Can't log in from a fresh LXC deploy, and the service is LAN-only by
design. Rip out the whole bcrypt-password / signed-cookie session
layer: internal/auth, login templates, gen-admin-password binary +
Makefile targets, auth config block, login/logout routes and the
RequireSession middleware wrap. Agent bearer-token auth on
/api/v1/runs/{id}/* is untouched.
Operators who want a password can front the service with a reverse
proxy — noted in README and docs/operations.md.
This commit is contained in:
@@ -45,7 +45,6 @@ Operator browser (HTMX + SSE, admin login)
|
||||
| `internal/api` | HTTP handlers: `agent_handlers.go` (the agent-facing API) and `ui_handlers.go` (HTMX fragments + SSE). |
|
||||
| `internal/httpserver` | chi router assembly — lives here to avoid `api ↔ orchestrator` cyclic imports. |
|
||||
| `internal/web` | Embedded static assets + compiled Templ templates. |
|
||||
| `internal/auth` | Single-admin bcrypt + signed-cookie sessions. |
|
||||
| `internal/pxe` | dnsmasq subprocess supervisor + per-MAC iPXE script generator. |
|
||||
| `internal/events` | In-process SSE hub (fan-out to live browser clients). |
|
||||
| `internal/logs` | Per-run flat-file writer + SSE fan-out of live log tail. |
|
||||
|
||||
Reference in New Issue
Block a user