Files
minstrel/android/app
bvandeusen d6b8c20a17 feat(android): Phase 11 Commit A — AuthController + Login screen
Foundation of the auth flow. POST /api/auth/login lands the user with
their session cookie captured by the existing AuthCookieInterceptor;
LoginScreen drives it, AuthController owns the in-memory currentUser.

New:
  - models/wire/AuthWire.kt — LoginRequestBody + LoginResponseWire +
    UserWire. The response `token` is duplicated for header-auth
    clients; we use the Set-Cookie capture path instead.
  - models/UserRef.kt — caller-facing identity (no password hash, no
    api token, no Subsonic password). Matches the server's UserView
    envelope.
  - api/endpoints/AuthApi.kt — Retrofit POST /api/auth/login +
    /api/auth/logout.
  - auth/AuthController.kt — @Singleton facade. `currentUser`
    StateFlow + `isSignedIn` (read straight off AuthStore.sessionCookie).
    `signIn(username, password)` posts the login, surfaces the typed
    UserRef. `signOut()` clears the cookie locally and best-effort
    POSTs /logout (swallowed network failure — local state already
    cleared, the server session times out on its own).
    Cross-restart caveat: cookie persists in AuthStore but currentUser
    is in-memory only — UI stays signed in across restarts but can't
    render the username until a follow-up sign-in. Persisting user
    JSON on AuthSessionEntity is a follow-up if it matters.
  - auth/ui/LoginViewModel.kt — VM + LoginFormState (username +
    password fields + submitting + error + signedIn flag). `submit()`
    is a no-op while in-flight or with empty fields.
  - auth/ui/LoginScreen.kt — centered form with two OutlinedTextFields
    + a Sign-in button that spins while in-flight. Error message
    surfaces under the password field. On `signedIn = true` flips,
    navigates to Home and pops Login off the back stack.

Modified:
  - nav/MinstrelNavGraph.kt — Login route renders the real screen;
    outsideShell extension now takes navController so it can be
    threaded down (LoginScreen needs it for the post-sign-in nav).

ServerUrl screen + Settings + auth-gated redirect logic come in
Commits B / C.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-25 02:03:41 -04:00
..