Summary\n- Implement basic authentication with both secure cookies (for UI) and JWT (for API), plus middleware and context wiring.\n\nDeliverables\n- Password hashing using bcrypt or argon2id.\n- POST /api/auth/login — accepts { email, password }, sets httpOnly secure cookie AND returns { token: <jwt>, user: {...} }.\n- POST /api/auth/logout — clears cookie / invalidates session (if stored).\n- GET /api/auth/me — returns current user from context.\n- Middleware: authenticate via cookie OR Authorization: Bearer <jwt>, attach user to request context.\n- Config: secret for JWT signing; cookie name, secure flags; reasonable expiries.\n\nReferences\n- internal/api/router.go (add routes)\n- internal/api/middleware (auth middleware, context helpers)\n- internal/storage (fetch user by email)\n- Epic: #23\n\nAcceptance Criteria\n- Successful login sets cookie and returns JWT; invalid creds return 401.\n- Protected test route confirms context has user.\n- Secrets configurable via config.toml or env.
Summary\n- Implement basic authentication with both secure cookies (for UI) and JWT (for API), plus middleware and context wiring.\n\nDeliverables\n- Password hashing using bcrypt or argon2id.\n-
POST /api/auth/login— accepts{ email, password }, sets httpOnly secure cookie AND returns{ token: <jwt>, user: {...} }.\n-POST /api/auth/logout— clears cookie / invalidates session (if stored).\n-GET /api/auth/me— returns current user from context.\n- Middleware: authenticate via cookie ORAuthorization: Bearer <jwt>, attach user to request context.\n- Config: secret for JWT signing; cookie name, secure flags; reasonable expiries.\n\nReferences\n-internal/api/router.go(add routes)\n-internal/api/middleware(auth middleware, context helpers)\n-internal/storage(fetch user by email)\n- Epic: #23\n\nAcceptance Criteria\n- Successful login sets cookie and returns JWT; invalid creds return 401.\n- Protected test route confirms context has user.\n- Secrets configurable viaconfig.tomlor env.