Reintroduce TFE duration metadata: DB columns, form fields, controllers, views, and migration

Add 'unsafe-eval' to CSP script-src directives (htmx requires Function())
2026-06-25 16:19:19 +02:00 · 2026-06-11 13:05:37 +02:00
parent 00fed5f0e3
commit d588ae004d
81 changed files with 1061 additions and 840 deletions
--- a/README.md
+++ b/README.md
@@ -65,17 +65,9 @@ just deploy
 just deploy-nginx
 ```

-### Admin users (htpasswd)
-
-```bash
-just manage-admin-users
-# Then on server:
-ssh xamxam "sudo bash /tmp/manage-admin-users.sh"
-```
-
 ## Security notes

- Admin panel protected by nginx `auth_basic` + PHP session (`AdminAuth`)
+- Admin panel protected by PHP session (`AdminAuth`) — password-only, no username
 - Uploads stored outside webroot, served via controlled `media.php`
 - Rate limiting on public search (`src/RateLimit.php`)
 - See `nginx/docs/SECURITY_HEADERS.md` for security headers reference