Refine remote config and path browsing

This commit is contained in:
Dymas
2026-05-26 10:50:31 +02:00
parent 83497d8ff0
commit 4c430e1982
4 changed files with 96 additions and 4 deletions
+13 -1
View File
@@ -322,11 +322,21 @@ ANI_CLI_WEB_AUTH_PASSWORD=choose-a-long-random-password
Non-local browser visits are redirected to a sign-in form automatically when no valid session cookie is present.
Remote browser writes use same-origin `Origin` checks. If you run the app behind a reverse proxy, make sure the browser reaches it through the same host you expect the backend to validate.
API clients can authenticate with:
- `Authorization: Basic <base64(username:password)>`
The browser login stores a persistent HTTP-only session cookie, so you usually only need to sign in once per browser.
The browser login stores a persistent HTTP-only session token, so you usually only need to sign in once per browser.
Remote path access can be limited to explicit server-approved roots with:
```sh
ANI_CLI_WEB_REMOTE_PATH_ROOTS=/downloads:/srv/jellyfin-tv:/srv/jellyfin-movies
```
Those roots are added to the remote path picker alongside the configured download and Jellyfin library folders.
You can also set the same credentials directly in `.ani-cli-web/config.json`:
@@ -371,6 +381,7 @@ ani-cli-web/.ani-cli-web/
Main contents:
- `config.json`
- `remote-sessions.json`
- `state.sqlite3`
- `thumbnails/`
- AniDB title cache data
@@ -391,6 +402,7 @@ Environment variables:
- `ANI_CLI_WEB_ALLOW_REMOTE`: allow non-loopback clients
- `ANI_CLI_WEB_AUTH_USERNAME`: single remote-login username
- `ANI_CLI_WEB_AUTH_PASSWORD`: single remote-login password
- `ANI_CLI_WEB_REMOTE_PATH_ROOTS`: optional `:`-separated allowlist of remote-browse roots
- `ANI_CLI_WEB_DEBUG`: enable debug logging
- `ANI_CLI_WEB_STATE_ROOT`: override the project-local state directory
- `UPDATE_ON_START`: run `sudo ani-cli --update` in the container before startup