fix: cluster topology connect fails with NOAUTH when username is empty string

[alexey-temnikov]

Bug

When connecting to a discovered cluster node via the Cluster Topology page, clicking the power icon on any node other than the initially-connected one fails with a NOAUTH error.

Root Cause

In cluster-node.tsx, handleNodeConnect spreads credentials into the connection payload using:

// BEFORE (buggy)
...(primary.username && primary.password && {
  username: primary.username,
  password: await secureStorage.encrypt(primary.password),
}),

When username is "" (empty string) — which is the case for the ElastiCache default user — the expression short-circuits to false, so neither username nor password is included in the connectPending payload. The server then attempts an unauthenticated connection and receives NOAUTH.

Fix

Gate only on password presence and default username to "":

// AFTER (fixed)
...(primary.password && {
  username: primary.username ?? "",
  password: await secureStorage.encrypt(primary.password),
}),

Also includes a Dockerfile.app fix to install ca-certificates, required for TLS connections to ElastiCache.

---

How It Was Tested

Tested against a live AWS ElastiCache Valkey cluster (cluster-mode enabled, 6 shards × 3 nodes = 18 nodes, TLS enabled, auth user default with password).

Steps:

1. Connected to the first node (****:6379) with username default, password set, TLS enabled
2. Navigated to Cluster Topology — all 6 shards (18 nodes) discovered, 1 connected
3. Clicked the power icon on shard 0002-001

Before fix: NOAUTH error — connection failed
After fix: Dashboard loaded for 0002-001 — connection succeeded, zero console errors

The fix was verified on the deployed Docker container on EC2 (Amazon Linux 2023, t3.medium).