philologue/diachron
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
131 Commits 6 Branches 0 Tags
960f78a1ade7575c953b9d0db6dd4c0f3723c38d
Commit Graph

13 Commits

Author SHA1 Message Date
Michael Wolf
8a7682e953 Split services into core and request 2026-01-17 16:20:55 -06:00
Michael Wolf
4a4dc11aa4 Fix formatting 2026-01-11 15:17:58 -06:00
Michael Wolf
55f5cc699d Add request-scoped context for session.getUser() 
Use AsyncLocalStorage to provide request context so services can access
the current user without needing Call passed through every function.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-11 14:56:10 -06:00
Michael Wolf
1c1eeddcbe Add basic login screen with form-based authentication 
Adds /login route with HTML template that handles GET (show form) and
POST (authenticate). On successful login, sets session cookie and
redirects to /. Also adds framework support for redirects and cookies
in route handlers.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-11 10:07:02 -06:00
Michael Wolf
49dc0e3fe0 Mark several unused vars as such 2026-01-10 08:54:51 -06:00
Michael Wolf
74d75d08dd Add Session class to provide getUser() on call.session 
Wraps SessionData and user into a Session class that handlers can use
via call.session.getUser() instead of accessing services directly.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-04 15:22:27 -06:00
Michael Wolf
ad6d405206 Add session data to Call type 
- AuthService.validateRequest now returns AuthResult with both user and session
- Call type includes session: SessionData | null
- Handlers can access session metadata (createdAt, authMethod, etc.)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-04 09:50:05 -06:00
Michael Wolf
c246e0384f Add authentication system with session-based auth 
Implements full auth flows with opaque tokens (not JWT) for easy revocation:
- Login/logout with cookie or bearer token support
- Registration with email verification
- Password reset with one-time tokens
- scrypt password hashing (no external deps)

New files in express/auth/:
- token.ts: 256-bit token generation, SHA-256 hashing
- password.ts: scrypt hashing with timing-safe verification
- types.ts: Session schemas, token types, input validation
- store.ts: AuthStore interface + InMemoryAuthStore
- service.ts: AuthService with all auth operations
- routes.ts: 6 auth endpoints

Modified:
- types.ts: Added user field to Call, requireAuth/requirePermission helpers
- app.ts: JSON body parsing, populates call.user, handles auth errors
- services.ts: Added services.auth
- routes.ts: Includes auth routes

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-03 13:59:02 -06:00
Michael Wolf
e2ea472a10 Make biome happier 2026-01-01 17:22:04 -06:00
Michael Wolf
8722062f4a Change process names again 2026-01-01 15:12:01 -06:00
Michael Wolf
9cc1991d07 Name backend process 2026-01-01 14:54:17 -06:00
Michael Wolf
c330da49fc Add rudimentary command line parsing to express app 2026-01-01 14:34:16 -06:00
Michael Wolf
1a13fd0909 Add a first cut at an express-based backend 2025-11-17 10:58:54 -06:00