- Add AllowAnonymousRead and AllowAnonymousWrite config parameters
- Set both to false by default for security
- Apply conditional authentication middleware to KV endpoints:
- GET requires auth if AllowAnonymousRead is false
- PUT requires auth if AllowAnonymousWrite is false
- DELETE always requires authentication (no anonymous delete)
- Update integration tests to enable anonymous access for testing
- Maintain backward compatibility when AuthEnabled is false
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add HasUsers() method to AuthService to check for existing users
- Add setupRootAccount() logic that only triggers when:
- No users exist in database AND no seed nodes are configured
- AuthEnabled is true (respects feature toggle)
- Create root user with UUID, admin group, and comprehensive scopes
- Generate 24-hour JWT token with full administrative permissions
- Display token prominently on console for initial setup
- Prevent duplicate root account creation on subsequent starts
- Skip root account creation in cluster mode (with seed nodes)
Root account includes all administrative scopes:
- admin:users:*, admin:groups:*, admin:tokens:*
- Standard read/write/delete permissions
This resolves the bootstrap problem for authentication-enabled deployments
and provides secure initial access for administrative operations.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add conditional route registration based on feature toggles
- AuthEnabled now controls authentication/user management endpoints
- ClusteringEnabled controls member and Merkle tree endpoints
- RevisionHistoryEnabled controls history endpoints
- Feature toggles for RateLimitingEnabled and TamperLoggingEnabled were already implemented
This completes issue #6 allowing flexible deployment scenarios by disabling
unnecessary features and their associated endpoints.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Removed all duplicate Server methods from main.go (630 lines)
- Fixed import conflicts and unused imports
- main.go reduced from 3,298 to 340 lines (89% reduction)
- Clean modular structure with server package handling all server functionality
- Achieved clean build with no compilation errors
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Created server package with:
- server.go: Server struct and core methods
- handlers.go: HTTP handlers for health, KV operations, cluster management
- routes.go: HTTP route setup
- lifecycle.go: Server startup/shutdown logic
This moves ~400 lines of server-related code from main.go to dedicated
server package for better organization.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
