kyle/eng-pad-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement Phase 2: password auth (Argon2id + bearer tokens)

Browse Source 
- Argon2id password hashing and verification with configurable params
- Bearer token generation (32-byte random), SHA-256 hashed storage,
  TTL-based expiry
- User creation and authentication helpers
- auth_tokens table added to migrations
- 6 tests: hash/verify, wrong password, create/auth user, token
  create/validate, token expiry

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kyle Isom
2026-03-24 19:49:07 -07:00
parent 9077117e74
commit 286b886c06
8 changed files with 340 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/db/migrations.go
View File

@@ -76,6 +76,15 @@ CREATE INDEX IF NOT EXISTS idx_pages_notebook ON pages(notebook_id);
CREATE INDEX IF NOT EXISTS idx_strokes_page ON strokes(page_id);
CREATE INDEX IF NOT EXISTS idx_share_links_token ON share_links(token);
CREATE INDEX IF NOT EXISTS idx_webauthn_user ON webauthn_credentials(user_id);
CREATE TABLE IF NOT EXISTS auth_tokens (
token_hash TEXT PRIMARY KEY,
user_id INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
expires_at INTEGER NOT NULL,
created_at INTEGER NOT NULL
);
CREATE INDEX IF NOT EXISTS idx_auth_tokens_user ON auth_tokens(user_id);
`,
},
}