Multi-User Mode
Multi-user mode enables username/password authentication with role-based access control. When no users exist yet, the system presents an admin setup flow before any other functionality is accessible.
First-Time Admin Setup
When no users exist yet, the system presents an Admin Setup dialog. This is the only way to create the first account and gain access to Hefty. The required fields are:
- Username (required) — a unique identifier for the administrator account
- Password (required) — the administrator's password
- Display Name (optional) — a friendly name shown throughout the UI
Once submitted, the first administrator account is created and you are logged in automatically.
Login & Sessions
In multi-user mode, the Auth popup presents a login form with Username and Password fields. After successful authentication, a session token is issued and stored in localStorage for persistence across page reloads.
- Token storage — session tokens are stored in
localStorageso the session survives browser refreshes and tab closures. - Auto-refresh — tokens refresh automatically at 80% of their lifetime, with a minimum of 60 seconds before expiry. This keeps sessions alive without requiring manual re-authentication.
- Session restore — on page reload, saved tokens are validated against the backend. If the token is still valid, the session is restored automatically without requiring the user to log in again.
User Icon Status
The user icon in the header reflects the current connection and authentication state at a glance:
| Color | Meaning |
|---|---|
| Green | Connected and authenticated |
| Yellow | Backend connected but not logged in |
| Red | Not connected to backend |
| Animated ping | Connecting or authenticating in progress |
Logout
Logout disconnects the session, clears the localStorage token, and returns to the login form. The logout option only appears in multi-user mode — single-user mode has no logout button.