Replace token auth with single-user login
This commit is contained in:
@@ -2,7 +2,7 @@
|
||||
|
||||
Small local web UI for a system-wide `ani-cli` install.
|
||||
|
||||
Current version: `0.40.0`
|
||||
Current version: `0.41.0`
|
||||
|
||||
## Project Layout
|
||||
|
||||
@@ -276,23 +276,28 @@ To allow LAN or remote access:
|
||||
|
||||
```sh
|
||||
ANI_CLI_WEB_ALLOW_REMOTE=1
|
||||
ANI_CLI_WEB_REMOTE_TOKEN=choose-a-long-random-token
|
||||
ANI_CLI_WEB_AUTH_USERNAME=admin
|
||||
ANI_CLI_WEB_AUTH_PASSWORD=choose-a-long-random-password
|
||||
```
|
||||
|
||||
Non-local clients must send one of:
|
||||
Non-local browser visits are redirected to a sign-in form automatically when no valid session cookie is present.
|
||||
|
||||
- `Authorization: Bearer <token>`
|
||||
- `X-AniCli-Web-Token: <token>`
|
||||
API clients can authenticate with:
|
||||
|
||||
Browser bootstrap also works:
|
||||
- `Authorization: Basic <base64(username:password)>`
|
||||
|
||||
```text
|
||||
http://YOUR-HOST:8421/?token=your-token-here
|
||||
The browser login stores a persistent HTTP-only session cookie, so you usually only need to sign in once per browser.
|
||||
|
||||
You can also set the same credentials directly in `.ani-cli-web/config.json`:
|
||||
|
||||
```json
|
||||
{
|
||||
"auth_username": "admin",
|
||||
"auth_password": "choose-a-long-random-password"
|
||||
}
|
||||
```
|
||||
|
||||
For normal browser visits, the app now shows a sign-in page automatically when the token cookie is missing.
|
||||
|
||||
The app stores the token in an HTTP-only cookie and redirects to the clean URL. The cookie is persistent, so you usually only need to sign in once per browser.
|
||||
Environment variables take precedence over values saved in `config.json`.
|
||||
|
||||
## Download Queue
|
||||
|
||||
@@ -343,7 +348,8 @@ Environment variables:
|
||||
- `ANI_CLI_WEB_HOST`: server host, default `127.0.0.1`
|
||||
- `ANI_CLI_WEB_PORT`: server port, default `8421`
|
||||
- `ANI_CLI_WEB_ALLOW_REMOTE`: allow non-loopback clients
|
||||
- `ANI_CLI_WEB_REMOTE_TOKEN`: shared secret for remote access
|
||||
- `ANI_CLI_WEB_AUTH_USERNAME`: single remote-login username
|
||||
- `ANI_CLI_WEB_AUTH_PASSWORD`: single remote-login password
|
||||
- `ANI_CLI_WEB_DEBUG`: enable debug logging
|
||||
- `ANI_CLI_WEB_STATE_ROOT`: override the project-local state directory
|
||||
- `UPDATE_ON_START`: run `sudo ani-cli --update` in the container before startup
|
||||
@@ -351,6 +357,8 @@ Environment variables:
|
||||
|
||||
Saved config fields include:
|
||||
|
||||
- `auth_username`
|
||||
- `auth_password`
|
||||
- `discord_webhook_url`
|
||||
- `discord_webhook_events`
|
||||
- `watchlist_auto_refresh_enabled`
|
||||
|
||||
Reference in New Issue
Block a user