MAD Auth -- User Manual

v2.0.0 | content.madnet.gr

Back to Sign In

MAD Auth Service -- User Manual

Version 2.0.0 | Port 8900 | content.madnet.gr/auth/


What Is This?

MAD Auth is the "front door" for all MAD TV online tools. Before you can use the Dashboard, Music Scheduler, Radio Ratings, Playout, or any other service at content.madnet.gr, you need to sign in.

Once signed in, you get a secure cookie that lasts 12 hours. The web server checks this cookie on every request and verifies you have access to the specific service you're visiting.


Signing In

URL: https://content.madnet.gr/auth/login

Option 1: Magic Link (recommended)

  1. Enter your email address and click Send Sign-In Link.
  2. Check your email for a message from MAD TV.
  3. Click the link in the email. You are signed in and redirected to the Dashboard.

The link expires after 15 minutes and can only be used once. If it expires, request a new one.

Option 2: Password (fallback)

  1. Click the Password tab on the sign-in page.
  2. Enter your username and password, click Sign In.

If your account was created without a password (magic-link only), the password tab will not work. Ask the admin to set one if needed.


Signing Out

Individual services include their own logout buttons. Signing out clears your cookie and revokes your session immediately.


User Roles

RoleWhat it means
adminFull access to everything. Can manage users, view sessions, and see the audit log at /auth/admin.
editorCan access only the services assigned to their account. Cannot manage other users.

Per-Service Access Control

Each user has a list of allowed services. The web server checks this on every request — not just on the dashboard. If you try to visit a service you don't have access to (even by typing the URL directly), you will be redirected to the sign-in page.

The full list of services is managed by admins at /auth/admin. The service registry is defined in data/services.json on the server.


For Admins

Admin Panel

URL: https://content.madnet.gr/auth/admin

The admin panel has four tabs:

Creating a User (Magic Link Only)

In the admin panel, click Add User. Enter a username and email. Leave the password blank — the user will sign in via magic link. Select the services they need.

Creating a User (With Password)

Same as above, but also enter a password. The user can sign in with either method.

API Endpoints

MethodPathAuthWhat it does
GET/auth/loginNoSign-in page
POST/auth/loginNoPassword login
POST/auth/magic-link/requestNoSend magic link email
GET/auth/magic-link/verifyNoConsume magic link, create session
POST/auth/logoutCookieSign out, revoke session
GET/auth/validateCookieReturns current user info
GET/auth/check-serviceCookiePer-service access check (used by Caddy)
GET/auth/api/usersAdminList all users
POST/auth/api/usersAdminCreate a user
PUT/auth/api/users/:idAdminUpdate a user
DELETE/auth/api/users/:idAdminDelete a user
POST/auth/api/users/:id/revoke-allAdminRevoke all sessions for a user
GET/auth/api/sessionsAdminList active sessions
POST/auth/api/sessions/:id/revokeAdminRevoke a session
GET/auth/api/auditAdminQuery audit log
GET/auth/api/servicesCookieList service registry
GET/auth/adminAdminAdmin panel UI
GET/auth/healthNoHealth check

How the Cookie Works

There is also a mad_services cookie readable by JavaScript for UI filtering.


Security


Troubleshooting

ProblemSolution
"Invalid username or password"Check caps lock. Ask admin to verify your account is active.
Magic link not arrivingCheck spam folder. Verify your email is set in the admin panel. Max 3 links per 15 minutes.
"This sign-in link has expired"Links expire after 15 minutes. Request a new one.
Keeps redirecting to loginCookie expired (12h) or session was revoked by admin. Sign in again.
Can sign in but can't access a serviceYou don't have that service in your allowed list. Ask admin at /auth/admin.

MAD Auth Service v2.0.0 | content.madnet.gr/auth/