Cookie path /admin meant the browser never sent it to /api/admin/check
(the auth check endpoint), so every check returned unauthenticated.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Log password attempt details, secure flag decision, and Set-Cookie header
to help debug login failures.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Remove test.vpk and light_fix.vpk from maps/ folder so the Dota 2
client only shows one map (invasion) in the lobby selection.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Allows the game client to make HTTP API calls from a listen server
(local lobby) instead of requiring a Steam dedicated server.
CreateHTTPRequestScriptVM has the exact same API signature but works
in both dedicated server and listen server contexts.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Point game client (server_config.lua) to the new domain with HTTPS
and enable secure flag on the admin session cookie for HTTPS.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add compose.prod.yml for production deployments using pre-built image
from registry.achmad.dev/dota-zombie-invasion:latest with healthcheck
and env-var-based admin password configuration.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
achmad