- New pipekit/web/auth.py: itsdangerous-signed cookie, 8hr expiry, auto-generates signing secret in settings table on first use - GET/POST /login and POST /logout routes (public, no auth dependency) - All other web routes protected via router-level require_web_auth dep - Starlette middleware injects request.state.current_user for templates - Topbar shows logged-in username + logout button when session active - Reuses existing api_user/api_pass credentials and api_auth_enabled flag - Add itsdangerous>=2.1 to requirements.txt - Enable api_auth_enabled in config.yaml Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
9 lines
132 B
Plaintext
9 lines
132 B
Plaintext
fastapi>=0.115
|
|
itsdangerous>=2.1
|
|
uvicorn[standard]>=0.30
|
|
python-multipart>=0.0.20
|
|
jinja2>=3.1
|
|
pyyaml>=6.0
|
|
httpx>=0.27
|
|
croniter>=2.0
|