wenpai/packages.wenpai.net
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
packages.wenpai.net/docs/admin-access.md
Ben Word 7cb8fef01b
WP Packages rename (#42) 
* Update all import paths

* Rename directory cmd/wpcomposer/ → cmd/wppackages/

* Rename import alias wpcomposergo → wppackagesgo in main.go and migrate_test.go

* Makefile — binary name wpcomposer → wppackages

* Update Air path

* Global replace repo.wp-composer.com → repo.wp-packages.org

* Global replace cdn.wp-composer.com → cdn.wp-packages.org

* Global replace wp-composer.com → wp-packages.org (remaining)

* Composer repo key in templates/docs: repositories.wp-composer → repositories.wp-packages

* Rename columns on the existing schema

* Update all Go code referencing these column names

* Routes & SEO

* Templates & front-end

* Admin UI

* Documentation

* CI/CD

* Config defaults

* Rename role directory

* Rename all systemd template files inside the role

* Update contents of all .j2 templates — service names, binary paths, descriptions

* Update tasks/main.yml and handlers/main.yml in the role

* Update deploy/ansible/roles/app/tasks/main.yml and deploy.yml

* Update deploy/ansible/group_vars/production/main.yml

* Additional renames/fixes

* Additional renames/fixes

* Additional renames/fixes

* not needed
2026-03-19 11:50:12 -05:00

58 lines
1.7 KiB
Markdown
Raw Permalink Blame History

# Admin Access
## Security Model
Admin access is protected by in-app authentication. Email/password login and admin authorization are required for all protected `/admin/*` routes.
**Note:** The app always trusts `X-Real-IP` / `X-Forwarded-For` headers for client IP resolution (used for login rate limiting and telemetry dedupe). It must be deployed behind a trusted reverse proxy (Caddy) — never exposed directly to the internet.
## Admin Bootstrap
### Create initial admin user
```bash
echo 'secure-password' | wppackages admin create --email admin@example.com --name "Admin" --password-stdin
```
### Promote existing user to admin
```bash
wppackages admin promote --email user@example.com
```
### Reset admin password
```bash
echo 'new-password' | wppackages admin reset-password --email admin@example.com --password-stdin
```
## Login/Logout
- **Login:** `GET /admin/login` renders a login form. `POST /admin/login` authenticates with email/password and creates a server-side session.
- **Logout:** `POST /admin/logout` destroys the session and clears the cookie.
- **Session cookie:** `session`, HttpOnly, Secure (in production), SameSite=Lax.
- **Session lifetime:** configurable via `SESSION_LIFETIME_MINUTES` (default 7200 minutes / 5 days).
## Session Cleanup
Expired sessions accumulate in the `sessions` table. Clean them periodically:
```bash
wppackages cleanup-sessions
```
Run via systemd timer or cron (daily recommended).
## Emergency Password Reset
If locked out of the admin panel:
```bash
# SSH to the server
ssh deploy@your-server
# Reset the password
echo 'new-password' | wppackages admin reset-password --email admin@example.com --password-stdin
```
No database access or application restart required.
Reference in a new issue View git blame Copy permalink