Add proper login to Admin UI, replace Caddy basic_auth

- iron-session for encrypted httpOnly session cookies - POST /api/auth/login: verifies ADMIN_USERNAME/ADMIN_PASSWORD, sets session, returns API key - POST /api/auth/logout: destroys session - middleware.ts: protects all routes, redirects to /login if unauthenticated - Login page: username + password form (no more browser popup) - Sidebar: logout calls API route and clears session - docker-compose.prod.yml: admin-ui reads /opt/rustycms/.env.admin - deploy.yml: generates .env.admin from Gitea secrets - Caddy: basic_auth removed from /admin* block Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-15 21:49:32 +01:00
parent c644c08222
commit b432621919
13 changed files with 303 additions and 118 deletions
--- a/admin-ui/messages/en.json
+++ b/admin-ui/messages/en.json
@@ -1,10 +1,14 @@
 {
  "LoginPage": {
-    "title": "Login",
-    "apiKeyLabel": "API key",
-    "apiKeyPlaceholder": "Enter your API key",
+    "title": "Sign in to RustyCMS",
+    "usernameLabel": "Username",
+    "usernamePlaceholder": "Username",
+    "passwordLabel": "Password",
+    "passwordPlaceholder": "Password",
    "submit": "Login",
-    "hint": "Use the same key as RUSTYCMS_API_KEY on the server. Without a key you can only read; with a key you can edit."
+    "loggingIn": "Signing in…",
+    "invalidCredentials": "Invalid credentials",
+    "networkError": "Network error, please try again"
  },
  "Sidebar": {
    "dashboard": "Dashboard",
@@ -453,4 +457,4 @@
    "transformQuality": "Quality (1–100)",
    "creating": "Creating…"
  }
-}
+}