Michael Wolf
c246e0384f
Add authentication system with session-based auth
Implements full auth flows with opaque tokens (not JWT) for easy revocation:
- Login/logout with cookie or bearer token support
- Registration with email verification
- Password reset with one-time tokens
- scrypt password hashing (no external deps)
New files in express/auth/:
- token.ts: 256-bit token generation, SHA-256 hashing
- password.ts: scrypt hashing with timing-safe verification
- types.ts: Session schemas, token types, input validation
- store.ts: AuthStore interface + InMemoryAuthStore
- service.ts: AuthService with all auth operations
- routes.ts: 6 auth endpoints
Modified:
- types.ts: Added user field to Call, requireAuth/requirePermission helpers
- app.ts: JSON body parsing, populates call.user, handles auth errors
- services.ts: Added services.auth
- routes.ts: Includes auth routes
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-03 13:59:02 -06:00
..
2026-01-03 13:59:02 -06:00
2025-11-17 11:38:36 -06:00
2026-01-03 13:59:02 -06:00
2026-01-01 17:16:02 -06:00
2026-01-01 16:53:19 -06:00
2026-01-01 16:53:19 -06:00
2026-01-01 20:18:37 -06:00
2025-11-17 10:58:54 -06:00
2025-11-17 18:06:42 -06:00
2025-11-17 10:58:54 -06:00
2025-11-17 10:58:54 -06:00
2026-01-01 17:22:04 -06:00
2025-11-17 18:06:59 -06:00
2025-11-17 10:58:54 -06:00
2026-01-01 21:12:55 -06:00
2026-01-01 21:12:38 -06:00
2026-01-01 21:12:38 -06:00
2026-01-03 13:59:02 -06:00
2026-01-01 16:53:19 -06:00
2026-01-03 13:59:02 -06:00
2026-01-01 16:53:19 -06:00
2026-01-01 17:22:04 -06:00
2026-01-03 13:59:02 -06:00
2026-01-03 12:59:47 -06:00
2026-01-01 16:53:19 -06:00