Jason Woltje 2d7fb285c3 feat(api): add break-glass local authentication module ...

Implement LocalAuth module for emergency access without OIDC.
Endpoints: POST /api/auth/local/setup (first-time user creation with
BREAKGLASS_SETUP_TOKEN), POST /api/auth/local/login (email + password).
Both return 404 when ENABLE_LOCAL_AUTH != true. Uses bcrypt (12 rounds)
for password hashing and creates BetterAuth-compatible sessions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-28 12:04:37 -06:00

3.4 KiB

Raw Blame History

View Raw