- New settings.json persistence layer (internal/settings/settings.go)
- Atomic write (tmp + rename), thread-safe with sync.RWMutex
- Stores password hash overrides and DB validation cache
- Auto-creates on first save, graceful handling if missing
- Auth improvements
- Password resolution priority: settings.json > controller.yaml > none
- Session duration extended to 7 days (was 24h)
- ?next= redirect after session expiry (returns to original page)
- Flash messages on login page (used after password change)
- Conditional logout link (hidden when auth disabled)
- Session invalidation on password change
- New Settings page (/settings)
- Read-only system config display (customer, domain, git, backup, monitoring)
- Password change form with validation (min 8 chars, match check)
- Sidebar "Beállítások" item pinned to bottom above version
- DB validation persistence
- Validation results saved to settings.json after each dump
- Cached data survives container restarts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
admin
4053245be8