Claude 1671aaf8e8 fix: break infinite redirect for non-admin users on admin UI ... Root cause: auth_middleware redirected all non-admins (including logged-in ones) to /login, and login_page redirected logged-in users back — a loop. Fix: - auth_middleware now distinguishes unauthenticated (→ /login?next=) from logged-in-but-not-admin (→ /denied), breaking the loop entirely - /denied page's "sign in with a different account" link now goes to /logout first, so clicking it clears the session before the login form appears The login_page auto-redirect for logged-in users is restored, which is required for the Caddy forward_auth flow (deployed apps redirecting through /login?next=<app-url>). https://claude.ai/code/session_01FKCW3FDjNFj6jve4niMFXH		2026-03-23 08:24:41 +00:00
..
src	fix: break infinite redirect for non-admin users on admin UI	2026-03-23 08:24:41 +00:00
Cargo.toml	Add multi-user security service with per-app authorization	2026-03-20 14:22:57 +00:00