The last-4 of the SHA-256 hash was meaningless for identification.
Now storing the first 12 chars of the plaintext key as key_prefix,
displayed as 'sk-aBcDeFgH••••••••' — consistent with what the user
sees at creation time and how GitHub/OpenAI handle it.
- /api/ollama-models accepts optional url query param to query a different endpoint
- Frontend fetches models on load and on Ollama URL blur
- Keeps current model selected if available, otherwise selects first in list
- Shows loading indicator while fetching
Use 127.0.0.1:8001:8001 to bind admin port locally only.
Explain Docker's 0.0.0.0 vs 127.0.0.1 distinction and add
SSH tunnel diagram showing how admin UI is accessed remotely.
Port 8001 should not be exposed to the host directly.
Add nginx reverse proxy and SSH tunnel examples instead.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove User/Quota models; quota fields now live directly on APIKey
- Admin UI: login, API key management, settings (Ollama URL/model), proxy info display
- .env/.env.example: ADMIN_PASSWORD, PROXY_HOST/PORT, DATABASE_URL, APP_TZ
- Admin API runs on 127.0.0.1 only; proxy host/port configurable
- API keys support optional expires_at; verified against Europe/Berlin timezone
- Daily/monthly quota resets use Europe/Berlin midnight boundary
- Fix all tests to use new flat model; add expiry tests
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
