feat: add local auth, proxy auth, health checks, and improved docs#148
Open
brian-olson wants to merge 1 commit intoEugeny:masterfrom
Open
feat: add local auth, proxy auth, health checks, and improved docs#148brian-olson wants to merge 1 commit intoEugeny:masterfrom
brian-olson wants to merge 1 commit intoEugeny:masterfrom
Conversation
This PR adds several improvements for self-hosted deployments: ## Local Username/Password Authentication (Eugeny#116) - Add LOCAL_AUTH_ENABLED and LOCAL_AUTH_REGISTRATION_ENABLED settings - Add /api/1/auth/local/login endpoint for username/password login - Add /api/1/auth/local/register endpoint for self-registration - Add /api/1/auth/change-password endpoint for password changes - Add /api/1/auth/status endpoint to show available auth methods ## Proxy Authentication (Eugeny#116) - Add PROXY_AUTH_ENABLED setting for reverse proxy auth - Add ProxyAuthMiddleware to trust X-Auth-* headers - Supports Authentik, Authelia, Traefik ForwardAuth, etc. ## Health Check Endpoints - Add /health endpoint for basic health checks (load balancers) - Add /ready endpoint for readiness checks (DB connectivity) - Add /live endpoint for liveness checks (uptime info) ## Version Endpoint - Add /api/1/version endpoint exposing version and build info ## Improved Error Messages (Eugeny#125, Eugeny#124, Eugeny#119) - Document ALLOWED_HOSTS fix for "Invalid HTTP_HOST header" error - Document OAuth callback URL requirements - Document database migration commands - Add troubleshooting section to README ## Docker Compose Improvements - Add docker-compose.prebuilt.yml for quick deployment - Add healthcheck configuration - Document all authentication options 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds several improvements for self-hosted deployments, addressing multiple open issues:
Local Username/Password Authentication (Fixes #116)
LOCAL_AUTH_ENABLEDandLOCAL_AUTH_REGISTRATION_ENABLEDenvironment variables/api/1/auth/local/loginendpoint for username/password login/api/1/auth/local/registerendpoint for self-registration (when enabled)/api/1/auth/change-passwordendpoint for password changes/api/1/auth/statusendpoint to show available authentication methodsThis allows self-hosted instances to work without OAuth configuration - just set
LOCAL_AUTH_ENABLED=true.Proxy Authentication (Also addresses #116)
PROXY_AUTH_ENABLEDsetting for reverse proxy authenticationProxyAuthMiddlewareto trustX-Auth-*headers from auth proxiesX-Auth-User-Email(required),X-Auth-User-Name(optional)Health Check Endpoints
/healthendpoint for basic health checks (load balancers)/readyendpoint for readiness checks (includes DB connectivity)/liveendpoint for liveness checks (includes uptime info)Version Endpoint
/api/1/versionendpoint exposing version and build informationImproved Error Messages (Addresses #125, #124, #119)
ALLOWED_HOSTSfix for "Invalid HTTP_HOST header" errorDocker Compose Improvements
docker-compose.prebuilt.ymlfor quick deployment with pre-built imagesTest Plan
LOCAL_AUTH_ENABLED=trueLOCAL_AUTH_REGISTRATION_ENABLED=true/api/1/auth/statusreturns correct auth methods/health,/ready,/live)/api/1/versionendpointX-Auth-User-Emailheader🤖 Generated with Claude Code