Refactor content structure and add basic authentication utilities
- Moved event and gallery data to JSON files for cleaner content management. - Added session management utilities with CSRF protection. - Integrated OAuth-based login and logout APIs. - Updated dependencies, including Astro and introduced dotenv-cli. - Enhanced package.json with local environment support.
This commit is contained in:
96
README.md
96
README.md
@ -1,47 +1,65 @@
|
||||
# Astro Starter Kit: Minimal
|
||||
# Gallus Pub Website – Admin mit Gitea OAuth und Git-Commits
|
||||
|
||||
```sh
|
||||
npm create astro@latest -- --template minimal
|
||||
Dieses Projekt stellt eine Astro‑Seite bereit und enthält eine Admin‑Oberfläche unter `/admin`, mit der Inhalte (Events, Galerie und Bilder) ohne Datenbank gepflegt werden können. Änderungen werden als Commits direkt in das Gitea‑Repository geschrieben. Woodpecker baut daraufhin und Fly.io deployt.
|
||||
|
||||
## Inhalte (Headless, Git‑basiert)
|
||||
- Editierbare Dateien im Repo:
|
||||
- `src/content/events.json`
|
||||
- `src/content/gallery.json`
|
||||
- Bilder: `public/images/*`
|
||||
- Die Startseite importiert diese Dateien und rendert sie.
|
||||
|
||||
## Admin & Auth
|
||||
- Admin‑Seite: `https://<domain>/admin` (kein Link im UI, nur direkter Pfad)
|
||||
- Login via Gitea OAuth:
|
||||
- `/api/auth/login` → Gitea → `/api/auth/callback`
|
||||
- Session als HttpOnly‑Cookie, CSRF‑Cookie für POSTs
|
||||
- Speichern: `/api/save` validiert und committet die Dateien via Gitea‑API
|
||||
|
||||
## Lokale Entwicklung
|
||||
1) `.env.example` nach `.env.local` kopieren und ausfüllen (Gitea OAuth‑App mit Redirect `http://localhost:4321/api/auth/callback`).
|
||||
2) Installieren und starten:
|
||||
```bash
|
||||
npm install
|
||||
npm run dev:local
|
||||
```
|
||||
3) Browser öffnen: `http://localhost:4321/admin` → Mit Gitea anmelden → Inhalte bearbeiten → Speichern.
|
||||
|
||||
[](https://stackblitz.com/github/withastro/astro/tree/latest/examples/minimal)
|
||||
[](https://codesandbox.io/p/sandbox/github/withastro/astro/tree/latest/examples/minimal)
|
||||
[](https://codespaces.new/withastro/astro?devcontainer_path=.devcontainer/minimal/devcontainer.json)
|
||||
Hinweis: Für lokales HTTP sind Cookies ohne `Secure` gesetzt. In Produktion werden Cookies automatisch als `Secure` markiert.
|
||||
|
||||
> 🧑🚀 **Seasoned astronaut?** Delete this file. Have fun!
|
||||
|
||||
## 🚀 Project Structure
|
||||
|
||||
Inside of your Astro project, you'll see the following folders and files:
|
||||
|
||||
```text
|
||||
/
|
||||
├── public/
|
||||
├── src/
|
||||
│ └── pages/
|
||||
│ └── index.astro
|
||||
└── package.json
|
||||
## Produktion (Fly.io)
|
||||
- Dockerfile baut Astro als SSR und startet `node dist/server/entry.mjs` auf Port 3000.
|
||||
- Secrets auf Fly.io setzen (Beispiele, Werte anpassen):
|
||||
```
|
||||
flyctl secrets set \
|
||||
OAUTH_PROVIDER=gitea \
|
||||
OAUTH_CLIENT_ID=... \
|
||||
OAUTH_CLIENT_SECRET=... \
|
||||
OAUTH_AUTHORIZE_URL=https://git.bookageek.ch/login/oauth/authorize \
|
||||
OAUTH_TOKEN_URL=https://git.bookageek.ch/login/oauth/access_token \
|
||||
OAUTH_USERINFO_URL=https://git.bookageek.ch/api/v1/user \
|
||||
GITEA_BASE=https://git.bookageek.ch \
|
||||
GITEA_OWNER=OWNER \
|
||||
GITEA_REPO=REPO \
|
||||
GITEA_TOKEN=PAT \
|
||||
GIT_BRANCH=main \
|
||||
SESSION_SECRET=RANDOM \
|
||||
CSRF_SECRET=RANDOM
|
||||
```
|
||||
- Optional: `PUBLIC_BASE_URL=https://gallus-pub.ch` setzen.
|
||||
|
||||
Astro looks for `.astro` or `.md` files in the `src/pages/` directory. Each page is exposed as a route based on its file name.
|
||||
## Wichtige Pfad‑Konvention
|
||||
- Statische Assets immer unter `public/` ablegen (z. B. `public/images/...`).
|
||||
- Die Admin‑Uploads schreiben automatisch nach `public/images/*`.
|
||||
|
||||
There's nothing special about `src/components/`, but that's where we like to put any Astro/React/Vue/Svelte/Preact components.
|
||||
## Befehle
|
||||
- `npm install` – Abhängigkeiten
|
||||
- `npm run dev` – Standard Dev
|
||||
- `npm run dev:local` – Dev mit `.env.local` (OAuth/Gitea)
|
||||
- `npm run build` – Produktion builden
|
||||
- `npm run preview` – Build lokal testen
|
||||
|
||||
Any static assets, like images, can be placed in the `public/` directory.
|
||||
|
||||
## 🧞 Commands
|
||||
|
||||
All commands are run from the root of the project, from a terminal:
|
||||
|
||||
| Command | Action |
|
||||
| :------------------------ | :----------------------------------------------- |
|
||||
| `npm install` | Installs dependencies |
|
||||
| `npm run dev` | Starts local dev server at `localhost:4321` |
|
||||
| `npm run build` | Build your production site to `./dist/` |
|
||||
| `npm run preview` | Preview your build locally, before deploying |
|
||||
| `npm run astro ...` | Run CLI commands like `astro add`, `astro check` |
|
||||
| `npm run astro -- --help` | Get help using the Astro CLI |
|
||||
|
||||
## 👀 Want to learn more?
|
||||
|
||||
Feel free to check [our documentation](https://docs.astro.build) or jump into our [Discord server](https://astro.build/chat).
|
||||
## Sicherheit
|
||||
- Kein PAT im Browser – nur serverseitig in Secrets
|
||||
- CSRF‑Schutz und Pfad‑Allowlist
|
||||
- Optional nutzerbasierte Zulassung: `OAUTH_ALLOWED_USERS` (Komma‑Liste)
|
||||
|
||||
Reference in New Issue
Block a user