3 Commits

Author SHA1 Message Date
bvandeusen 2324c5d576 fix(auth): silence unused-parameter lint in RequireUser test
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-20 22:43:22 -04:00
bvandeusen 8cdaf8f0f1 feat(auth): RequireUser middleware (cookie or bearer)
Resolves /api/* callers from session cookie first, Authorization
bearer second. Touches last_seen on success for future active-
sessions UI. Adds GetUserByID query used by the middleware.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-20 20:53:11 -04:00
bvandeusen ff4d443269 feat(auth): session token + password verification helpers
Shared primitives for /api/* auth: mint a url-safe opaque token,
hash it for storage, verify a bcrypt password hash.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-20 20:24:09 -04:00