build: Update library assets with UI visibility fix

- Rebuild JavaScript library with delayed control panel initialization - Update server assets to include latest UI behavior changes - Ensure built assets reflect invisible UI for regular visitors The control panel now only appears after gate activation, maintaining the invisible CMS principle for end users.
2025-09-17 19:12:52 +02:00
parent 988f99f58b
commit 2a0915dda0
13 changed files with 694 additions and 82 deletions
--- a/COMMANDS.md
+++ b/COMMANDS.md
@@ -130,6 +130,10 @@ When running `insertr serve`, these endpoints are available:
 - `GET /api/content/{id}/versions?site_id={site}` - Get content history
 - `POST /api/content/{id}/rollback` - Rollback to previous version

+#### Authentication
+- `GET /auth/login` - Initiate OAuth flow (returns redirect URL for Authentik)
+- `GET /auth/callback` - OAuth callback handler (processes authorization code)
+
 ### Content Management API Details

 #### Create/Update Content (Upsert)
@@ -237,6 +241,15 @@ build:
  input: "./src"              # Default input directory
  output: "./dist"            # Default output directory

+# Authentication configuration
+auth:
+  provider: "mock"            # "mock", "authentik"
+  jwt_secret: ""              # JWT signing secret (auto-generated in dev)
+  oidc:                       # Authentik OIDC configuration
+    endpoint: ""              # https://auth.example.com/application/o/insertr/
+    client_id: ""             # OAuth2 client ID
+    client_secret: ""         # OAuth2 client secret
+
 # Global settings
 site_id: "demo"              # Site identifier
 mock_content: false          # Use mock data
@@ -252,6 +265,10 @@ export INSERTR_API_URL="https://api.example.com"
 export INSERTR_API_KEY="your-api-key"
 export INSERTR_SITE_ID="production"

+# Authentication environment variables (recommended for production)
+export AUTHENTIK_CLIENT_SECRET="your-oidc-secret"
+export AUTHENTIK_ENDPOINT="https://auth.example.com/application/o/insertr/"
+
 ./insertr serve
 ```

@@ -284,13 +301,42 @@ air                         # Uses .air.toml configuration
 # Build static site with content
 ./insertr enhance ./src --output ./dist --api-url https://api.prod.com

-# Start production API server
+# Start production API server with authentication
+export AUTHENTIK_CLIENT_SECRET="prod-secret"
 ./insertr serve --db "postgresql://user:pass@db:5432/prod"

 # With custom configuration
 ./insertr --config ./production.yaml serve
 ```

+### Authentication Setup
+
+#### Mock Authentication (Development)
+```bash
+# Default - no setup required
+./insertr serve --dev-mode
+
+# Configuration
+auth:
+  provider: "mock"
+```
+
+#### Authentik OIDC (Production)
+```bash
+# Set environment variables (recommended)
+export AUTHENTIK_CLIENT_SECRET="your-secret-from-authentik"
+export AUTHENTIK_ENDPOINT="https://auth.example.com/application/o/insertr/"
+
+# Start server
+./insertr serve
+```
+
+**Required Authentik Configuration:**
+1. Create OAuth2/OIDC Provider in Authentik
+2. Set redirect URI: `https://your-domain.com/auth/callback`
+3. Note the endpoint URL and client credentials
+4. Configure in `insertr.yaml` or environment variables
+
 ### CI/CD Integration

 ```yaml