Hostityourself/infra/.env.example at a2627a3e2f0e4ff1d344ac0ee39017928250b113 - sander/Hostityourself - Forgejo: Beyond coding. We forge.

sander/Hostityourself

Claude 4454744cba

Add session-based auth to dashboard and API

- New HIY_ADMIN_USER / HIY_ADMIN_PASS env vars control access
- Login page at /login with redirect-after-login support
- Cookie-based sessions (HttpOnly, SameSite=Strict); cleared on restart
- Auth middleware applied to all routes except /webhook/:app_id (HMAC) and /login
- Auth is skipped when credentials are not configured (dev mode, warns at startup)
- Logout link in both dashboard nav bars
- Caddy admin port 2019 no longer published to the host in docker-compose

https://claude.ai/code/session_01FKCW3FDjNFj6jve4niMFXH

2026-03-20 13:45:16 +00:00

9 lines

322 B

Text

Raw Blame History

 # Your domain — apps will be served at <name>.yourdomain.com
 DOMAIN_SUFFIX=yourdomain.com
 # Optional: email for Let's Encrypt expiry notices.
 # If you want this, uncomment the `email` line in proxy/Caddyfile instead.
 # Dashboard login credentials (required in production).
 HIY_ADMIN_USER=admin
 HIY_ADMIN_PASS=changeme