feat: implement authentication flow
Backend: - AppConfig, AppError, AppState modules for shared infrastructure - JWT creation/verification with HS256 (jsonwebtoken crate) - Session management: SHA-256 token hashing, DB-backed sessions - Auth middleware: AuthUser, RequireHost, RequireAdmin extractors - POST /api/v1/join: name-only registration, 4-digit PIN + bcrypt hash - POST /api/v1/recover: PIN-based recovery with 3-attempt lockout (15 min) - POST /api/v1/admin/login: bcrypt password verification - DELETE /api/v1/session: logout (session invalidation) - Migration 006: user PIN lockout columns (failed_pin_attempts, pin_locked_until) - Models: Event, User (with role enum), Session with all CRUD methods Frontend: - api.ts: typed fetch wrapper with automatic Bearer token injection - auth.ts: JWT/PIN localStorage management with Svelte store - /join: name entry form with PIN display modal and copy button - /recover: name + PIN recovery form with saved PIN pre-fill - /feed: placeholder gallery page with logout - Root layout: auth initialization on mount - Root page: redirect to /join or /feed based on auth state All responses use German language strings as specified. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
fabi
44
frontend/src/lib/auth.ts
Normal file
44
frontend/src/lib/auth.ts
Normal file
@@ -0,0 +1,44 @@
|
||||
import { writable } from 'svelte/store';
|
||||
import { browser } from '$app/environment';
|
||||
|
||||
const TOKEN_KEY = 'eventsnap_jwt';
|
||||
const PIN_KEY = 'eventsnap_pin';
|
||||
const USER_ID_KEY = 'eventsnap_user_id';
|
||||
|
||||
export const isAuthenticated = writable(false);
|
||||
|
||||
export function getToken(): string | null {
|
||||
if (!browser) return null;
|
||||
return localStorage.getItem(TOKEN_KEY);
|
||||
}
|
||||
|
||||
export function getPin(): string | null {
|
||||
if (!browser) return null;
|
||||
return localStorage.getItem(PIN_KEY);
|
||||
}
|
||||
|
||||
export function getUserId(): string | null {
|
||||
if (!browser) return null;
|
||||
return localStorage.getItem(USER_ID_KEY);
|
||||
}
|
||||
|
||||
export function setAuth(jwt: string, pin: string | null, userId: string): void {
|
||||
if (!browser) return;
|
||||
localStorage.setItem(TOKEN_KEY, jwt);
|
||||
if (pin) localStorage.setItem(PIN_KEY, pin);
|
||||
localStorage.setItem(USER_ID_KEY, userId);
|
||||
isAuthenticated.set(true);
|
||||
}
|
||||
|
||||
export function clearAuth(): void {
|
||||
if (!browser) return;
|
||||
localStorage.removeItem(TOKEN_KEY);
|
||||
localStorage.removeItem(USER_ID_KEY);
|
||||
// PIN is intentionally kept so the user can recover
|
||||
isAuthenticated.set(false);
|
||||
}
|
||||
|
||||
export function initAuth(): void {
|
||||
if (!browser) return;
|
||||
isAuthenticated.set(!!getToken());
|
||||
}
|
||||
Reference in New Issue
Block a user