Lock screen

[Zac0511]

Puter should have a lock screen that is shown when Puter starts (if the user already haves an account). It could show the current time, and a little "log in" button which open the user's desktop (since he's already logged in)

[KernelDeimos]

This is going to be a little bit complicated. We could add a lock screen that just covers Puter, but then someone clever could use inspect element and gain access. Of course this will be a relatively rare situation, but we don't want to give people a false promise of security that isn't there. I'm going to write some thoughts here on how we might do this.

We could do the following:

• invalidate all the app tokens, and the user's current token
• display the lock screen
• provide apps with a new token when they log back in

In this way it's basically a "logout" but your apps stay open. I'm not yet sure if this is a regression for apps using puter.js. On one hand, apps don't currently expect to lose access. On the other hand, the permission system is not meant to make any promise that an app keeps all of its permissions all the time.

2FA might be an issue. I don't know if there's a secure way to allow unlocking without also requiring a user to do 2FA again if they have it enabled.

[jelveh]

This is very complicated for now. I love the idea but I consider it out of scope for now. Thanks @Zac0511 for the great idea! one of many 😇