pi-kit/pikit-web/onboarding/index.html

<!doctype html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Welcome to your Pi-Kit</title>
    <link rel="stylesheet" href="/style.css?v=2" />
  </head>
  <body>
    <main class="card">
      <header>
        <div class="dot"></div>
        <h1>Welcome to your Pi-Kit</h1>
      </header>

      <p class="welcome">Great news — you’re already on your Pi-Kit and it’s responding.</p>
      <div class="status-row" aria-live="polite">
        <span class="status-chip" id="statusChip">You’re on HTTP — trust the CA or continue to HTTPS.</span>
      </div>
      <p class="subtle">
        Everything stays on your local network. Let’s move you to the secure (HTTPS) dashboard so you
        can manage Pi-Kit safely.
      </p>

      <section class="steps">
        <h3>Why switch to HTTPS?</h3>
        <ul>
          <li>Encrypts traffic on your LAN so no one can snoop your Pi-Kit dashboard.</li>
          <li>Stops mixed-content / “not secure” browser warnings.</li>
          <li>Needed for some browser features (clipboard, notifications, service workers).</li>
        </ul>
      </section>

      <section class="steps">
        <h3>If you see a warning</h3>
        <ul>
          <li>Brave/Chrome: click <strong>Advanced</strong> → <strong>Proceed</strong>.</li>
          <li>Firefox: click <strong>Advanced</strong> → <strong>Accept the Risk & Continue</strong>.</li>
        </ul>
        <p>This warning is expected the first time. It’s safe for your own Pi on your own network.</p>
      </section>

      <section class="steps">
        <h3>Install the Pi-Kit CA (recommended, one-time)</h3>
        <div class="ca-download">
          <p>This removes future warnings for the Pi-Kit dashboard.</p>
          <a class="ghost download-inline" id="downloadCa" href="http://pikit.local/assets/pikit-ca.crt" download>
            Download Pi-Kit CA
          </a>
        </div>
        <p class="checksum">SHA256: <code class="inline">6bc217c340e502ef20117bd4dc35e05f9f16c562cc3a236d3831a9947caddb97</code></p>
        <details>
          <summary id="win">Windows</summary>
          <p>Run <strong>mmc</strong> → Add/Remove Snap-in → Certificates (Computer) → Trusted Root CAs → Import <em>pikit-ca.crt</em>.</p>
        </details>
        <details>
          <summary id="mac">macOS</summary>
          <p>Double-click <em>pikit-ca.crt</em> → Always Trust.</p>
        </details>
        <details>
          <summary id="arch">Linux (Arch / Manjaro / Garuda, etc.)</summary>
          <code id="archCmd">curl -s http://pikit.local/assets/pikit-ca.crt -o /tmp/pikit-ca.crt && sudo install -m644 /tmp/pikit-ca.crt /etc/ca-certificates/trust-source/anchors/ && sudo trust extract-compat</code>
          <button class="copy" data-target="archCmd">Copy</button>
        </details>
        <details>
          <summary id="deb">Linux (Debian / Ubuntu)</summary>
          <code id="debCmd">curl -s http://pikit.local/assets/pikit-ca.crt -o /tmp/pikit-ca.crt && sudo cp /tmp/pikit-ca.crt /usr/local/share/ca-certificates/pikit-ca.crt && sudo update-ca-certificates</code>
          <button class="copy" data-target="debCmd">Copy</button>
        </details>
        <details>
          <summary id="fedora">Linux (Fedora)</summary>
          <code id="fedoraCmd">curl -s http://pikit.local/assets/pikit-ca.crt -o /tmp/pikit-ca.crt && sudo cp /tmp/pikit-ca.crt /etc/pki/ca-trust/source/anchors/pikit-ca.crt && sudo update-ca-trust</code>
          <button class="copy" data-target="fedoraCmd">Copy</button>
        </details>
        <details>
          <summary id="bsd">BSD (FreeBSD / OpenBSD)</summary>
          <code id="bsdCmd">fetch -o /tmp/pikit-ca.crt http://pikit.local/assets/pikit-ca.crt && sudo install -m644 /tmp/pikit-ca.crt /usr/local/share/certs/pikit-ca.crt && sudo certctl rehash</code>
          <button class="copy" data-target="bsdCmd">Copy</button>
        </details>
        <div id="copyStatus" class="copy-status" aria-live="polite"></div>
      </section>

      
      <section class="actions">
        <button id="continueBtn">Go to secure dashboard</button>
      </section>

      <section class="qr-wrap">
        <div class="qr-block">
          <div>
            <p class="qr-title">Use your phone</p>
            <p class="subtle tiny">Scan to open https://pikit.local</p>
          </div>
          <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAALQAAAC0CAYAAAA9zQYyAAAAAklEQVR4AewaftIAAAVgSURBVO3BMWol3Q5G0W1xAwcddioEmv+YBEITeeFL6jTUpdr+rf7W+uDz129EljBEFjFEFjFEFjFEFjFEFjFEFnnxJ9XDT5XhXKkenpbhXKkeTjKck+rhrgznrurhp8pwLhgiixgiixgiixgiixgiixgii7x4V4bz3aqHn6p6OMlwrlQPJ9XDlQznHRnOd6sebjJEFjFEFjFEFjFEFjFEFjFEFnnxN1QPT8lwvkqG847q4UqGs0318KQM50GGyCKGyCKGyCKGyCKGyCIv5P+qhydVDycZzkn1cFeGIxgiixgiixgiixgiixgiixgii7yQ/8tw3lE9XMlwTqoHeZwhsoghsoghsoghsoghssiLvyHD+a/KcE6qhydVD1+leriS4Twpw/kPM0QWMUQWMUQWMUQWMUQWMUQWefGu6uEnqh5OMpyT6uEkw7lSPZxkOCfVw5UM56R6eFL18AMZIosYIosYIosYIosYIosYIou8+JMM519SPZxkOCfVw5UM56R6OMlwvkKGs4whsoghsoghsoghsoghssiLd1UPd2U4J9XDlQznpHq4K8N5R/XwpAznpHr4CtXDSYZzpXr4L8hwLhgiixgiixgiixgiixgiixgii3zw+es3J9XDSYZzV/VwkuE8qXq4kuGcVA/vyHCuVA8nGc6TqocnZTjfrXo4yXAuGCKLGCKLGCKLGCKLGCKLGOIfX4bz/UB18yXAuVA8nmU4J9XDkwznVGf4IIbI IobI IobI IobI IobyIjP8nw3pUPTxNcK5UD2cZzkn1cFeGcxgiixgiixgiixgiixgiixgii7w4R/Xw1OU4J9VDycZTmn1cFeGcxgiixgiixgiixgiixgiixgii7xwR/Xw1OU4J9VDycZTmn1cF eAIrGCKLGCKLGCKLGCKLGCKLvHgXhuf9IHq4yXCuVA9nmU4J9XDkwznVGf4IIbI IobI IobI IobI IobyIjv+Q/6tw3lE9XMlwTqoHeZwhsoghsoghsoghsoghssiLvyHD+a/KcE6qhydVD0/lXhXKyR6eluFcqR5OMpyT6uGuDOeu6uGnynAuGCKLGCKLGCKLGCKLGCKLGCIL/ADzYO+b5TgVYwAAAABJRU5ErkJggg==" alt="QR code to https://pikit.local" />
        </div>
      </section>


      <p class="footnote">Once trusted, this page will auto-forward you to the secure dashboard.</p>
      <p class="footnote">If the hostname ever fails, try http://&lt;pi-ip&gt;/ (or https://&lt;pi-ip&gt;/ — your browser will show the same warning to bypass).</p>
    </main>

    <script>
      (function () {
        const target = `https://${location.hostname}`;
        const hasCookie = document.cookie.includes("pikit_https_ok=1");
        const statusChip = document.getElementById("statusChip");
        const copyStatus = document.getElementById("copyStatus");

        document.getElementById("continueBtn").addEventListener("click", () => {
          window.location = target;
        });

        document.querySelectorAll(".copy").forEach((btn) => {
          btn.addEventListener("click", async () => {
            const id = btn.dataset.target;
            const el = document.getElementById(id);
            const text = el.textContent.trim();
            try {
              if (navigator.clipboard && window.isSecureContext) {
                await navigator.clipboard.writeText(text);
              } else {
                const ta = document.createElement("textarea");
                ta.value = text;
                ta.style.position = "fixed";
                ta.style.opacity = "0";
                document.body.appendChild(ta);
                ta.select();
                document.execCommand("copy");
                document.body.removeChild(ta);
              }
              btn.textContent = "Copied";
              copyStatus.textContent = "Copied to clipboard.";
              setTimeout(() => {
                btn.textContent = "Copy";
                copyStatus.textContent = "";
              }, 1600);
            } catch (err) {
              btn.textContent = "Failed";
              copyStatus.textContent = "Copy failed. Try manual copy.";
              setTimeout(() => (btn.textContent = "Copy"), 1500);
            }
          });
        });

        // Accordion: keep only one platform section open at a time
        const detailBlocks = Array.from(document.querySelectorAll("details"));
        detailBlocks.forEach((d) => {
          d.addEventListener("toggle", () => {
            if (!d.open) return;
            detailBlocks.forEach((other) => {
              if (other !== d) other.removeAttribute("open");
            });
          });
        });

        // Auto-open matching OS section
        const ua = (navigator.userAgent || "").toLowerCase();
        const platform = (navigator.platform || "").toLowerCase();
        const openOne = (id) => {
          const el = document.getElementById(id)?.parentElement;
          if (el && el.tagName === "DETAILS") {
            el.setAttribute("open", "");
            detailBlocks.forEach((other) => {
              if (other !== el) other.removeAttribute("open");
            });
          }
        };
        const has = (s) => ua.includes(s) || platform.includes(s);
        if (has("windows")) openOne("win");
        else if (has("mac")) openOne("mac");
        else if (has("arch") || has("manjaro") || has("garuda")) openOne("arch");
        else if (has("fedora") || has("centos") || has("rhel")) openOne("fedora");
        else if (has("ubuntu") || has("debian") || has("mint")) openOne("deb");
        else if (has("bsd")) openOne("bsd");
        else if (has("linux")) openOne("deb");

        if (hasCookie) {
          statusChip.textContent = "HTTPS trusted — redirecting…";
          window.location = target;
        } else {
          statusChip.textContent = "You’re on HTTP — trust the CA or click Go to secure dashboard.";
        }
      })();
    </script>
  </body>
</html>