diff --git a/README.md b/README.md index ac5bb087..9d896c66 100644 --- a/README.md +++ b/README.md @@ -189,129 +189,3 @@ Charon implements comprehensive Server-Side Request Forgery (SSRF) protection fo **[πŸ› Report Problems](https://github.com/Wikid82/charon/issues)** β€” Something broken? Let us know --- - -## Authentication Flow - -### How Authentication Works - -Charon uses a **three-tier authentication system** to validate user sessions: - -1. **Authorization Header** (`Authorization: Bearer `) β€” Checked first -2. **HTTP Cookie** (`authToken`) β€” Checked if no header present -3. **Query Parameter** (`?token=`) β€” Fallback for WebSocket connections - -### Expected 401 Responses - -When you first access Charon or your session expires, you'll see this in the browser console: - -``` -GET /api/auth/me β†’ 401 Unauthorized -``` - -**This is normal and expected behavior.** Here's why: - -- The frontend checks authentication status on page load -- If you're not logged in, the API returns 401 -- The frontend receives this response and shows the login page -- Once you log in, the 401 errors disappear - -**Development tip:** These 401 responses are not errorsβ€”they're the API's way of saying "authentication required." Modern SPAs (Single Page Applications) expect and handle these responses gracefully. - -### Authentication Verification - -After logging in, Charon validates your session on every API request: - -``` -GET /api/auth/me β†’ 200 OK -``` - -**Response includes:** - -- User ID and username -- Role and permissions -- Session expiration time - -**Token refresh:** Sessions automatically extend on activity. The default session timeout is 24 hours. - -### Security Considerations - -- βœ… All authentication tokens use cryptographically secure random generation -- βœ… Tokens are hashed before storage in the database -- βœ… Sessions expire after inactivity -- βœ… HTTPS enforces `Secure` cookie attributes in production -- βœ… `HttpOnly` flag prevents JavaScript access to auth cookies - -**Learn more:** See [Security Features](https://wikid82.github.io/charon/security) for complete authentication and authorization documentation. - ---- - -## Agent Skills - -Charon uses [Agent Skills](https://agentskills.io) for AI-discoverable, executable development tasks. Skills are self-documenting task definitions that can be executed by both humans and AI assistants like GitHub Copilot. - -### What are Agent Skills? - -Agent Skills combine YAML metadata with Markdown documentation to create standardized, AI-discoverable task definitions. Each skill represents a specific development task (testing, building, security scanning, etc.) that can be: - -- βœ… **Executed directly** via command line -- βœ… **Discovered by AI** assistants (GitHub Copilot, etc.) -- βœ… **Run from VS Code** tasks menu -- βœ… **Integrated in CI/CD** pipelines - -### Available Skills - -Charon provides 19 operational skills across multiple categories: - -- **Testing** (4 skills): Backend/frontend unit tests and coverage analysis -- **Integration** (5 skills): CrowdSec, Coraza, and full integration test suites -- **Security** (2 skills): Trivy vulnerability scanning and Go security checks -- **QA** (1 skill): Pre-commit hooks and code quality checks -- **Utility** (4 skills): Version management, cache clearing, database recovery -- **Docker** (3 skills): Development environment management - -### Using Skills - -**Command Line:** -```bash -# Run backend tests with coverage -.github/skills/scripts/skill-runner.sh test-backend-coverage - -# Run security scan -.github/skills/scripts/skill-runner.sh security-scan-trivy -``` - -**VS Code Tasks:** -1. Open Command Palette (`Ctrl+Shift+P` or `Cmd+Shift+P`) -2. Select `Tasks: Run Task` -3. Choose your skill (e.g., `Test: Backend with Coverage`) - -**GitHub Copilot:** -Simply ask Copilot to run tasks naturally: -- "Run backend tests with coverage" -- "Start the development environment" -- "Run security scans" - -### Learning More - -- **[Agent Skills Documentation](.github/skills/README.md)** β€” Complete skill reference -- **[agentskills.io Specification](https://agentskills.io/specification)** β€” Standard format details -- **[Migration Guide](docs/AGENT_SKILLS_MIGRATION.md)** β€” Transition from legacy scripts - ---- - -## Contributing - -Want to help make Charon better? Check out [CONTRIBUTING.md](CONTRIBUTING.md) - ---- - -

- MIT License Β· - Documentation Β· - Releases -

- -

- Built with ❀️ by @Wikid82
- Powered by Caddy Server -