chore: remove outdated authentication flow and agent skills documentation from README
This commit is contained in:
GitHub Actions
126
README.md
126
README.md
@@ -189,129 +189,3 @@ Charon implements comprehensive Server-Side Request Forgery (SSRF) protection fo
|
||||
**[🐛 Report Problems](https://github.com/Wikid82/charon/issues)** — Something broken? Let us know
|
||||
|
||||
---
|
||||
|
||||
## Authentication Flow
|
||||
|
||||
### How Authentication Works
|
||||
|
||||
Charon uses a **three-tier authentication system** to validate user sessions:
|
||||
|
||||
1. **Authorization Header** (`Authorization: Bearer <token>`) — Checked first
|
||||
2. **HTTP Cookie** (`authToken`) — Checked if no header present
|
||||
3. **Query Parameter** (`?token=<token>`) — Fallback for WebSocket connections
|
||||
|
||||
### Expected 401 Responses
|
||||
|
||||
When you first access Charon or your session expires, you'll see this in the browser console:
|
||||
|
||||
```
|
||||
GET /api/auth/me → 401 Unauthorized
|
||||
```
|
||||
|
||||
**This is normal and expected behavior.** Here's why:
|
||||
|
||||
- The frontend checks authentication status on page load
|
||||
- If you're not logged in, the API returns 401
|
||||
- The frontend receives this response and shows the login page
|
||||
- Once you log in, the 401 errors disappear
|
||||
|
||||
**Development tip:** These 401 responses are not errors—they're the API's way of saying "authentication required." Modern SPAs (Single Page Applications) expect and handle these responses gracefully.
|
||||
|
||||
### Authentication Verification
|
||||
|
||||
After logging in, Charon validates your session on every API request:
|
||||
|
||||
```
|
||||
GET /api/auth/me → 200 OK
|
||||
```
|
||||
|
||||
**Response includes:**
|
||||
|
||||
- User ID and username
|
||||
- Role and permissions
|
||||
- Session expiration time
|
||||
|
||||
**Token refresh:** Sessions automatically extend on activity. The default session timeout is 24 hours.
|
||||
|
||||
### Security Considerations
|
||||
|
||||
- ✅ All authentication tokens use cryptographically secure random generation
|
||||
- ✅ Tokens are hashed before storage in the database
|
||||
- ✅ Sessions expire after inactivity
|
||||
- ✅ HTTPS enforces `Secure` cookie attributes in production
|
||||
- ✅ `HttpOnly` flag prevents JavaScript access to auth cookies
|
||||
|
||||
**Learn more:** See [Security Features](https://wikid82.github.io/charon/security) for complete authentication and authorization documentation.
|
||||
|
||||
---
|
||||
|
||||
## Agent Skills
|
||||
|
||||
Charon uses [Agent Skills](https://agentskills.io) for AI-discoverable, executable development tasks. Skills are self-documenting task definitions that can be executed by both humans and AI assistants like GitHub Copilot.
|
||||
|
||||
### What are Agent Skills?
|
||||
|
||||
Agent Skills combine YAML metadata with Markdown documentation to create standardized, AI-discoverable task definitions. Each skill represents a specific development task (testing, building, security scanning, etc.) that can be:
|
||||
|
||||
- ✅ **Executed directly** via command line
|
||||
- ✅ **Discovered by AI** assistants (GitHub Copilot, etc.)
|
||||
- ✅ **Run from VS Code** tasks menu
|
||||
- ✅ **Integrated in CI/CD** pipelines
|
||||
|
||||
### Available Skills
|
||||
|
||||
Charon provides 19 operational skills across multiple categories:
|
||||
|
||||
- **Testing** (4 skills): Backend/frontend unit tests and coverage analysis
|
||||
- **Integration** (5 skills): CrowdSec, Coraza, and full integration test suites
|
||||
- **Security** (2 skills): Trivy vulnerability scanning and Go security checks
|
||||
- **QA** (1 skill): Pre-commit hooks and code quality checks
|
||||
- **Utility** (4 skills): Version management, cache clearing, database recovery
|
||||
- **Docker** (3 skills): Development environment management
|
||||
|
||||
### Using Skills
|
||||
|
||||
**Command Line:**
|
||||
```bash
|
||||
# Run backend tests with coverage
|
||||
.github/skills/scripts/skill-runner.sh test-backend-coverage
|
||||
|
||||
# Run security scan
|
||||
.github/skills/scripts/skill-runner.sh security-scan-trivy
|
||||
```
|
||||
|
||||
**VS Code Tasks:**
|
||||
1. Open Command Palette (`Ctrl+Shift+P` or `Cmd+Shift+P`)
|
||||
2. Select `Tasks: Run Task`
|
||||
3. Choose your skill (e.g., `Test: Backend with Coverage`)
|
||||
|
||||
**GitHub Copilot:**
|
||||
Simply ask Copilot to run tasks naturally:
|
||||
- "Run backend tests with coverage"
|
||||
- "Start the development environment"
|
||||
- "Run security scans"
|
||||
|
||||
### Learning More
|
||||
|
||||
- **[Agent Skills Documentation](.github/skills/README.md)** — Complete skill reference
|
||||
- **[agentskills.io Specification](https://agentskills.io/specification)** — Standard format details
|
||||
- **[Migration Guide](docs/AGENT_SKILLS_MIGRATION.md)** — Transition from legacy scripts
|
||||
|
||||
---
|
||||
|
||||
## Contributing
|
||||
|
||||
Want to help make Charon better? Check out [CONTRIBUTING.md](CONTRIBUTING.md)
|
||||
|
||||
---
|
||||
|
||||
<p align="center">
|
||||
<a href="LICENSE"><strong>MIT License</strong></a> ·
|
||||
<a href="https://wikid82.github.io/charon/"><strong>Documentation</strong></a> ·
|
||||
<a href="https://github.com/Wikid82/charon/releases"><strong>Releases</strong></a>
|
||||
</p>
|
||||
|
||||
<p align="center">
|
||||
<em>Built with ❤️ by <a href="https://github.com/Wikid82">@Wikid82</a></em><br>
|
||||
<sub>Powered by <a href="https://caddyserver.com/">Caddy Server</a></sub>
|
||||
</p>
|
||||
|
||||
Reference in New Issue
Block a user