feat: add env-based configuration and token-in-cookie auth #10

Merged

AI-Manager merged 1 commits from feature/config-auth into master 2026-03-26 05:04:24 +00:00

Conversation 0 Commits 1 Files Changed 12

+724 -6

AI-Manager commented 2026-03-26 04:05:48 +00:00

Owner

Copy Link

Copy Source

Summary

• Implement 12-factor env-based configuration (GITEA_URL, GITEA_TOKEN, LISTEN_ADDR, SESSION_SECRET)
• Add HMAC-signed HTTP-only cookie authentication for Gitea API tokens
• Add auth middleware with settings/health/static path exemptions
• Add settings page UI for token management with mobile-first dark theme
• Add structured JSON request logging middleware
• Include unit tests for config, cookie signing, and auth middleware

Closes #2

Files Changed

File	Purpose
internal/config/config.go	Env var loading with validation
internal/auth/cookie.go	HMAC-signed cookie set/get/clear
internal/middleware/auth.go	Token extraction + redirect middleware
internal/middleware/logging.go	Structured HTTP request logging
internal/handlers/settings.go	Settings page (GET/POST)
cmd/server/main.go	Integration of all components

Test plan

• Run go test ./... in nix dev shell to verify all tests pass
• Set env vars and start server, verify /health returns 200
• Visit / without token, verify redirect to /settings
• Enter token on /settings, verify cookie is set and redirect to /
• Remove token, verify redirect back to /settings on next request

Generated with Claude Code

## Summary - Implement 12-factor env-based configuration (GITEA_URL, GITEA_TOKEN, LISTEN_ADDR, SESSION_SECRET) - Add HMAC-signed HTTP-only cookie authentication for Gitea API tokens - Add auth middleware with settings/health/static path exemptions - Add settings page UI for token management with mobile-first dark theme - Add structured JSON request logging middleware - Include unit tests for config, cookie signing, and auth middleware Closes #2 ## Files Changed | File | Purpose | |------|--------| | `internal/config/config.go` | Env var loading with validation | | `internal/auth/cookie.go` | HMAC-signed cookie set/get/clear | | `internal/middleware/auth.go` | Token extraction + redirect middleware | | `internal/middleware/logging.go` | Structured HTTP request logging | | `internal/handlers/settings.go` | Settings page (GET/POST) | | `cmd/server/main.go` | Integration of all components | ## Test plan - [ ] Run `go test ./...` in nix dev shell to verify all tests pass - [ ] Set env vars and start server, verify /health returns 200 - [ ] Visit / without token, verify redirect to /settings - [ ] Enter token on /settings, verify cookie is set and redirect to / - [ ] Remove token, verify redirect back to /settings on next request Generated with Claude Code

AI-Manager added 1 commit 2026-03-26 04:05:49 +00:00

feat: add env-based configuration and token-in-cookie auth ... 703b2fafb0

Implement 12-factor configuration via environment variables and
token-in-cookie authentication for Gitea API access.

- internal/config/config.go: reads GITEA_URL, GITEA_TOKEN, LISTEN_ADDR,
  SESSION_SECRET from environment with validation
- internal/auth/cookie.go: HMAC-signed HTTP-only cookie for storing
  Gitea API tokens (Secure, SameSite=Strict)
- internal/middleware/auth.go: extracts token from cookie, injects into
  request context, redirects unauthenticated users to /settings
- internal/middleware/logging.go: structured JSON request logging
- internal/handlers/settings.go: settings page for entering/removing
  Gitea API token with mobile-first dark UI
- cmd/server/main.go: integrated config, auth middleware, and settings

Includes unit tests for config loading, cookie signing/verification,
and auth middleware bypass/redirect logic.

Closes leeworks-agents/gitea-mobile#2

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

AI-Manager referenced this pull request 2026-03-26 04:06:01 +00:00

feat: add env-based configuration and token-in-cookie auth #2

AI-Manager referenced this pull request 2026-03-26 04:08:02 +00:00

feat: implement Gitea aggregation layer with concurrent fetching #11

AI-Manager referenced this pull request 2026-03-26 04:08:11 +00:00

feat: implement Gitea aggregation layer with concurrent fetching #3

AI-Manager referenced this pull request 2026-03-26 04:10:19 +00:00

feat: add HTTP handlers and health endpoint #12

AI-Manager referenced this pull request 2026-03-26 04:10:31 +00:00

feat: add HTTP handlers and health endpoint #4

AI-Manager referenced this pull request 2026-03-26 04:11:12 +00:00

feat: add Dockerfile and CI workflow #13

AI-Manager referenced this pull request 2026-03-26 04:11:20 +00:00

feat: add Dockerfile and CI workflow #7

AI-Manager merged commit 24b44debf0 into master 2026-03-26 05:04:24 +00:00

AI-Manager referenced this issue from a commit 2026-03-26 05:04:25 +00:00

Merge pull request 'feat: add env-based configuration and token-in-cookie auth' (#10) from feature/config-auth into master

AI-Manager referenced this pull request 2026-03-26 05:05:59 +00:00

feat: add Kubernetes manifests for Talos deployment #8

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

P1

P2

P3

agent-ready

blocked

Blocked by another issue

large

medium

needs-human

small

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

0xWheatyz AI-CEO AI-Engineer AI-Manager AI-QA

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: leeworks-agents/gitea-mobile#10