feat: implement authentication flow

Backend: - AppConfig, AppError, AppState modules for shared infrastructure - JWT creation/verification with HS256 (jsonwebtoken crate) - Session management: SHA-256 token hashing, DB-backed sessions - Auth middleware: AuthUser, RequireHost, RequireAdmin extractors - POST /api/v1/join: name-only registration, 4-digit PIN + bcrypt hash - POST /api/v1/recover: PIN-based recovery with 3-attempt lockout (15 min) - POST /api/v1/admin/login: bcrypt password verification - DELETE /api/v1/session: logout (session invalidation) - Migration 006: user PIN lockout columns (failed_pin_attempts, pin_locked_until) - Models: Event, User (with role enum), Session with all CRUD methods Frontend: - api.ts: typed fetch wrapper with automatic Bearer token injection - auth.ts: JWT/PIN localStorage management with Svelte store - /join: name entry form with PIN display modal and copy button - /recover: name + PIN recovery form with saved PIN pre-fill - /feed: placeholder gallery page with logout - Root layout: auth initialization on mount - Root page: redirect to /join or /feed based on auth state All responses use German language strings as specified. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-31 21:44:03 +02:00
parent e976f0f670
commit 8b9d916265
23 changed files with 1118 additions and 11 deletions
--- a/backend/src/models/event.rs
+++ b/backend/src/models/event.rs
@@ -0,0 +1,47 @@
+use chrono::{DateTime, Utc};
+use sqlx::PgPool;
+use uuid::Uuid;
+
+#[derive(Debug, sqlx::FromRow)]
+pub struct Event {
+    pub id: Uuid,
+    pub slug: String,
+    pub name: String,
+    pub cover_image_path: Option<String>,
+    pub is_active: bool,
+    pub uploads_locked_at: Option<DateTime<Utc>>,
+    pub export_released_at: Option<DateTime<Utc>>,
+    pub export_zip_ready: bool,
+    pub export_html_ready: bool,
+    pub created_at: DateTime<Utc>,
+}
+
+impl Event {
+    pub async fn find_by_slug(pool: &PgPool, slug: &str) -> Result<Option<Self>, sqlx::Error> {
+        sqlx::query_as::<_, Self>("SELECT * FROM event WHERE slug = $1")
+            .bind(slug)
+            .fetch_optional(pool)
+            .await
+    }
+
+    pub async fn create(pool: &PgPool, slug: &str, name: &str) -> Result<Self, sqlx::Error> {
+        sqlx::query_as::<_, Self>(
+            "INSERT INTO event (slug, name) VALUES ($1, $2) RETURNING *",
+        )
+        .bind(slug)
+        .bind(name)
+        .fetch_one(pool)
+        .await
+    }
+
+    pub async fn find_or_create(
+        pool: &PgPool,
+        slug: &str,
+        name: &str,
+    ) -> Result<Self, sqlx::Error> {
+        if let Some(event) = Self::find_by_slug(pool, slug).await? {
+            return Ok(event);
+        }
+        Self::create(pool, slug, name).await
+    }
+}