# Jellomator

Dark dashboard for Arr* services and custom links.

## Features

- First-run admin setup
- Cookie-based admin auth
- Public dashboard with search/filter
- Dedicated protected admin page at `/admin`
- Link CRUD backed by MariaDB
- Icon blobs stored in the database
- Single-container deployment
- Admin-managed service links

## Local Dev

```bash
npm install
npm run dev
```

Backend runs on `http://localhost:6363`.

Open `/admin` for the protected management page.

## Docker

```bash
docker compose up --build
```

The app expects a MariaDB instance configured through environment variables.

### Session and Cookie Env Vars

- `SESSION_TTL_SECONDS` (default: `86400`)
- `SESSION_ROTATE_SECONDS` (default: `3600`, rotate active session token when exceeded)
- `SESSION_COOKIE_SECURE` (default: `false`, set `true` in production HTTPS)
- `REQUIRE_CSRF` (default: `false`, checks same-origin/same-referer for write routes when enabled)
- `LOGIN_MAX_ATTEMPTS` (default: `5`)
- `LOGIN_WINDOW_SECONDS` (default: `300`)
- `LOGIN_LOCKOUT_SECONDS` (default: `900`)
- `MAX_ICON_BYTES` (default: `2097152`)
- `USERNAME_MAX_LEN` (default: `64`)
- `PASSWORD_MIN_LEN` (default: `12`)

## Gitea CI/CD

Add these secrets in Gitea:

- `REGISTRY`
- `REGISTRY_USERNAME`
- `REGISTRY_PASSWORD`
- `IMAGE_NAME`

The workflow builds and pushes `latest` plus the commit SHA tag.