Add auth foundation: sessions/tokens schema, Argon2 hashing, config

Two tables (sessions, user_tokens) + migration; only token *hashes* are stored, so a DB leak yields no usable credential. Argon2id password hashing and token primitives in app/core/security. Config and .env.example gain session/cookie/token TTLs, app base URL, and SMTP settings (twelve-factor). Migration verified reversible (drops the token_purpose enum) and matches the models.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Justin Paul <justin@jpaul.me>
This commit is contained in:
2026-06-06 10:51:51 -04:00
parent e5a8713293
commit 5123c85397
9 changed files with 278 additions and 0 deletions
+3
View File
@@ -2,6 +2,7 @@
and for ``create_all`` in tests."""
from app.models.audit import AuditEntry
from app.models.auth import Session, UserToken
from app.models.base import Base
from app.models.event import Event
from app.models.person import Name, Person
@@ -25,4 +26,6 @@ __all__ = [
"Source",
"Citation",
"AuditEntry",
"Session",
"UserToken",
]