feat: Stage 2 — authentication and setup flow
Backend (tasks 2.1–2.6, 2.10):
- settings_repo: get/set/delete/get_all CRUD for the key-value settings table
- session_repo: create/get/delete/delete_expired for session rows
- setup_service: bcrypt password hashing, one-time-only enforcement,
run_setup() / is_setup_complete() / get_password_hash()
- auth_service: login() with bcrypt verify + token creation,
validate_session() with expiry check, logout()
- setup router: GET /api/setup (status), POST /api/setup (201 / 409)
- auth router: POST /api/auth/login (token + HttpOnly cookie),
POST /api/auth/logout (clears cookie, idempotent)
- SetupRedirectMiddleware: 307 → /api/setup for all API paths until setup done
- require_auth dependency: cookie or Bearer token → Session or 401
- conftest.py: manually bootstraps app.state.db for router tests
(ASGITransport does not trigger ASGI lifespan)
- 85 tests pass; ruff 0 errors; mypy --strict 0 errors
Frontend (tasks 2.7–2.9):
- types/auth.ts, types/setup.ts, api/auth.ts, api/setup.ts
- AuthProvider: sessionStorage-backed context (isAuthenticated, login, logout)
- RequireAuth: guard component → /login?next=<path> when unauthenticated
- SetupPage: Fluent UI form, client-side validation, inline errors
- LoginPage: single password input, ?next= redirect after success
- DashboardPage: placeholder (full impl Stage 5)
- App.tsx: full route tree (/setup, /login, /, *)
This commit is contained in:
37
frontend/src/components/RequireAuth.tsx
Normal file
37
frontend/src/components/RequireAuth.tsx
Normal file
@@ -0,0 +1,37 @@
|
||||
/**
|
||||
* Route guard component.
|
||||
*
|
||||
* Wraps protected routes. If the user is not authenticated they are
|
||||
* redirected to `/login` and the intended destination is preserved so the
|
||||
* user lands on it after a successful login.
|
||||
*/
|
||||
|
||||
import { Navigate, useLocation } from "react-router-dom";
|
||||
import { useAuth } from "../providers/AuthProvider";
|
||||
|
||||
interface RequireAuthProps {
|
||||
/** The protected page content to render when authenticated. */
|
||||
children: JSX.Element;
|
||||
}
|
||||
|
||||
/**
|
||||
* Render `children` only if the user is authenticated.
|
||||
*
|
||||
* Redirects to `/login?next=<path>` otherwise so the intended destination is
|
||||
* preserved and honoured after a successful login.
|
||||
*/
|
||||
export function RequireAuth({ children }: RequireAuthProps): JSX.Element {
|
||||
const { isAuthenticated } = useAuth();
|
||||
const location = useLocation();
|
||||
|
||||
if (!isAuthenticated) {
|
||||
return (
|
||||
<Navigate
|
||||
to={`/login?next=${encodeURIComponent(location.pathname + location.search)}`}
|
||||
replace
|
||||
/>
|
||||
);
|
||||
}
|
||||
|
||||
return children;
|
||||
}
|
||||
Reference in New Issue
Block a user