Language: English | 简体中文
ImageFlow Auto is local-first by default. Authentication is disabled in the
public template so local demos keep working immediately. If the console is
exposed beyond 127.0.0.1, enable authentication first.
The public repository contains safe defaults only:
config/security.yaml: public defaults, authentication off.config/security.local.yaml: local override, git-ignored..env.local: local provider secrets, git-ignored.
Do not commit security.local.yaml, .env, .env.local, provider API keys, or
runtime logs that contain provider responses.
When authentication is enabled:
- The first visit requires administrator password setup if no password hash is configured.
- Passwords are stored as PBKDF2-HMAC-SHA256 hashes with per-password salts.
- Sessions use HttpOnly cookies.
- Mutating API requests require a CSRF token header.
- Login attempts are rate-limited per client address.
- Security headers disable framing, MIME sniffing, referrer leakage, and browser permissions that the console does not need.
The frontend never stores the password or session token in localStorage.
Provider connection settings are split from pricing:
- Runtime connection settings are saved to
config/providers.local.yaml. - API keys, model env values, and base URL env values are saved to
.env.local. - Pricing profiles and model rates control estimates only. They do not make a provider runnable.
For local use, bind to 127.0.0.1. For a public or team-accessible deployment,
put the app behind HTTPS, enable authentication, use a strong administrator
password, and keep the runtime data directory private.