Add registration control, admin user management, and security hardening

- Registration auto-closes after first user; admin can toggle from /admin/users
- Admin user management view with user list and delete
- Password confirmation on registration form
- Password change in Settings (PUT /api/auth/password)
- Session cookie hardening: HttpOnly, SameSite=Lax, optional Secure flag
- Startup warning when SECRET_KEY is default
- Production deployment docs: reverse proxy, rate limiting, CSP headers
- Fix assist prompt to preserve markdown headings in target sections
- Simplify prod compose networking

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-02-12 17:49:22 -05:00
parent f2496916f9
commit f77b029943
16 changed files with 809 additions and 60 deletions
+4
View File
@@ -7,6 +7,7 @@ export const useAuthStore = defineStore("auth", () => {
const user = ref<User | null>(null);
const loading = ref(true);
const hasUsers = ref(true);
const registrationOpen = ref(false);
const isAuthenticated = computed(() => user.value !== null);
const isAdmin = computed(() => user.value?.role === "admin");
@@ -26,8 +27,10 @@ export const useAuthStore = defineStore("auth", () => {
try {
const data = await apiGet<AuthStatus>("/api/auth/status");
hasUsers.value = data.has_users;
registrationOpen.value = data.registration_open;
} catch {
hasUsers.value = true;
registrationOpen.value = false;
}
}
@@ -52,6 +55,7 @@ export const useAuthStore = defineStore("auth", () => {
user,
loading,
hasUsers,
registrationOpen,
isAuthenticated,
isAdmin,
checkAuth,