feat: add HTMX web UI with login/register forms

- Home page showing README and stats - Login/register forms with HTMX - Registry and activities pages - Cookie-based auth for web UI - JWT secret from Docker secrets (/run/secrets/jwt_secret) - Updated README with secret generation instructions 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-07 15:37:35 +00:00
parent a2190801e8
commit d83510f24b
4 changed files with 552 additions and 6 deletions
--- a/auth.py
+++ b/auth.py
@@ -20,11 +20,29 @@ from pydantic import BaseModel
 pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")

 # JWT settings
-SECRET_KEY = os.environ.get("JWT_SECRET", secrets.token_hex(32))
 ALGORITHM = "HS256"
 ACCESS_TOKEN_EXPIRE_DAYS = 30


+def load_jwt_secret() -> str:
+    """Load JWT secret from Docker secret, env var, or generate."""
+    # Try Docker secret first
+    secret_path = Path("/run/secrets/jwt_secret")
+    if secret_path.exists():
+        return secret_path.read_text().strip()
+
+    # Try environment variable
+    if os.environ.get("JWT_SECRET"):
+        return os.environ["JWT_SECRET"]
+
+    # Generate one (tokens won't persist across restarts!)
+    print("WARNING: No JWT_SECRET configured. Tokens will be invalidated on restart.")
+    return secrets.token_hex(32)
+
+
+SECRET_KEY = load_jwt_secret()
+
+
 class User(BaseModel):
    """A registered user."""
    username: str