2c84f4275b
- auth/doc.go: package comment explaining consolidated layout (Open Question 3 resolved) - auth/types.go: User + Session structs, SessionCookieName (D-12), SessionTTL (D-09), SessionExtendThreshold (D-09), ErrSessionNotFound, ErrInvalidHash, ErrIncompatibleVersion - auth/testdb_test.go: setupTestDB creates isolated per-test schema (test_<uuid>), runs goose Up with unique version table, drops schema on cleanup (D-26) TestSetupTestDB_Roundtrip smoke test verifies users table visible - go.mod: added github.com/pressly/goose/v3 v3.27.1 as direct dependency - .env.example: added TEST_DATABASE_URL and SESSION_SECRET with comments (D-14, D-26)
17 lines
999 B
Go
17 lines
999 B
Go
// Package auth implements the authentication and session-management layer for the Xtablo
|
||
// Go+HTMX rewrite. It consolidates all security-sensitive primitives in one place:
|
||
//
|
||
// - Password hashing and verification (argon2id, PHC format) — password.go
|
||
// - Session token generation, storage, lookup, rotation, and extension — session.go
|
||
// - Per-key in-memory rate limiting for login attempts — ratelimit.go
|
||
// - HTTP cookie helpers (set, clear) — cookie.go
|
||
// - CSRF field rendering via gorilla/csrf — csrf.go
|
||
//
|
||
// Package layout decision (RESEARCH Open Question 3, resolved): all capabilities
|
||
// are consolidated here rather than split across internal/auth + internal/session.
|
||
// The Phase 1 internal/session placeholder (internal/session/doc.go) is kept as a
|
||
// one-line comment pointing here, preserving the file for git history.
|
||
//
|
||
// Constants, types, and sentinel errors exported from this package are the
|
||
// contracts consumed by Plans 02–07 in Phase 2.
|
||
package auth
|