feat: Adds pocket id authentication to caddy.

Caddyfile

@@ -1,4 +1,53 @@
+{
+  	# Port to listen on
+	http_port 80
+
+  	# Configure caddy-security.
+	order authenticate before respond
+	security {
+		oauth identity provider generic {
+			delay_start 3
+			realm generic
+			driver generic
+			client_id {env.OAUTH_CLIENT_ID} # Replace with your own client ID
+			client_secret {env.OAUTH_CLIENT_SECRET} # Replace with your own client secret
+			scopes openid email profile
+			base_auth_url https://id.housh.dev
+			metadata_url https://id.housh.dev/.well-known/openid-configuration
+		}
+
+		authentication portal myportal {
+			crypto default token lifetime 3600 # Seconds until you have to re-authenticate
+			enable identity provider generic
+			cookie insecure off # Set to "on" if you're not using HTTPS
+
+			transform user {
+				match realm generic
+				action add role user
+			}
+		}
+
+		authorization policy mypolicy {
+			set auth url /caddy-security/oauth2/generic
+			allow roles user
+			inject headers with claims
+		}
+	}
+}
+
 http://localhost {
+	@auth {
+		path /caddy-security/*
+  }
+
+	route @auth {
+		authenticate with myportal
+	}
+
+	route /* {
+		authorize with mypolicy
     root * /app
     file_server
+	}
 }
+

Dockerfile

@@ -38,7 +38,8 @@ RUN npx -y pagefind --site deploy
 # ==================================================
 # Run Image
 # ==================================================
-FROM caddy:2.9.1-alpine
+#FROM caddy:2.9.1-alpine
+FROM ghcr.io/authcrunch/authcrunch:latest
 
 WORKDIR /app