Gate /chat/* behind Forgejo OAuth2 authorization-code flow. - Extract generic _create_forgejo_oauth_app() helper in lib/ci-setup.sh; Woodpecker OAuth becomes a thin wrapper, chat gets its own app. - bin/disinto init now creates TWO OAuth apps (woodpecker-ci + disinto-chat) and writes CHAT_OAUTH_CLIENT_ID / CHAT_OAUTH_CLIENT_SECRET to .env. - docker/chat/server.py: new routes /chat/login (→ Forgejo authorize), /chat/oauth/callback (code→token exchange, user allowlist check, session cookie). All other /chat/* routes require a valid session or redirect to /chat/login. Session store is in-memory with 24h TTL. - lib/generators.sh: pass FORGE_URL, CHAT_OAUTH_CLIENT_ID, CHAT_OAUTH_CLIENT_SECRET, EDGE_TUNNEL_FQDN, DISINTO_CHAT_ALLOWED_USERS to the chat container environment. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claude
parent
cf4e9983c2
commit
30e19f71e2
6 changed files with 376 additions and 69 deletions
|
|
@ -500,6 +500,11 @@ services:
|
|||
environment:
|
||||
CHAT_HOST: "0.0.0.0"
|
||||
CHAT_PORT: "8080"
|
||||
FORGE_URL: http://forgejo:3000
|
||||
CHAT_OAUTH_CLIENT_ID: ${CHAT_OAUTH_CLIENT_ID:-}
|
||||
CHAT_OAUTH_CLIENT_SECRET: ${CHAT_OAUTH_CLIENT_SECRET:-}
|
||||
EDGE_TUNNEL_FQDN: ${EDGE_TUNNEL_FQDN:-}
|
||||
DISINTO_CHAT_ALLOWED_USERS: ${DISINTO_CHAT_ALLOWED_USERS:-}
|
||||
networks:
|
||||
- disinto-net
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue