,7 @@ export default function LoginForm({
    const form = useForm({
        resolver: zodResolver(formSchema),
        defaultValues: {
-            email: "",
+            email: defaultEmail ?? "",
            password: ""
        }
    });
--- a/src/components/SmartLoginForm.tsx
+++ b/src/components/SmartLoginForm.tsx
@@ -1,6 +1,6 @@
 "use client";

-import { useState } from "react";
+import { useEffect, useRef, useState } from "react";
 import { useForm } from "react-hook-form";
 import { zodResolver } from "@hookform/resolvers/zod";
 import * as z from "zod";
@@ -42,6 +42,7 @@ const isValidEmail = (str: string): boolean => {
 type SmartLoginFormProps = {
    redirect?: string;
    forceLogin?: boolean;
+    defaultUser?: string;
 };

 type ViewState =
@@ -59,7 +60,8 @@ type ViewState =

 export default function SmartLoginForm({
    redirect,
-    forceLogin
+    forceLogin,
+    defaultUser
 }: SmartLoginFormProps) {
    const router = useRouter();
    const { lookup, loading, error } = useUserLookup();
@@ -72,10 +74,18 @@ export default function SmartLoginForm({
    const form = useForm<z.infer<typeof identifierSchema>>({
        resolver: zodResolver(identifierSchema),
        defaultValues: {
-            identifier: ""
+            identifier: defaultUser ?? ""
        }
    });

+    const hasAutoLookedUp = useRef(false);
+    useEffect(() => {
+        if (defaultUser?.trim() && !hasAutoLookedUp.current) {
+            hasAutoLookedUp.current = true;
+            void handleLookup({ identifier: defaultUser.trim() });
+        }
+    }, [defaultUser]);
+
    const handleLookup = async (values: z.infer<typeof identifierSchema>) => {
        const identifier = values.identifier.trim();
        const isEmail = isValidEmail(identifier);