e19f0c8137
Updated `serve_admin_ui` to accept requests authenticated via admin session cookie (set by `/admin/login`), in addition to the existing X-Admin-Key and Authorization: Bearer header methods. The auth middleware already unseals the session cookie and sets the `AdminSessionId` extension - the UI handler now checks for this extension to allow cookie-authenticated requests through. Added comprehensive unit tests for: - X-Admin-Key authentication - Bearer token authentication - Session cookie authentication (via extension) - File serving with proper cache headers - 404 for missing files The embedded admin UI assets are ~35 KB gzipped (well under the 100 KB requirement). Session sealing, CSRF, and cross-pod session invalidation were already implemented in prior work. Closes: miroir-uhj.19 |
||
|---|---|---|
| .. | ||
| admin-ui/dist | ||
| src | ||
| static | ||
| tests | ||
| Cargo.toml | ||