d6b8c20a17
Foundation of the auth flow. POST /api/auth/login lands the user with
their session cookie captured by the existing AuthCookieInterceptor;
LoginScreen drives it, AuthController owns the in-memory currentUser.
New:
- models/wire/AuthWire.kt — LoginRequestBody + LoginResponseWire +
UserWire. The response `token` is duplicated for header-auth
clients; we use the Set-Cookie capture path instead.
- models/UserRef.kt — caller-facing identity (no password hash, no
api token, no Subsonic password). Matches the server's UserView
envelope.
- api/endpoints/AuthApi.kt — Retrofit POST /api/auth/login +
/api/auth/logout.
- auth/AuthController.kt — @Singleton facade. `currentUser`
StateFlow + `isSignedIn` (read straight off AuthStore.sessionCookie).
`signIn(username, password)` posts the login, surfaces the typed
UserRef. `signOut()` clears the cookie locally and best-effort
POSTs /logout (swallowed network failure — local state already
cleared, the server session times out on its own).
Cross-restart caveat: cookie persists in AuthStore but currentUser
is in-memory only — UI stays signed in across restarts but can't
render the username until a follow-up sign-in. Persisting user
JSON on AuthSessionEntity is a follow-up if it matters.
- auth/ui/LoginViewModel.kt — VM + LoginFormState (username +
password fields + submitting + error + signedIn flag). `submit()`
is a no-op while in-flight or with empty fields.
- auth/ui/LoginScreen.kt — centered form with two OutlinedTextFields
+ a Sign-in button that spins while in-flight. Error message
surfaces under the password field. On `signedIn = true` flips,
navigates to Home and pops Login off the back stack.
Modified:
- nav/MinstrelNavGraph.kt — Login route renders the real screen;
outsideShell extension now takes navController so it can be
threaded down (LoginScreen needs it for the post-sign-in nav).
ServerUrl screen + Settings + auth-gated redirect logic come in
Commits B / C.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>