Can't log in from a fresh LXC deploy, and the service is LAN-only by
design. Rip out the whole bcrypt-password / signed-cookie session
layer: internal/auth, login templates, gen-admin-password binary +
Makefile targets, auth config block, login/logout routes and the
RequireSession middleware wrap. Agent bearer-token auth on
/api/v1/runs/{id}/* is untouched.
Operators who want a password can front the service with a reverse
proxy — noted in README and docs/operations.md.
This commit is contained in:
@@ -28,14 +28,6 @@ agent: ## Build agent for host OS (handy for unit testing only — real agent ru
|
||||
agent-linux: ## Cross-build agent for linux-amd64 (consumed by live-image build)
|
||||
$(GOOS_LINUX) go build -ldflags="$(LDFLAGS)" -o bin/vetting-agent.linux-amd64 ./cmd/vetting-agent
|
||||
|
||||
.PHONY: gen-admin-password
|
||||
gen-admin-password: ## Build the bcrypt password generator
|
||||
go build -o bin/gen-admin-password$(if $(filter Windows%,$(UNAME_S)),.exe,) ./tools/gen-admin-password
|
||||
|
||||
.PHONY: gen-admin-password-linux
|
||||
gen-admin-password-linux: ## Cross-build the bcrypt password generator for linux-amd64
|
||||
$(GOOS_LINUX) go build -ldflags="$(LDFLAGS)" -o bin/gen-admin-password-linux-amd64 ./tools/gen-admin-password
|
||||
|
||||
.PHONY: tidy
|
||||
tidy: ## go mod tidy
|
||||
go mod tidy
|
||||
@@ -68,7 +60,7 @@ endif
|
||||
$(MAKE) -C live-image all
|
||||
|
||||
.PHONY: all
|
||||
all: orchestrator agent gen-admin-password ## Build everything buildable on host OS
|
||||
all: orchestrator agent ## Build everything buildable on host OS
|
||||
|
||||
.PHONY: run
|
||||
run: orchestrator ## Build and run orchestrator with example config
|
||||
|
||||
Reference in New Issue
Block a user