- auth.py: passkey credential store (public keys only) + env-driven RP config. - auth_routes.py: /login, /enroll, /logout + /auth/* ceremony endpoints + before_request gate (no-op unless AUTH_ENABLED=1). - login/enroll pages (SimpleWebAuthn browser); settings page lists + removes enrolled devices. requirements: webauthn==2.7.1. - Deploys OFF: no behavior change until enabled after the hostname/cert exist. Closes groundwork for #5. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
12 lines
163 B
Plaintext
12 lines
163 B
Plaintext
Flask==3.1.3
|
|
Werkzeug==3.1.8
|
|
Jinja2==3.1.6
|
|
click==8.1.8
|
|
itsdangerous==2.2.0
|
|
MarkupSafe==3.0.3
|
|
pdfplumber==0.11.8
|
|
python-dateutil
|
|
requests
|
|
gunicorn
|
|
webauthn==2.7.1
|