Auth! (#11347)

* reload the window on 401

* backend apis for auth

* add login page

* re-enable web linter

* fix login page routing

* bypass csrf for internal auth endpoint

* disable healthcheck in devcontainer target

* include login page in vite build

* redirect to login page on 401

* implement config for users and settings

* implement JWT actual secret

* add brute force protection on login

* add support for redirecting from auth failures on api calls

* return location for redirect

* default cookie name should pass regex test

* set hash iterations to current OWASP recommendation

* move users to database instead of config

* config option to reset admin password on startup

* user management UI

* check for deleted user on refresh

* validate username and fixes

* remove password constraint

* cleanup

* fix user check on refresh

* web fixes

* implement auth via new external port

* use x-forwarded-for to rate limit login attempts by ip

* implement logout and profile

* fixes

* lint fixes

* add support for user passthru from upstream proxies

* add support for specifying a logout url

* add documentation

* Update docs/docs/configuration/authentication.md

Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>

* Update docs/docs/configuration/authentication.md

Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>

---------

Co-authored-by: Nicolas Mowen <nickmowen213@gmail.com>

docs/docs/guides/getting_started.md

@@ -117,7 +117,7 @@ services:
         tmpfs:
           size: 1000000000
     ports:
-      - "5000:5000"
+      - "8080:8080"
       - "8554:8554" # RTSP feeds
 ```
 
@@ -137,7 +137,7 @@ cameras:
             - detect
 ```
 
-Now you should be able to start Frigate by running `docker compose up -d` from within the folder containing `docker-compose.yml`. Frigate should now be accessible at `server_ip:5000` and you can finish the configuration using the built-in configuration editor.
+Now you should be able to start Frigate by running `docker compose up -d` from within the folder containing `docker-compose.yml`. On startup, an admin user and password will be created and outputted in the logs. You can see this by running `docker logs frigate`. Frigate should now be accessible at `server_ip:8080` where you can login with the `admin` user and finish the configuration using the built-in configuration editor.
 
 ## Configuring Frigate
 

docs/docs/guides/reverse_proxy.md

@@ -38,20 +38,20 @@ Here we access Frigate via https://cctv.mydomain.co.uk
     ServerName cctv.mydomain.co.uk
 
     ProxyPreserveHost On
-    ProxyPass "/"  "http://frigatepi.local:5000/"
-    ProxyPassReverse "/"  "http://frigatepi.local:5000/"
+    ProxyPass "/"  "http://frigatepi.local:8080/"
+    ProxyPassReverse "/"  "http://frigatepi.local:8080/"
 
-    ProxyPass /ws ws://frigatepi.local:5000/ws
-    ProxyPassReverse /ws ws://frigatepi.local:5000/ws
+    ProxyPass /ws ws://frigatepi.local:8080/ws
+    ProxyPassReverse /ws ws://frigatepi.local:8080/ws
 
-    ProxyPass /live/ ws://frigatepi.local:5000/live/
-    ProxyPassReverse /live/ ws://frigatepi.local:5000/live/
+    ProxyPass /live/ ws://frigatepi.local:8080/live/
+    ProxyPassReverse /live/ ws://frigatepi.local:8080/live/
 
     RewriteEngine on
     RewriteCond %{HTTP:Upgrade} =websocket [NC]
-    RewriteRule /(.*)  ws://frigatepi.local:5000/$1 [P,L]
+    RewriteRule /(.*)  ws://frigatepi.local:8080/$1 [P,L]
     RewriteCond %{HTTP:Upgrade} !=websocket [NC]
-    RewriteRule /(.*)  http://frigatepi.local:5000/$1 [P,L]
+    RewriteRule /(.*)  http://frigatepi.local:8080/$1 [P,L]
 </VirtualHost>
 ```
 
@@ -101,7 +101,7 @@ This is set in `$server` and `$port` this should match your ports you have expos
 server {
   set $forward_scheme http;
   set $server         "192.168.100.2"; # FRIGATE SERVER LOCATION
-  set $port           5000;
+  set $port           8080;
 
   listen 80;
   listen 443 ssl http2;