From 08bbcf18b1207153983261652b4a43a9b36f386c Mon Sep 17 00:00:00 2001
From: Peter Stone <thepeterstone@gmail.com>
Date: Tue, 20 Jan 2026 11:34:33 -1000
Subject: Add session-based authentication

Implement secure authentication using scs session manager with SQLite
backing store and bcrypt password hashing.

- Add users and sessions tables (migration 004)
- Create internal/auth package with Service, Middleware, and Handlers
- Protect all routes except /login, /logout, /static/*
- Add login page template and logout button to dashboard
- Default credentials: admin/changeme (configurable via env vars)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 migrations/004_add_auth.sql | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 migrations/004_add_auth.sql

(limited to 'migrations')

diff --git a/migrations/004_add_auth.sql b/migrations/004_add_auth.sql
new file mode 100644
index 0000000..065b8e3
--- /dev/null
+++ b/migrations/004_add_auth.sql
@@ -0,0 +1,20 @@
+-- Authentication tables
+
+-- Users table
+CREATE TABLE IF NOT EXISTS users (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    username TEXT UNIQUE NOT NULL,
+    password_hash TEXT NOT NULL,
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE INDEX IF NOT EXISTS idx_users_username ON users(username);
+
+-- Sessions table (required by scs sqlite3store)
+CREATE TABLE IF NOT EXISTS sessions (
+    token TEXT PRIMARY KEY,
+    data BLOB NOT NULL,
+    expiry REAL NOT NULL
+);
+
+CREATE INDEX IF NOT EXISTS idx_sessions_expiry ON sessions(expiry);
-- 
cgit v1.2.3