arthur/xtablo-source
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions 5
945 commits 4 branches 0 tags 23 MiB
Commit graph

7 commits

Author SHA1 Message Date
Arthur Belleville
ee36a5c78b
feat(02): GREEN — argon2id Hash + Verify + self-test 
- Add Params struct with Memory/Iterations/Parallelism/SaltLength/KeyLength
- DefaultParams: OWASP 2024 baseline (m=64KiB, t=1, p=4, salt=16B, key=32B) — D-08
- TestParams: reduced cost (m=8KiB) so go test stays under 5s — D-26/Pitfall 4
- Hash(): crypto/rand salt per call, argon2.IDKey, PHC format $argon2id$v=19$...
- Verify(): PHC split/parse, ErrInvalidHash on malformed, ErrIncompatibleVersion on v!=19
- subtle.ConstantTimeCompare for timing-attack resistance (T-2-13)
- init() self-test: hash/verify round-trip panics on regression (D-08/T-2-15)
- Add golang.org/x/crypto v0.51.0 as direct dependency
 2026-05-14 22:00:55 +02:00
Arthur Belleville
2c84f4275b
feat(02-01): create internal/auth package skeleton, test DB harness, env docs 
- auth/doc.go: package comment explaining consolidated layout (Open Question 3 resolved)
- auth/types.go: User + Session structs, SessionCookieName (D-12), SessionTTL (D-09),
  SessionExtendThreshold (D-09), ErrSessionNotFound, ErrInvalidHash, ErrIncompatibleVersion
- auth/testdb_test.go: setupTestDB creates isolated per-test schema (test_<uuid>),
  runs goose Up with unique version table, drops schema on cleanup (D-26)
  TestSetupTestDB_Roundtrip smoke test verifies users table visible
- go.mod: added github.com/pressly/goose/v3 v3.27.1 as direct dependency
- .env.example: added TEST_DATABASE_URL and SESSION_SECRET with comments (D-14, D-26)
 2026-05-14 21:56:45 +02:00
Arthur Belleville
36e96015f5
feat(01-03): pgxpool wrapper, RequestID/slog middleware, slog handler switch 
- Remove //go:build red_gate tag from internal/web/handlers_test.go and
  internal/db/pool_test.go now that consumer symbols are about to exist
- go mod tidy after real importers land (deferred from Plan 01-01 per
  Codex concern #1) — chi/v5, templ, pgx/v5, google/uuid now in require list
- internal/db/pool.go: NewPool(ctx, dsn) builds a pgxpool.Pool with
  MaxConns=10, MinConns=1; no eager Ping (RESEARCH Pitfall 2)
- internal/web/slog.go: NewSlogHandler returns JSON when env='production',
  text otherwise; pure helper, no slog.SetDefault side effect
- internal/web/middleware.go: RequestIDMiddleware (UUIDv4 → ctx +
  X-Request-ID header), LoggerFromContext helper, SlogLoggerMiddleware
  factory using chi WrapResponseWriter; field allowlist per V7/T-01-09
 2026-05-14 19:24:16 +02:00
Arthur Belleville
1ff8e681da feat(01-02): add ui package enums, helpers, base CSS 
- tokens.go: semantic token constants
- variants.go: Size/ButtonVariant/ButtonTone/BadgeVariant enums + Normalized*
- helpers.go: mergeAttrs for templ.Attributes
- base.css: resets, :focus-visible ring (no nesting)
 2026-05-14 18:45:15 +02:00
Arthur Belleville
aa90008d95
feat(01-01): initialize Go module and pin runtime dependencies 
- module: backend (go 1.26.1)
- chi v5.2.5, templ v0.3.1020, pgx/v5 v5.9.2, goose v3.27.1, uuid v1.6.0
- pinned via 'go get'; 'go mod tidy' deferred to Plan 01-03 where consumers exist (Codex concern #1)
 2026-05-14 17:53:36 +02:00
Arthur Belleville
50ba9b340b
Modify backend 2025-03-15 08:46:51 +01:00
Arthur Belleville
684b057b27
Initial commit 2025-01-18 22:40:32 +01:00