Add CSRF protection and auth unit tests

Add CSRF token middleware for state-changing request protection, integrate tokens into templates and HTMX headers, and add unit tests for authentication service and handlers. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
author: Peter Stone <thepeterstone@gmail.com> 2026-01-20 15:18:57 -1000
committer: Peter Stone <thepeterstone@gmail.com> 2026-01-20 15:18:57 -1000
commit: 78e8f597ff28f1b8406f5cfbf934adc22abdf85b (patch)
tree: f3b7dfff2c460e2d8752b61c131e80a73fa6b08d /web/templates/login.html
parent: 08bbcf18b1207153983261652b4a43a9b36f386c (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/web/templates/login.html b/web/templates/login.html
index e5ce9e4..c865ce5 100644
--- a/web/templates/login.html
+++ b/web/templates/login.html
@@ -18,6 +18,7 @@
             {{end}}
 
             <form method="POST" action="/login" class="space-y-6">
+                <input type="hidden" name="csrf_token" value="{{.CSRFToken}}">
                 <div>
                     <label for="username" class="block text-sm font-medium text-gray-700 mb-2">
                         Username
author	Peter Stone <thepeterstone@gmail.com>	2026-01-20 15:18:57 -1000
committer	Peter Stone <thepeterstone@gmail.com>	2026-01-20 15:18:57 -1000
commit	78e8f597ff28f1b8406f5cfbf934adc22abdf85b (patch)
tree	f3b7dfff2c460e2d8752b61c131e80a73fa6b08d /web/templates/login.html
parent	08bbcf18b1207153983261652b4a43a9b36f386c (diff)