feat: implement authentication flow

Backend: - AppConfig, AppError, AppState modules for shared infrastructure - JWT creation/verification with HS256 (jsonwebtoken crate) - Session management: SHA-256 token hashing, DB-backed sessions - Auth middleware: AuthUser, RequireHost, RequireAdmin extractors - POST /api/v1/join: name-only registration, 4-digit PIN + bcrypt hash - POST /api/v1/recover: PIN-based recovery with 3-attempt lockout (15 min) - POST /api/v1/admin/login: bcrypt password verification - DELETE /api/v1/session: logout (session invalidation) - Migration 006: user PIN lockout columns (failed_pin_attempts, pin_locked_until) - Models: Event, User (with role enum), Session with all CRUD methods Frontend: - api.ts: typed fetch wrapper with automatic Bearer token injection - auth.ts: JWT/PIN localStorage management with Svelte store - /join: name entry form with PIN display modal and copy button - /recover: name + PIN recovery form with saved PIN pre-fill - /feed: placeholder gallery page with logout - Root layout: auth initialization on mount - Root page: redirect to /join or /feed based on auth state All responses use German language strings as specified. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-31 21:44:03 +02:00
parent e976f0f670
commit 8b9d916265
23 changed files with 1118 additions and 11 deletions
--- a/backend/src/config.rs
+++ b/backend/src/config.rs
@@ -0,0 +1,43 @@
+use std::path::PathBuf;
+
+use anyhow::{Context, Result};
+
+#[derive(Clone, Debug)]
+pub struct AppConfig {
+    pub database_url: String,
+    pub jwt_secret: String,
+    pub session_expiry_days: i64,
+    pub admin_password_hash: String,
+    pub event_name: String,
+    pub event_slug: String,
+    pub media_path: PathBuf,
+    pub app_port: u16,
+}
+
+impl AppConfig {
+    pub fn from_env() -> Result<Self> {
+        Ok(Self {
+            database_url: std::env::var("DATABASE_URL")
+                .context("DATABASE_URL must be set")?,
+            jwt_secret: std::env::var("JWT_SECRET")
+                .context("JWT_SECRET must be set")?,
+            session_expiry_days: std::env::var("SESSION_EXPIRY_DAYS")
+                .unwrap_or_else(|_| "30".to_string())
+                .parse()
+                .context("SESSION_EXPIRY_DAYS must be a number")?,
+            admin_password_hash: std::env::var("ADMIN_PASSWORD_HASH")
+                .unwrap_or_default(),
+            event_name: std::env::var("EVENT_NAME")
+                .unwrap_or_else(|_| "EventSnap".to_string()),
+            event_slug: std::env::var("EVENT_SLUG")
+                .context("EVENT_SLUG must be set")?,
+            media_path: PathBuf::from(
+                std::env::var("MEDIA_PATH").unwrap_or_else(|_| "/media".to_string()),
+            ),
+            app_port: std::env::var("APP_PORT")
+                .unwrap_or_else(|_| "3000".to_string())
+                .parse()
+                .context("APP_PORT must be a number")?,
+        })
+    }
+}