add: caddy jwt logic

backend/src/main.py

@@ -16,7 +16,7 @@ from .database import SessionLocal, engine
 # Security
 
 # take it from env
-SECRET_KEY = b64decode("iYg7wB+sPihtjz50iJTsD0XmOeUwKy2TJtfNLcqFRM8=").hex()
+SECRET_KEY = b64decode("iYg7wB+sPihtjz50iJTsD0XmOeUwKy2TJtfNLcqFRM8=")
 ALGORITHM = "HS256"
 ACCESS_TOKEN_EXPIRE_MINUTES = 3600
 

caddy/Caddyfile

@@ -1,36 +1,46 @@
+{
+	order jwtauth before basicauth
+}
+
 :80 {
-  encode zstd gzip
+	encode zstd gzip
 
-  handle_path /api/v1/* {
-    rewrite * {path}
-    reverse_proxy geodata:8000
-  }
+	handle_path /api/v1/* {
+		rewrite * {path}
+		reverse_proxy geodata:8000
+	}
 
-  redir /openapi.json /api/v1/openapi.json permanent
+	redir /openapi.json /api/v1/openapi.json permanent
 
+	handle_path /martin/* {
+		rewrite * {path}
+		reverse_proxy martin:3000
+	}
 
-  handle_path /martin/* {
-    rewrite * {path}
-    reverse_proxy martin:3000
-  }
+	@is_admin {
+		vars {http.auth.user.id} "demo"
+	}
 
+	handle_path /pgweb/* {
+		jwtauth {
+			sign_key iYg7wB+sPihtjz50iJTsD0XmOeUwKy2TJtfNLcqFRM8=
+		}
 
-  handle_path /pgweb/* {
-    rewrite * {path}
-    reverse_proxy pgweb:8081
-  }
+		rewrite * {path}
+		reverse_proxy @is_admin pgweb:8081
+		redir /login/ 401
+	}
 
-  handle_path /static/previews/* {
-    rewrite * {path}
-    file_server
-  }
+	handle_path /static/previews/* {
+		rewrite * {path}
+		file_server
+	}
 
-  # play nice with vue-router
-  # https://caddy.community/t/caddy-with-vue-router/12352
-  handle {
+	# play nice with vue-router
+	# https://caddy.community/t/caddy-with-vue-router/12352
+	handle {
 		root * /usr/share/caddy
 		try_files {path}.html {path} /index.html
 		file_server
 	}
-  
 }