Implement token-based admin login and remove WebAuthn support
This commit is contained in:
+6
-9
@@ -1,14 +1,12 @@
|
||||
# Required: random secret used to salt IP hashes and sign sessions
|
||||
# Generate with: openssl rand -hex 32
|
||||
SECRET_KEY=replace_me_with_a_random_secret
|
||||
# Required: admin login token for /admin/login
|
||||
ADMIN_SECRET_TOKEN=replace_me_with_a_long_random_token
|
||||
|
||||
# WebAuthn / YubiKey configuration
|
||||
# rpID must match the domain your site is served from (no scheme, no port)
|
||||
WEBAUTHN_RP_ID=hiddenden.cafe
|
||||
# Full origin including scheme (and port if non-standard)
|
||||
WEBAUTHN_ORIGIN=https://hiddenden.cafe
|
||||
# Human-readable name shown in the YubiKey prompt
|
||||
WEBAUTHN_RP_NAME=Cozy Den
|
||||
# Optional: force cookie secure behavior (`true` or `false`)
|
||||
# Leave unset for automatic behavior based on NODE_ENV
|
||||
# COOKIE_SECURE=
|
||||
|
||||
# Database path (Docker mounts /data as a named volume)
|
||||
DB_PATH=/data/guestbook.db
|
||||
@@ -19,6 +17,5 @@ PORT=3000
|
||||
|
||||
# --- Development overrides ---
|
||||
# For local dev (npm run dev), override with:
|
||||
# WEBAUTHN_RP_ID=localhost
|
||||
# WEBAUTHN_ORIGIN=http://localhost:4321
|
||||
# COOKIE_SECURE=false
|
||||
# DB_PATH=./data/guestbook.db
|
||||
|
||||
Reference in New Issue
Block a user