feat(auth): replace cookie/api-key auth with JWT Bearer tokens, separate UI from API · e99cacae8b - furumi-ng

feat(auth): replace cookie/api-key auth with JWT Bearer tokens, separate UI from API

Publish Metadata Agent Image / build-and-push-image (push) Successful in 6m3s

Details

Publish Node Player Image / build-and-push-image (push) Failing after 58s

Details

Publish Web Player Image / build-and-push-image (push) Has been cancelled

Details

- Add JWT Bearer token validation to Rust API via OIDC provider JWKS
  with automatic key rotation and 1-hour cache
- Remove x-api-key auth support and built-in web UI from furumi-web-player,
  leaving it as a pure API server
- Add /auth/token endpoint to Node player server to expose OIDC access
  tokens to the frontend
- Move Node player auth endpoints from /api/* to /auth/* to avoid
  path conflicts with Rust API
- Add static file serving to Node Express server for production
  single-container deployment
- Fix SameSite=Strict cookie issue breaking OIDC redirect flow (use Lax)
- Add Dockerfile.node-player with multi-stage Node.js build
- Add CI workflows for node-player Docker image (dev + release)
- Optimize Rust Dockerfiles with dependency caching layer
- Update docker-compose with OIDC env vars and OLLAMA_MODEL support
- Cherry-pick agent LLM client fixes from DEV branch

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

This commit is contained in:

Ultradesu

2026-04-08 14:51:52 +01:00

parent 94d14e8fc8

commit e99cacae8b

20 changed files with 515 additions and 161 deletions

									
										furumi-node-player/client/.env.example
									
		+1
		-2
	
												View File
												
				@@ -1,2 +1 @@

				VITE_API_BASE_URL=http://localhost:8085

				VITE_API_KEY=

				VITE_FURUMI_API_URL=http://localhost:8085