mc/mcat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Migrate to mcdsl: auth, config, csrf, web

Browse Source 
- Replace internal/auth with mcdsl/auth
- Replace internal/config with mcdsl/config (embed config.Base)
- Replace internal/webserver/csrf.go with mcdsl/csrf
- Use mcdsl/web for session cookies and template rendering
- Use mcdsl/httpserver for server setup and StatusWriter
- Remove direct mcias client library dependency
- Update .golangci.yaml to v2 format (formatters section)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kyle Isom
2026-03-25 17:53:15 -07:00
commit 0cada7e64e
21 changed files with 1042 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
CLAUDE.md Normal file
View File

@@ -0,0 +1,46 @@
# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## Project Overview
mcat is a lightweight web application for testing MCIAS login policies. It presents a login form, forwards credentials (with configurable `service_name` and `tags`) to MCIAS, and shows whether the login was accepted or denied by policy. Single binary, no database, no gRPC.
Module path: `git.wntrmute.dev/kyle/mcat`
MCIAS client library: `git.wntrmute.dev/kyle/mcias/clients/go` (imported as `mcias`), local replace directive in go.mod.
## Build Commands
```bash
make mcat # Build the mcat binary (stripped, version-injected)
make build # Build all packages
make test # Run all tests
make vet # Run go vet
make lint # Run golangci-lint v2
make all # Full pipeline: vet → lint → test → build
make devserver # Build and run locally against srv/mcat.toml
```
Run a single test:
```bash
go test ./internal/auth/ -run TestLoginSuccess
```
## Architecture
- `cmd/mcat/` — Cobra CLI entry point. `server` subcommand wires config → auth → webserver.
- `internal/auth/` — Wraps MCIAS client for login/logout/token validation with 30s cache.
- `internal/config/` — TOML config loading and validation.
- `internal/webserver/` — Chi-based web server with CSRF (HMAC-SHA256 double-submit cookies), session cookies, and template rendering.
- `web/` — Embedded templates (layout + page blocks) and static files (htmx, CSS).
- `deploy/` — Dockerfile, systemd unit, install script, example config.
- `srv/` — Local dev data directory (gitignored).
## Critical Rules
- **No test frameworks**: Use stdlib `testing` only.
- **Auth via MCIAS only**: No local user databases.
- **TLS 1.3 minimum**, no exceptions.
- **CSRF on all mutations**: Double-submit cookie pattern, validated in middleware.
- **Session cookies**: HttpOnly, Secure, SameSite=Strict.