Andrew Phillips e672ec751e feat: add JWT auth, configurable username, switch password auth to Basic ...

Add server-side JWT authentication with permission-based access control
(read/write/delete claims). Password authentication now uses HTTP Basic
auth only (replacing Bearer). Add configurable username for both server
and client (--server-username/--client-username, defaults to "keep").

JWT secret supports file-based loading via --server-jwt-secret-file for
Docker secrets. OPTIONS preflight requests bypass auth. HEAD mapped to
read permission.

Co-Authored-By: opencode <noreply@opencode.ai>

2026-03-13 13:56:35 -03:00

94 KiB

Raw Blame History

View Raw