Switch from HTTP basic auth to MCIAS

Replace HTTP basic auth with MCIAS session cookies. Adds mcdsl auth,
csrf, and web packages. Chi router for route-level auth middleware.
Short code redirects (GET /{short}) remain public; all management
pages require MCIAS login. Nord dark theme, layout+page template
pattern matching other platform services.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

templates/index.html

@@ -0,0 +1,27 @@
+{{define "title"}} — Shorten{{end}}
+{{define "content"}}
+<h2>Shorten a URL</h2>
+{{if (ne .Short "")}}
+<div class="success">
+    Short code: <a href="/{{.Short}}">{{.Short}}</a>
+</div>
+{{end}}
+<div class="card">
+    <form method="POST" action="/">
+        {{csrfField}}
+        <div class="form-group">
+            <label for="value">URL</label>
+            <input type="text" id="value" name="value" placeholder="https://..." required>
+        </div>
+        <div class="form-group">
+            <label>
+                <input type="checkbox" name="strip"> Strip query string
+            </label>
+        </div>
+        <div class="form-actions">
+            <button type="submit" class="btn">Shorten</button>
+            <a href="/list" class="btn-ghost btn">View all</a>
+        </div>
+    </form>
+</div>
+{{end}}

templates/index.tpl

@@ -1,29 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <title>kls</title>
-    <meta charset="utf-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-
-    <meta property="og:title" content="kls" />
-    <meta property="og:type" content="website" />
-    <meta property="og:url" content="https://kls.ai6ua.net/" />
-<style>
-	* { font-size: large; }
-</style>
-</head>
-
-<body>
-    <h2>KLS</h2>
-    {{ if (ne .Short "") }}
-    <p>Short code: {{.Short}}</p>
-    {{ end }}
-    <form action="/" method="POST">
-<input type="text" id="value" name="value" /><br />
-<label for="strip">Strip query string</label>
-<input type="checkbox" id="strip" name="strip">
-<br />
-<input type="submit" value="Submit">
-    </form>
-</body>
-</html>

templates/layout.html

@@ -0,0 +1,26 @@
+{{define "layout"}}<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>kls{{block "title" .}}{{end}}</title>
+    <link rel="stylesheet" href="/static/style.css">
+</head>
+<body>
+    <nav class="topnav">
+        <a href="/" class="topnav-brand">kls</a>
+        {{if .Username}}
+        <div class="topnav-right">
+            <span class="topnav-user">{{.Username}}</span>
+            <form method="POST" action="/logout" style="margin:0">
+                {{csrfField}}
+                <button type="submit" class="btn-ghost btn">Logout</button>
+            </form>
+        </div>
+        {{end}}
+    </nav>
+    <div class="page-container">
+        {{template "content" .}}
+    </div>
+</body>
+</html>{{end}}

templates/list.html

@@ -0,0 +1,27 @@
+{{define "title"}} — All Links{{end}}
+{{define "content"}}
+<h2>All Links</h2>
+<p><a href="/">Shorten a URL</a></p>
+{{if .URLs}}
+<table>
+    <thead>
+        <tr>
+            <th>Short</th>
+            <th>URL</th>
+            <th>Created</th>
+        </tr>
+    </thead>
+    <tbody>
+        {{range .URLs}}
+        <tr>
+            <td><a href="/{{.Short}}">{{.Short}}</a></td>
+            <td><a href="{{.URL}}">{{.NURL}}</a></td>
+            <td>{{.Timestamp}}</td>
+        </tr>
+        {{end}}
+    </tbody>
+</table>
+{{else}}
+<p>No links yet.</p>
+{{end}}
+{{end}}

templates/list.tpl

@@ -1,25 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <title>kls</title>
-    <meta charset="utf-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-
-    <meta property="og:title" content="kls" />
-    <meta property="og:type" content="website" />
-    <meta property="og:url" content="https://kls.ai6ua.net/" />
-<style>
-	* { font-size: large; }
-</style>
-</head>
-
-<body>
-    <h2>KLS</h2>
-    <p><a href="/">Home</a></p>
-    <ul>
-	{{range .URLs}}
-	<li>({{.Timestamp}}) <a href="/{{.Short}}">{{.Short}}</a> &rarr; <a href="{{.URL}}">{{.NURL}}</a></li>
-	{{end}}
-    </ul>
-</body>
-</html>

templates/login.html

@@ -0,0 +1,30 @@
+{{define "title"}} — Login{{end}}
+{{define "content"}}
+<div class="auth-header">
+    <div class="brand">kls</div>
+    <div class="tagline">Link Shortener</div>
+</div>
+<div class="card">
+    {{if (ne .Short "")}}
+    <div class="error">{{.Short}}</div>
+    {{end}}
+    <form method="POST" action="/login">
+        {{csrfField}}
+        <div class="form-group">
+            <label for="username">Username</label>
+            <input type="text" id="username" name="username" required autofocus>
+        </div>
+        <div class="form-group">
+            <label for="password">Password</label>
+            <input type="password" id="password" name="password" required>
+        </div>
+        <div class="form-group">
+            <label for="totp_code">TOTP Code (optional)</label>
+            <input type="text" id="totp_code" name="totp_code" inputmode="numeric" autocomplete="one-time-code">
+        </div>
+        <div class="form-actions">
+            <button type="submit" class="btn">Login</button>
+        </div>
+    </form>
+</div>
+{{end}}