Add CSRF protection and auth unit tests

Add CSRF token middleware for state-changing request protection, integrate tokens into templates and HTMX headers, and add unit tests for authentication service and handlers. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
author: Peter Stone <thepeterstone@gmail.com> 2026-01-20 15:18:57 -1000
committer: Peter Stone <thepeterstone@gmail.com> 2026-01-20 15:18:57 -1000
commit: 78e8f597ff28f1b8406f5cfbf934adc22abdf85b (patch)
tree: f3b7dfff2c460e2d8752b61c131e80a73fa6b08d /internal/handlers
parent: 08bbcf18b1207153983261652b4a43a9b36f386c (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/internal/handlers/handlers.go b/internal/handlers/handlers.go
index 7bb84b9..d52e786 100644
--- a/internal/handlers/handlers.go
+++ b/internal/handlers/handlers.go
@@ -14,6 +14,7 @@ import (
 	"time"
 
 	"task-dashboard/internal/api"
+	"task-dashboard/internal/auth"
 	"task-dashboard/internal/config"
 	"task-dashboard/internal/models"
 	"task-dashboard/internal/store"
@@ -81,9 +82,11 @@ func (h *Handler) HandleDashboard(w http.ResponseWriter, r *http.Request) {
 	data := struct {
 		*models.DashboardData
 		ActiveTab string
+		CSRFToken string
 	}{
 		DashboardData: dashboardData,
 		ActiveTab:     tab,
+		CSRFToken:     auth.GetCSRFTokenFromContext(ctx),
 	}
 
 	if err := h.templates.ExecuteTemplate(w, "index.html", data); err != nil {
author	Peter Stone <thepeterstone@gmail.com>	2026-01-20 15:18:57 -1000
committer	Peter Stone <thepeterstone@gmail.com>	2026-01-20 15:18:57 -1000
commit	78e8f597ff28f1b8406f5cfbf934adc22abdf85b (patch)
tree	f3b7dfff2c460e2d8752b61c131e80a73fa6b08d /internal/handlers
parent	08bbcf18b1207153983261652b4a43a9b36f386c (diff)