ruidy/auth
1
0
Fork 0
mirror of https://github.com/rjNemo/auth synced 2026-06-12 11:26:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: note remaining auth tasks

Browse source
This commit is contained in:
Ruidy 2025-09-20 01:10:14 +02:00
parent da1bf44d8f
commit f02d41901d
No known key found for this signature in database
GPG key ID: 705C24D202990805
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
AUTH_PLAN.md
View file

@ -16,6 +16,8 @@
- Implement password hashing with per-user random salts (`crypto/rand`, `sha256`) and base64 encoding for storage. - Implement password hashing with per-user random salts (`crypto/rand`, `sha256`) and base64 encoding for storage.
- Define a user repository interface seeded with an in-memory implementation until persistence is added. - Define a user repository interface seeded with an in-memory implementation until persistence is added.
- Generate CSRF tokens tied to session state and validate them for every mutating request. - Generate CSRF tokens tied to session state and validate them for every mutating request.
- Externalize session secrets via configuration so environments use predictable/rotatable keys.
- Add integration tests covering login/logout flows and CSRF protections to prevent regressions.
## Templates & Frontend ## Templates & Frontend