Michael Wolf
c246e0384f
Implements full auth flows with opaque tokens (not JWT) for easy revocation: - Login/logout with cookie or bearer token support - Registration with email verification - Password reset with one-time tokens - scrypt password hashing (no external deps) New files in express/auth/: - token.ts: 256-bit token generation, SHA-256 hashing - password.ts: scrypt hashing with timing-safe verification - types.ts: Session schemas, token types, input validation - store.ts: AuthStore interface + InMemoryAuthStore - service.ts: AuthService with all auth operations - routes.ts: 6 auth endpoints Modified: - types.ts: Added user field to Call, requireAuth/requirePermission helpers - app.ts: JSON body parsing, populates call.user, handles auth errors - services.ts: Added services.auth - routes.ts: Includes auth routes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
diachron
Introduction
Is your answer to some of these questions "yes"? If so, you might like diachron. (When it comes to that dev/test/prod one, hear us out first, ok?)
-
Do you want to share a lot of backend and frontend code?
-
Are you tired of your web stack breaking when you blink too hard?
-
Have you read Taking PHP Seriously and wish you had something similar for Typescript?
-
Do you think that ORMs are not all that? Do you wish you had first class unmediated access to your database? And do you think that database agnosticism is overrated?
-
Do you think dev/testing/prod distinctions are a bad idea? (Hear us out on this one.)
-
Have you ever lost hours getting everyone on your team to have the exact same environment, yet you're not willing to take the plunge and use a tool like nix?
-
Are you frustrated by unclear documentation? Is ramping up a frequent problem?
-
Do you want a framework that's not only easy to write but also easy to get inside and debug?
-
Have you been bogged down with details that are not relevant to the problems you're trying to solve, the features you're trying to implement, the bugs you're trying to fix? We're talking authentication, authorization, XSS, https, nested paths, all that stuff.
Getting started
Different situations require different getting started docs.
Requirements
To run diachron, you currently need to have a Linux box running x86_64 with a new enough libc to run golang binaries. Support for other platforms will come eventually.
To run a more complete system, you also need to have docker compose installed.
Development requirements
To hack on diachron itself, you need the following:
- docker and docker compose
- fd
- golang, version 1.23.6 or greater
- shellcheck
- shfmt