0c21694ec4193cc116298c2ccfc3565c1895dc9b
- internal/store: миграция sessions/password + методы users/sessions/projects
- internal/auth: argon2id пароли + session store (sha256 токена)
- internal/api: auth-хендлеры (register/login/logout/me) + cookie, RequireAuth+RequireProjectAccess middleware
- IDOR закрыт: все /projects/{pid}/* под middleware, LoadDomainFull scoped, projectID из контекста
- web: AuthContext + клиент под cookie, Login/Register, protected routes, logout, 401→/login
Финальный ревью: READY TO MERGE, IDOR закрыт end-to-end. Go 105+/15 пакетов, web 58 тестов.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Description
No description provided
Languages
Go
61%
TypeScript
37.5%
CSS
1.2%
Dockerfile
0.1%