From d799d4d04cc18654de5864a458668ff073e26284 Mon Sep 17 00:00:00 2001
From: Peter Stone <thepeterstone@gmail.com>
Date: Tue, 20 Jan 2026 15:25:00 -1000
Subject: Add task tracking issues

Document completed and planned tasks:
- Obsidian removal (completed)
- Authentication implementation (completed)
- VPS deployment preparation (planned)
- API sync optimization research

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 issues/task_002_add_authentication.md | 36 +++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 issues/task_002_add_authentication.md

(limited to 'issues/task_002_add_authentication.md')

diff --git a/issues/task_002_add_authentication.md b/issues/task_002_add_authentication.md
new file mode 100644
index 0000000..018fff0
--- /dev/null
+++ b/issues/task_002_add_authentication.md
@@ -0,0 +1,36 @@
+# Task: Add Authentication
+
+## Goal
+Implement session-based authentication to secure the application for public deployment.
+
+## Plan
+
+1.  **Dependencies:**
+    *   Add `github.com/alexedwards/scs/v2` (Session management).
+    *   Add `github.com/alexedwards/scs/sqlite3store` (SQLite store for sessions).
+    *   Add `golang.org/x/crypto/bcrypt` (Password hashing).
+
+2.  **Database Schema:**
+    *   Create migration `migrations/003_add_auth.sql`.
+    *   Create `users` table (`id`, `username`, `password_hash`).
+    *   Create `sessions` table (required by `scs` SQLite store).
+
+3.  **Core Logic (`internal/auth`):**
+    *   Create `AuthService` to handle login, logout, and password verification.
+    *   Implement `User` model.
+
+4.  **Configuration:**
+    *   Update `Config` to include `SessionSecret` (for cookie encryption, if needed, though `scs` handles this well).
+
+5.  **Handlers & Middleware:**
+    *   Initialize `SessionManager` in `main.go`.
+    *   Create `LoginHandler` (GET/POST).
+    *   Create `LogoutHandler` (POST).
+    *   Create `AuthMiddleware` to protect routes.
+
+6.  **UI:**
+    *   Create `web/templates/login.html`.
+    *   Update `web/templates/base.html` (or similar) to show Logout button when logged in.
+
+7.  **Seed Data:**
+    *   Create a CLI command or startup check to ensure a default admin user exists (or provide instructions to create one).
-- 
cgit v1.2.3