Files
novaconium/App/config.php
T
code b882c304b1 Replace Basic Auth with multi-user login, roles, groups, and Lib\Access
Admin login & user management (novaconium/ISSUES.md): session-based
login against a SQLite users table replaces the single-user HTTP Basic
Auth stopgap (admin_username/admin_password_hash and /admin/password-hash
are gone; one admin_auth_enabled flag, off by default with zero DB
footprint). New /admin/login, /admin/logout (POST-only, real page), and
/admin/users pages plus bin/create-admin-user.php.

First user created is the admin; everyone after is registered with a
unique normalized email and an optional group. /admin/* and drafts are
admin-only; Lib\Access gates page content from sidecars
(Access::require('group:members')) with login-redirect/404 responses —
public by default, static pages always public by construction. User
management covers disable/enable, delete, promote/demote, group, email,
and password, with last-active-admin lockout guards.

Also: Session::regenerate() against fixation, friendly missing-PDO-driver
errors in Lib\Db, docs at /admin/docs/access-control and updates across
admin-auth/drafts/sidecars/config/libraries and README/AGENTS.md.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-15 00:17:54 +00:00

55 lines
2.3 KiB
PHP

<?php
// Override any subset of novaconium/config.php's defaults here — only list
// the keys you want to change. novaconium/bootstrap.php (and
// novaconium/bin/clear-cache.php) shallow-merge this over the framework
// defaults; see /admin/docs/config. Uncomment and adjust any of the
// examples below, or leave this file returning an empty array to keep
// every framework default as-is.
return [
// 'debug' => false,
// 'site_name' => 'My Site',
// Docs: /admin/docs/matomo
// 'matomo_url' => 'https://matomo.example.com/',
// 'matomo_site_id' => '1',
// Docs: /admin/docs/admin-auth — session login for /admin/* against
// the SQLite-backed users table. After enabling, create the first user
// at /admin/users, or beforehand (safer) with:
// php novaconium/bin/create-admin-user.php <username>
// 'admin_auth_enabled' => true,
// Docs: /admin/docs/database — adds (or overrides) named Lib\Db
// connections. This merges into db_connections by name rather than
// replacing the whole map, so adding 'legacy' here doesn't require
// repeating 'default' — see Lib\Db::config().
// 'db_connections' => [
// 'legacy' => [
// 'driver' => 'mysql',
// 'host' => 'localhost',
// 'port' => 3306,
// 'database' => 'legacy_app',
// 'username' => 'root',
// 'password' => '...',
// 'charset' => 'utf8mb4', // optional, defaults to utf8mb4
// 'migrations_dir' => __DIR__ . '/migrations/legacy', // optional
// ],
// ],
// Docs: /admin/docs/drafts — requires admin_auth_enabled above (and at
// least one user) to actually gate anything; open access otherwise,
// same as the rest of /admin/*.
// 'draft_routes' => ['blog/upcoming-post'],
// Docs: /admin/docs/content-index — powers /sitemap.xml, /search, and
// blog tag browsing. Off by default (depends on SQLite); enable with:
// 'content_index_enabled' => true,
//
// Or enable but skip the automatic lazy reindex, relying only on
// `php novaconium/bin/index-content.php` (e.g. from a deploy step):
// 'content_index_enabled' => true,
// 'content_index_auto' => false,
];