feat(api): POST /api/auth/login
Verifies bcrypt password hash, mints a session token, stores its sha256 in the sessions table, and returns the token in both the response body (for Flutter) and an httpOnly/SameSite=Strict cookie (for the web SPA). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
+1
-4
@@ -35,10 +35,7 @@ type handlers struct {
|
||||
}
|
||||
|
||||
// Stub handlers so Mount() compiles. Real implementations in later tasks
|
||||
// replace these in place (Task 6 login, Task 7 logout, Task 8 me).
|
||||
func (h *handlers) handleLogin(w http.ResponseWriter, r *http.Request) {
|
||||
writeErr(w, http.StatusNotImplemented, "not_implemented", "login not wired")
|
||||
}
|
||||
// replace these in place (Task 7 logout, Task 8 me).
|
||||
|
||||
func (h *handlers) handleLogout(w http.ResponseWriter, r *http.Request) {
|
||||
writeErr(w, http.StatusNotImplemented, "not_implemented", "logout not wired")
|
||||
|
||||
Reference in New Issue
Block a user