feat: optional auth + backup/restore reliability fixes

Auth is now optional: when `auth.api_keys` is empty, all endpoints are open (no login screen, no Bearer tokens). Health endpoint reports `auth_required` so the frontend knows which mode to use. Backup/restore fixes: - Auto-backup uses atomic writes (was `write_text`, risked corruption) - Startup backup skipped if recent backup exists (<5 min cooldown), preventing rapid restarts from rotating out good backups - Restore rejects all-empty backups to prevent accidental data wipes - Store saves frozen after restore to prevent stale in-memory data from overwriting freshly-restored files before restart completes - Missing stores during restore logged as warnings - STORE_MAP completeness verified at startup against StorageConfig
2026-03-23 14:50:25 +03:00
parent cd3137b0ec
commit 4975a74ff3
18 changed files with 189 additions and 67 deletions
--- a/server/config/default_config.yaml
+++ b/server/config/default_config.yaml
@@ -8,11 +8,11 @@ server:
    - "http://localhost:8080"

 auth:
-  # API keys are REQUIRED - authentication is always enforced
-  # Format: label: "api-key"
+  # API keys — when empty, authentication is disabled (open access).
+  # To enable auth, add one or more label: "api-key" entries.
+  # Generate secure keys: openssl rand -hex 32
  api_keys:
-    # Generate secure keys: openssl rand -hex 32
-    dev: "development-key-change-in-production"  # Development key - CHANGE THIS!
+    dev: "development-key-change-in-production"

 storage:
  devices_file: "data/devices.json"