sander/Hostityourself
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Hostityourself/server/src
History
Claude 2cdbf270f6
Add multi-user security service with per-app authorization 
Control plane:
- Users and app grants stored in SQLite (users + user_apps tables)
- bcrypt password hashing
- Sessions: HashMap<token, user_id> (in-memory, cleared on restart)
- Bootstrap: first admin auto-created from HIY_ADMIN_USER/HIY_ADMIN_PASS if DB is empty
- /admin/users page: create/delete users, toggle admin, grant/revoke app access
- /api/users + /api/users/:id/apps/:app_id REST endpoints (admin-only)

Deployed apps:
- Every app route now uses Caddy forward_auth pointing at /auth/verify
- /auth/verify checks session cookie + user_apps grant (admins have access to all apps)
- Unauthenticated -> 302 to /login?next=<original URL>
- Authorised but not granted -> /denied page
- Session cookie set with Domain=.DOMAIN_SUFFIX for cross-subdomain auth

Other:
- /denied page for "logged in but not granted" case
- Login page skips re-auth if already logged in
- Cookie uses SameSite=Lax (required for cross-subdomain redirect flows)

https://claude.ai/code/session_01FKCW3FDjNFj6jve4niMFXH
2026-03-20 14:22:57 +00:00
..
routes Add multi-user security service with per-app authorization 2026-03-20 14:22:57 +00:00
auth.rs Add multi-user security service with per-app authorization 2026-03-20 14:22:57 +00:00
builder.rs Explicitly pass DOMAIN_SUFFIX and CADDY_API_URL to build script 2026-03-20 09:28:59 +00:00
db.rs Add multi-user security service with per-app authorization 2026-03-20 14:22:57 +00:00
main.rs Add multi-user security service with per-app authorization 2026-03-20 14:22:57 +00:00
models.rs Add multi-user security service with per-app authorization 2026-03-20 14:22:57 +00:00