Add password authentication to WebUI and implement session management

- Updated WebUI configuration to include a password field for authentication. - Enhanced the WebUI server to handle login and logout functionality with session management. - Added tests for authentication and session handling. - Updated README and example configuration to reflect new authentication features.
2025-08-27 09:25:09 +03:00 · 2025-07-30 08:34:29 +00:00 · 2025-07-30 08:34:29 +00:00 · 113dcbb72a
commit 113dcbb72a
parent 51e1ef3ed0
17 changed files with 676 additions and 74 deletions
--- a/src/webui/example_config.hjson
+++ b/src/webui/example_config.hjson
@ -0,0 +1,41 @@
+{
+  // Example Yggdrasil configuration with WebUI password authentication
+  
+  "PrivateKey": "your_private_key_here",
+  "PublicKey": "your_public_key_here",
+  
+  // ... other Yggdrasil configuration options ...
+  
+  // Web interface configuration
+  "WebUI": {
+    "Enable": true,
+    "Port": 9000,
+    "Host": "127.0.0.1",  // Bind only to localhost for security
+    "Password": "your_secure_password_here"  // Set a strong password
+  }
+}
+
+// Usage examples:
+//
+// 1. Enable WebUI with password protection:
+//    Set "Password" to a strong password
+//    Users will see a custom login page asking only for password
+//
+// 2. Disable password protection:
+//    Set "Password" to "" (empty string)
+//    WebUI will be accessible without authentication
+//
+// 3. Disable WebUI entirely:
+//    Set "Enable" to false
+//
+// Authentication features:
+// - Custom login page (no username required, only password)
+// - Session-based authentication with secure cookies
+// - 24-hour session expiration
+// - Automatic session cleanup
+//
+// Security recommendations:
+// - Use a strong, unique password (12+ characters)
+// - Bind to localhost (127.0.0.1) unless you need remote access
+// - Consider using HTTPS reverse proxy for production deployments
+// - Sessions are stored in memory and lost on server restart