Add session-based authentication

Implement secure authentication using scs session manager with SQLite backing store and bcrypt password hashing. - Add users and sessions tables (migration 004) - Create internal/auth package with Service, Middleware, and Handlers - Protect all routes except /login, /logout, /static/* - Add login page template and logout button to dashboard - Default credentials: admin/changeme (configurable via env vars) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
author: Peter Stone <thepeterstone@gmail.com> 2026-01-20 11:34:33 -1000
committer: Peter Stone <thepeterstone@gmail.com> 2026-01-20 11:34:33 -1000
commit: 08bbcf18b1207153983261652b4a43a9b36f386c (patch)
tree: e6665608c7c8a87d6c789cf8b4c56d466df6bb8b /migrations/004_add_auth.sql
parent: 07ba815e8517ee2d3a5fa531361bbd09bdfcbaa7 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/migrations/004_add_auth.sql b/migrations/004_add_auth.sql
new file mode 100644
index 0000000..065b8e3
--- /dev/null
+++ b/migrations/004_add_auth.sql
@@ -0,0 +1,20 @@
+-- Authentication tables
+
+-- Users table
+CREATE TABLE IF NOT EXISTS users (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    username TEXT UNIQUE NOT NULL,
+    password_hash TEXT NOT NULL,
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE INDEX IF NOT EXISTS idx_users_username ON users(username);
+
+-- Sessions table (required by scs sqlite3store)
+CREATE TABLE IF NOT EXISTS sessions (
+    token TEXT PRIMARY KEY,
+    data BLOB NOT NULL,
+    expiry REAL NOT NULL
+);
+
+CREATE INDEX IF NOT EXISTS idx_sessions_expiry ON sessions(expiry);
author	Peter Stone <thepeterstone@gmail.com>	2026-01-20 11:34:33 -1000
committer	Peter Stone <thepeterstone@gmail.com>	2026-01-20 11:34:33 -1000
commit	08bbcf18b1207153983261652b4a43a9b36f386c (patch)
tree	e6665608c7c8a87d6c789cf8b4c56d466df6bb8b /migrations/004_add_auth.sql
parent	07ba815e8517ee2d3a5fa531361bbd09bdfcbaa7 (diff)