Secure first-loop control-plane auth and mount routing.

Protect the control-plane API with explicit bearer auth, add node-scoped registration/heartbeat credentials, and make export mount paths an explicit contract field so mount profiles stay correct across runtimes. Generated with [Devin](https://cli.devin.ai/docs) Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com>
2026-04-16 21:03:42 +00:00 · 2026-04-01 14:13:14 +00:00 · 2026-04-01 14:13:14 +00:00 · ed40da7326
commit ed40da7326
parent a7f85f4871
23 changed files with 3676 additions and 124 deletions
--- a/apps/nextcloud-app/lib/Controller/PageController.php
+++ b/apps/nextcloud-app/lib/Controller/PageController.php
@ -39,5 +39,21 @@ class PageController extends Controller {
 			],
 		);
 	}
-}

+	#[NoCSRFRequired]
+	#[NoAdminRequired]
+	#[OpenAPI(OpenAPI::SCOPE_IGNORE)]
+	#[FrontpageRoute(verb: 'GET', url: '/exports/{exportId}')]
+	public function showExport(string $exportId): TemplateResponse {
+		return new TemplateResponse(
+			Application::APP_ID,
+			'export',
+			[
+				'appName' => 'betterNAS Control Plane',
+				'controlPlaneUrl' => $this->controlPlaneConfig->getBaseUrl(),
+				'exportId' => $exportId,
+				'export' => $this->controlPlaneClient->fetchExport($exportId),
+			],
+		);
+	}
+}