[PR #17] [CLOSED] feat: Add authentication system to secure the application #117

New Issue

Closed

opened 2025-11-20 04:12:55 -05:00 by saavagebueno · 0 comments

saavagebueno commented 2025-11-20 04:12:55 -05:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/community-scripts/ProxmoxVE-Local/pull/17
Author: @RXWatcher
Created: 10/3/2025
Status: ❌ Closed

Base: development ← Head: feat/authentication-system

---

📝 Commits (4)

• 5823e54 Add GitHub templates and configuration (#8)
• 5582d28 Update note from 'beat' to 'beta' in README
• be65cee feat: Add SSH key authentication support
• 6c6f031 feat: Add authentication system to secure the application

📊 Changes

26 files changed (+1797 additions, -215 deletions)

View changed files

➕ .github/CODEOWNERS (+15 -0)
➕ .github/ISSUE_TEMPLATE/bug_report.yml (+50 -0)
➕ .github/ISSUE_TEMPLATE/feature_request.yml (+33 -0)
➕ .github/pull_request_template.md (+24 -0)
📝 README.md (+1 -1)
➕ middleware.ts (+78 -0)
📝 package-lock.json (+40 -0)
📝 package.json (+4 -0)
➕ src/app/_components/AuthProvider.tsx (+74 -0)
➕ src/app/_components/LogoutButton.tsx (+56 -0)
➕ src/app/_components/ProtectedRoute.tsx (+37 -0)
📝 src/app/_components/ServerForm.tsx (+80 -4)
➕ src/app/api/auth/login/route.ts (+76 -0)
➕ src/app/api/auth/logout/route.ts (+29 -0)
➕ src/app/api/auth/me/route.ts (+44 -0)
➕ src/app/api/auth/setup/route.ts (+90 -0)
📝 src/app/api/servers/[id]/route.ts (+19 -4)
📝 src/app/api/servers/route.ts (+19 -4)
📝 src/app/layout.tsx (+6 -1)
➕ src/app/login/page.tsx (+134 -0)

...and 6 more files

📄 Description

Summary

This PR adds a comprehensive authentication system to the PVE Scripts management interface, making it safe to expose the application to the internet.

Features

• Session-based authentication with SQLite database storage
• Secure password hashing using bcrypt (12 salt rounds)
• Initial setup flow for creating the first admin user
• Login/logout functionality with proper session management
• Protected routes ensuring only authenticated users can access the app
• 24-hour session expiration for security

Technical Implementation

Database Schema

• Added users table for storing user credentials
• Added sessions table for managing active sessions
• Proper foreign key relationships and indexes

API Endpoints

• /api/auth/login - User authentication
• /api/auth/logout - Session termination
• /api/auth/me - Current user verification
• /api/auth/setup - Initial admin setup

Frontend Components

• AuthProvider - React context for global auth state
• ProtectedRoute - Component wrapper for secured pages
• Login page with form validation
• Setup page for initial configuration
• Logout button integrated into main UI

Testing

All authentication flows have been tested:

• ✅ Admin user creation
• ✅ Login with valid credentials
• ✅ Session persistence
• ✅ Protected route access
• ✅ Logout functionality
• ✅ Session expiration

Security Considerations

• Passwords are hashed with bcrypt (never stored in plain text)
• Sessions use secure, httpOnly cookies
• Automatic session cleanup after 24 hours
• Proper error handling without leaking user information

Breaking Changes

None - the application will prompt for initial setup on first run.

Screenshots

The login page provides a clean interface for authentication, while the setup page guides users through creating their first admin account.

🤖 Generated with Claude Code

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/community-scripts/ProxmoxVE-Local/pull/17 **Author:** [@RXWatcher](https://github.com/RXWatcher) **Created:** 10/3/2025 **Status:** ❌ Closed **Base:** `development` ← **Head:** `feat/authentication-system` --- ### 📝 Commits (4) - [`5823e54`](https://github.com/community-scripts/ProxmoxVE-Local/commit/5823e544641c3fcbbbdacf0f945e0cb60d674162) Add GitHub templates and configuration (#8) - [`5582d28`](https://github.com/community-scripts/ProxmoxVE-Local/commit/5582d288d708dac7557b0e89935c923c02cb69af) Update note from 'beat' to 'beta' in README - [`be65cee`](https://github.com/community-scripts/ProxmoxVE-Local/commit/be65cee6adfa19d922bb42b4dc3654262fdb4fd3) feat: Add SSH key authentication support - [`6c6f031`](https://github.com/community-scripts/ProxmoxVE-Local/commit/6c6f03110d5b2106467d3d362605d9e3c07c0a4f) feat: Add authentication system to secure the application ### 📊 Changes **26 files changed** (+1797 additions, -215 deletions) <details> <summary>View changed files</summary> ➕ `.github/CODEOWNERS` (+15 -0) ➕ `.github/ISSUE_TEMPLATE/bug_report.yml` (+50 -0) ➕ `.github/ISSUE_TEMPLATE/feature_request.yml` (+33 -0) ➕ `.github/pull_request_template.md` (+24 -0) 📝 `README.md` (+1 -1) ➕ `middleware.ts` (+78 -0) 📝 `package-lock.json` (+40 -0) 📝 `package.json` (+4 -0) ➕ `src/app/_components/AuthProvider.tsx` (+74 -0) ➕ `src/app/_components/LogoutButton.tsx` (+56 -0) ➕ `src/app/_components/ProtectedRoute.tsx` (+37 -0) 📝 `src/app/_components/ServerForm.tsx` (+80 -4) ➕ `src/app/api/auth/login/route.ts` (+76 -0) ➕ `src/app/api/auth/logout/route.ts` (+29 -0) ➕ `src/app/api/auth/me/route.ts` (+44 -0) ➕ `src/app/api/auth/setup/route.ts` (+90 -0) 📝 `src/app/api/servers/[id]/route.ts` (+19 -4) 📝 `src/app/api/servers/route.ts` (+19 -4) 📝 `src/app/layout.tsx` (+6 -1) ➕ `src/app/login/page.tsx` (+134 -0) _...and 6 more files_ </details> ### 📄 Description ## Summary This PR adds a comprehensive authentication system to the PVE Scripts management interface, making it safe to expose the application to the internet. ## Features - **Session-based authentication** with SQLite database storage - **Secure password hashing** using bcrypt (12 salt rounds) - **Initial setup flow** for creating the first admin user - **Login/logout functionality** with proper session management - **Protected routes** ensuring only authenticated users can access the app - **24-hour session expiration** for security ## Technical Implementation ### Database Schema - Added `users` table for storing user credentials - Added `sessions` table for managing active sessions - Proper foreign key relationships and indexes ### API Endpoints - `/api/auth/login` - User authentication - `/api/auth/logout` - Session termination - `/api/auth/me` - Current user verification - `/api/auth/setup` - Initial admin setup ### Frontend Components - `AuthProvider` - React context for global auth state - `ProtectedRoute` - Component wrapper for secured pages - Login page with form validation - Setup page for initial configuration - Logout button integrated into main UI ## Testing All authentication flows have been tested: - ✅ Admin user creation - ✅ Login with valid credentials - ✅ Session persistence - ✅ Protected route access - ✅ Logout functionality - ✅ Session expiration ## Security Considerations - Passwords are hashed with bcrypt (never stored in plain text) - Sessions use secure, httpOnly cookies - Automatic session cleanup after 24 hours - Proper error handling without leaking user information ## Breaking Changes None - the application will prompt for initial setup on first run. ## Screenshots The login page provides a clean interface for authentication, while the setup page guides users through creating their first admin account. 🤖 Generated with [Claude Code](https://claude.ai/code) --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

saavagebueno added the pull-request label 2025-11-20 04:12:55 -05:00

saavagebueno closed this issue 2025-11-20 04:12:55 -05:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/npm_and_yarn/eslint-10.1.0

dependabot/npm_and_yarn/baseline-browser-mapping-2.10.12

dependabot/npm_and_yarn/prisma/client-7.6.0

dependabot/npm_and_yarn/vitest-4.1.2

dependabot/npm_and_yarn/trpc/server-11.16.0

update-version-v0.5.7

preserve_images

feature/pocketbase-migration

update-version-v0.5.6

fix/466

fix/405

fix/464

fix/312

fix/362

fix/438

fix/404

fix/365

feat/406

feat/419

feat/447

update_january_core

fix/465

fix/398

update-version-v0.5.5

MickLesk-patch-2

get_update_script

update-version-v0.5.4

fixes_update

update-version-v0.5.3

fix_db_initialization

update_footer

update_core

alert-autofix-4

update-version-v0.5.2

feat/use_new_core_features

feat/core_bump

fix/source-calls-path-resolution

update-version-v0.5.1

feat/clone_lxc_vm

fix/352

fix/357_356

update-version-v0.5.0

bugfixing_bumps

fix/vm_detection

fix/some_small_thnigs

fix/update_script

node24_securityfix

update-version-v0.4.13

MickLesk-patch-1

update-version-v0.4.12

bump_pve91

feat/lxc_backups

fix/320

localization

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.13

v0.4.12

v0.4.11

v0.4.10.3

v0.4.10.2

v0.4.10.1

v0.4.10

v0.4.9

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.1

v0.1.0

Labels

Clear labels

bug

enhancement

enhancement

feature

in progress

pull-request

Mirrored from GitHub Pull Request

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

saavagebueno

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: SVI/ProxmoxVE-Local#117