Feat: Implement JWT bearer token authentication

Protects image upload, delete, and tag-update endpoints behind Bearer token auth. Public read endpoints remain open. Angular SPA gains a login page, auth interceptor, and route guard for /upload. - JWTAuthProvider (HS256, sub/iat/exp, secrets.compare_digest) - POST /api/v1/auth/token login endpoint - require_auth FastAPI dependency on all write routes - AuthService, LoginComponent, authInterceptor, authGuard - Detail page hides write controls for unauthenticated visitors - 43 unit tests passing; integration tests require Docker stack Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-03 19:12:38 +00:00
parent d91a65abe5
commit 5fbbc1e67f
36 changed files with 3998 additions and 42 deletions
--- a/.env.example
+++ b/.env.example
@@ -13,3 +13,9 @@ API_BASE_URL=http://localhost:8000

 # Upload size limit in bytes (default 50 MiB)
 MAX_UPLOAD_BYTES=52428800
+
+# Owner credentials and JWT signing secret
+JWT_SECRET_KEY=change-me-to-a-long-random-string
+JWT_EXPIRY_SECONDS=86400
+OWNER_USERNAME=owner
+OWNER_PASSWORD=change-me