Add registration control, admin user management, and security hardening
- Registration auto-closes after first user; admin can toggle from /admin/users - Admin user management view with user list and delete - Password confirmation on registration form - Password change in Settings (PUT /api/auth/password) - Session cookie hardening: HttpOnly, SameSite=Lax, optional Secure flag - Startup warning when SECRET_KEY is default - Production deployment docs: reverse proxy, rate limiting, CSP headers - Fix assist prompt to preserve markdown headings in target sections - Simplify prod compose networking Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -7,6 +7,7 @@ export const useAuthStore = defineStore("auth", () => {
|
||||
const user = ref<User | null>(null);
|
||||
const loading = ref(true);
|
||||
const hasUsers = ref(true);
|
||||
const registrationOpen = ref(false);
|
||||
|
||||
const isAuthenticated = computed(() => user.value !== null);
|
||||
const isAdmin = computed(() => user.value?.role === "admin");
|
||||
@@ -26,8 +27,10 @@ export const useAuthStore = defineStore("auth", () => {
|
||||
try {
|
||||
const data = await apiGet<AuthStatus>("/api/auth/status");
|
||||
hasUsers.value = data.has_users;
|
||||
registrationOpen.value = data.registration_open;
|
||||
} catch {
|
||||
hasUsers.value = true;
|
||||
registrationOpen.value = false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -52,6 +55,7 @@ export const useAuthStore = defineStore("auth", () => {
|
||||
user,
|
||||
loading,
|
||||
hasUsers,
|
||||
registrationOpen,
|
||||
isAuthenticated,
|
||||
isAdmin,
|
||||
checkAuth,
|
||||
|
||||
Reference in New Issue
Block a user