xtablo-source

arthur/xtablo-source

Fork 0

Commit graph

Author	SHA1	Message	Date
Arthur Belleville	7d8c498980	feat(02-05): login vertical slice with rate limiting - auth_login.templ: LoginPage + LoginFormFragment (mirrors signup shape) - LoginForm + LoginErrors types added to templates/auth_forms.go - LoginPageHandler + LoginPostHandler in handlers_auth.go - Rate-limit check before user lookup (D-16, T-2-14) - Single errInvalidCreds constant for D-20 enumeration defense - Session rotation via Store.Rotate on success (D-10, T-2-04) - HTMX-aware redirect and fragment responses (D-19, D-21) - AuthDeps extended with Limiter auth.LimiterStore field - router.go: GET /login in RedirectIfAuthed group (D-23) - main.go: LimiterStore created with janitor goroutine (D-16) - Export NewLimiterStoreWithClock + SetLimiterClock for cross-package tests - 12 TestLogin_ integration tests all pass with real DB	2026-05-14 22:27:54 +02:00
Arthur Belleville	73935ed11c	feat(02-04): signup templates (full page + HTMX fragment) with render tests - Create auth_form_errors.templ: FieldError and GeneralError primitives - Create auth_signup.templ: SignupPage (full) and SignupFormFragment (HTMX swap target) - Define SignupForm and SignupErrors types in templates/auth_forms.go - Add three smoke tests: renders form, renders errors, does not echo password	2026-05-14 22:14:28 +02:00

Author

SHA1

Message

Date

Arthur Belleville

7d8c498980

feat(02-05): login vertical slice with rate limiting

- auth_login.templ: LoginPage + LoginFormFragment (mirrors signup shape)
- LoginForm + LoginErrors types added to templates/auth_forms.go
- LoginPageHandler + LoginPostHandler in handlers_auth.go
  - Rate-limit check before user lookup (D-16, T-2-14)
  - Single errInvalidCreds constant for D-20 enumeration defense
  - Session rotation via Store.Rotate on success (D-10, T-2-04)
  - HTMX-aware redirect and fragment responses (D-19, D-21)
- AuthDeps extended with Limiter *auth.LimiterStore field
- router.go: GET /login in RedirectIfAuthed group (D-23)
- main.go: LimiterStore created with janitor goroutine (D-16)
- Export NewLimiterStoreWithClock + SetLimiterClock for cross-package tests
- 12 TestLogin_* integration tests all pass with real DB

2026-05-14 22:27:54 +02:00

Arthur Belleville

73935ed11c

feat(02-04): signup templates (full page + HTMX fragment) with render tests

- Create auth_form_errors.templ: FieldError and GeneralError primitives
- Create auth_signup.templ: SignupPage (full) and SignupFormFragment (HTMX swap target)
- Define SignupForm and SignupErrors types in templates/auth_forms.go
- Add three smoke tests: renders form, renders errors, does not echo password

2026-05-14 22:14:28 +02:00

2 commits