arthur/xtablo-source
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions 5
xtablo-source/backend/internal/auth
History
Arthur Belleville 389e1bc8b4
feat(02-07): gorilla/csrf integration — mount middleware, wire all forms, env-driven key 
- auth.Mount(env, key) wraps csrf.Protect with locked D-14/D-24 options
- auth.LoadKeyFromEnv() reads SESSION_SECRET, hex-decodes, validates 32 bytes; fails fast on error
- ui.CSRFField(token) templ component renders hidden _csrf input
- Layout, LoginPage/Fragment, SignupPage/Fragment, Index all embed @ui.CSRFField(csrfToken)
- Handlers thread csrf.Token(r) into every page/fragment render call
- NewRouter mounts auth.Mount after ResolveSession, before all route groups (D-24)
- main.go calls auth.LoadKeyFromEnv(); logs.Fatalf on missing/invalid SESSION_SECRET
- SESSION_SECRET documented in .env.example with openssl rand -hex 32 instruction
- go.mod: gorilla/csrf v1.7.3 (direct); prior tests updated with getCSRFToken helper
- All Plan 04/05/06 tests updated to acquire and submit valid _csrf tokens
2026-05-14 22:59:06 +02:00
..
cookie.go feat(02-03): session store + cookie helpers (real-DB TDD) 2026-05-14 22:08:04 +02:00
csrf.go feat(02-07): gorilla/csrf integration — mount middleware, wire all forms, env-driven key 2026-05-14 22:59:06 +02:00
csrf_test.go test(02-07): add failing CSRF tests (RED gate) 2026-05-14 22:45:36 +02:00
doc.go feat(02-01): create internal/auth package skeleton, test DB harness, env docs 2026-05-14 21:56:45 +02:00
middleware.go feat(02-04): signup handler, router wiring, and integration tests 2026-05-14 22:17:50 +02:00
middleware_test.go feat(02-03): ResolveSession + RequireAuth + RedirectIfAuthed middleware 2026-05-14 22:09:58 +02:00
password.go feat(02): GREEN — argon2id Hash + Verify + self-test 2026-05-14 22:00:55 +02:00
password_test.go test(02): RED — failing argon2id password tests 2026-05-14 21:59:38 +02:00
ratelimit.go feat(02-05): login vertical slice with rate limiting 2026-05-14 22:27:54 +02:00
ratelimit_test.go feat(02-05): implement LimiterStore with injectable clock and janitor 2026-05-14 22:22:24 +02:00
session.go feat(02-03): session store + cookie helpers (real-DB TDD) 2026-05-14 22:08:04 +02:00
session_test.go feat(02-03): session store + cookie helpers (real-DB TDD) 2026-05-14 22:08:04 +02:00
testdb_test.go feat(02-01): create internal/auth package skeleton, test DB harness, env docs 2026-05-14 21:56:45 +02:00
types.go feat(02-01): create internal/auth package skeleton, test DB harness, env docs 2026-05-14 21:56:45 +02:00