grant/keysat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0.1.0:25–40 — tier model, edit forms, force-delete, license counts, migration 0009 (and hotfix); KEYSAT_INTEGRATION.md merged with downstream-LLM revisions

Browse Source
This commit is contained in:
Grant
2026-05-07 23:35:22 -05:00
parent 6ac118ae70
commit beedd07f07
27 changed files with 5576 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files
licensing-service/migrations/0008_web_sessions.sql
+26
View File
@@ -0,0 +1,26 @@
-- Web UI password + session-based authentication.
--
-- Until v0.1.0:28 the only credential was the admin API key, which the
-- SPA stored in localStorage every login. This migration sets up the
-- alternate path: the operator sets a password (argon2id-hashed in the
-- settings table under key 'web_ui_password_hash'); successful login
-- issues a session token stored as an HttpOnly cookie. The API key
-- continues to work for automation; admin endpoints accept either
-- credential.
--
-- A future migration may add per-user accounts. For v0.1 there's a
-- single admin password — the StartOS service is single-tenant by
-- design and an operator's StartOS already gates physical access.
PRAGMA foreign_keys = ON;
CREATE TABLE IF NOT EXISTS sessions (
token TEXT PRIMARY KEY, -- random 32-byte URL-safe base64
created_at TEXT NOT NULL,
expires_at TEXT NOT NULL, -- ISO-8601 UTC
last_seen_at TEXT NOT NULL,
ip TEXT,
user_agent TEXT
);
CREATE INDEX IF NOT EXISTS idx_sessions_expires ON sessions(expires_at);