Initial implementation of mcq — document reading queue

Single-binary service: push raw markdown via REST/gRPC API, read rendered HTML through mobile-friendly web UI. MCIAS auth on all endpoints, SQLite storage, goldmark rendering with GFM and syntax highlighting. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 11:53:26 -07:00
commit bc1627915e
36 changed files with 3773 additions and 0 deletions
--- a/internal/grpcserver/auth_handler.go
+++ b/internal/grpcserver/auth_handler.go
@@ -0,0 +1,38 @@
+package grpcserver
+
+import (
+	"context"
+	"errors"
+
+	mcdslauth "git.wntrmute.dev/mc/mcdsl/auth"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+
+	pb "git.wntrmute.dev/mc/mcq/gen/mcq/v1"
+)
+
+type authService struct {
+	pb.UnimplementedAuthServiceServer
+	auth *mcdslauth.Authenticator
+}
+
+func (s *authService) Login(_ context.Context, req *pb.LoginRequest) (*pb.LoginResponse, error) {
+	token, _, err := s.auth.Login(req.Username, req.Password, req.TotpCode)
+	if err != nil {
+		if errors.Is(err, mcdslauth.ErrInvalidCredentials) {
+			return nil, status.Error(codes.Unauthenticated, "invalid credentials")
+		}
+		if errors.Is(err, mcdslauth.ErrForbidden) {
+			return nil, status.Error(codes.PermissionDenied, "access denied by login policy")
+		}
+		return nil, status.Error(codes.Unavailable, "authentication service unavailable")
+	}
+	return &pb.LoginResponse{Token: token}, nil
+}
+
+func (s *authService) Logout(_ context.Context, req *pb.LogoutRequest) (*pb.LogoutResponse, error) {
+	if err := s.auth.Logout(req.Token); err != nil {
+		return nil, status.Error(codes.Internal, "logout failed")
+	}
+	return &pb.LogoutResponse{}, nil
+}