The project now covers both ASR and TTS, so "asr-v2" no longer fits.
Renames: quadlet (asr-v2.container -> speech.container, container
name, image tag), build.sh, FastAPI/UI title, and the OIDC env var
prefix (ASR_V2_* -> SPEECH_*, matching the renamed Authentik
provider/application slug "speech"). Internal Python packages
(asr/, tts/, core/) were already named generically and don't change.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Same Authlib-based pattern as v1: SessionMiddleware + core/auth.py
(login/callback/logout + require_login dependency), gating "/",
/asr/* and /tts/* behind Authentik (application slug "asr-v2",
provider pk 14). The websocket route can't use a FastAPI dependency
(no Request in its scope) so it's split into its own router and
checks websocket.session manually before accept().
v2 has no public domain yet, so the redirect_uri points at the
internal 172.30.1.41:18101 address over plain http — hence
https_only=False on the session cookie. Client id/secret and the
session secret live in /srv/asr/env/asr.env under ASR_V2_-prefixed
names (that env file is shared with v1, which already owns the
unprefixed OIDC_* names).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>