# Task: Add Authentication

## Goal
Implement session-based authentication to secure the application for public deployment.

## Plan

1.  **Dependencies:**
    *   Add `github.com/alexedwards/scs/v2` (Session management).
    *   Add `github.com/alexedwards/scs/sqlite3store` (SQLite store for sessions).
    *   Add `golang.org/x/crypto/bcrypt` (Password hashing).

2.  **Database Schema:**
    *   Create migration `migrations/003_add_auth.sql`.
    *   Create `users` table (`id`, `username`, `password_hash`).
    *   Create `sessions` table (required by `scs` SQLite store).

3.  **Core Logic (`internal/auth`):**
    *   Create `AuthService` to handle login, logout, and password verification.
    *   Implement `User` model.

4.  **Configuration:**
    *   Update `Config` to include `SessionSecret` (for cookie encryption, if needed, though `scs` handles this well).

5.  **Handlers & Middleware:**
    *   Initialize `SessionManager` in `main.go`.
    *   Create `LoginHandler` (GET/POST).
    *   Create `LogoutHandler` (POST).
    *   Create `AuthMiddleware` to protect routes.

6.  **UI:**
    *   Create `web/templates/login.html`.
    *   Update `web/templates/base.html` (or similar) to show Logout button when logged in.

7.  **Seed Data:**
    *   Create a CLI command or startup check to ensure a default admin user exists (or provide instructions to create one).