docs simplifications

README.md

@@ -34,12 +34,14 @@ services:
       - TEABAG_GITEA_BASE_URL=https://gitea.company.com
       - TEABAG_GITEA_AUTH_URI=login/oauth/authorize
       - TEABAG_GITEA_TOKEN_URI=login/oauth/access_token
-      - TEABAG_GITEA_USER_URI=api/v1/user
-      - TEABAG_CALLBACK_URI=http://oauth.example.com:3000/callback
+      - TEABAG_GITEA_USER_URI=login/oauth/userinfo
+      - TEABAG_CALLBACK_URI=https://oauth.example.com/callback
     ports:
       - "3000:3000"
 ```
 
+**It is stronly recommended not to transfer credentials over http. Please use a reverse proxy infront of teabag.**
+
 ## Config
 
 The service needs some minimal configuration set before it can run. 
@@ -72,7 +74,7 @@ GITEA_BASE_URL=https://gitea.example.com
 # endpoint URIs (see https://docs.gitea.com/development/oauth2-provider/)
 GITEA_AUTH_URI=login/oauth/authorize
 GITEA_TOKEN_URI=login/oauth/access_token
-GITEA_USER_URI=api/v1/user
+GITEA_USER_URI=login/oauth/userinfo
 # callback URL, where users will be redirected after they authorise. Must contain the public URL of your teabag instance. This needs to match what was given when creating the OAuth application in Gitea.
 CALLBACK_URI=http://localhost:3000/callback
 ```

docker-compose.yml

@@ -11,7 +11,7 @@ services:
       - TEABAG_GITEA_BASE_URL=https://gitea.company.com
       - TEABAG_GITEA_AUTH_URI=login/oauth/authorize
       - TEABAG_GITEA_TOKEN_URI=login/oauth/access_token
-      - TEABAG_GITEA_USER_URI=api/v1/user
-      - TEABAG_CALLBACK_URI=http://oauth.example.com:3000/callback
+      - TEABAG_GITEA_USER_URI=login/oauth/userinfo
+      - TEABAG_CALLBACK_URI=https://oauth.example.com/callback
     ports:
       - "3000:3000"

env/teabag.env.example

@@ -4,7 +4,7 @@ SESSION_SECRET=super-secret
 
 GITEA_KEY=
 GITEA_SECRET=
-GITEA_BASE_URL=https://gitea.yourcompany.com
+GITEA_BASE_URL=https://gitea.example.com
 GITEA_AUTH_URI=
 GITEA_TOKEN_URI=
 GITEA_USER_URI=