normogen

alvaro/normogen

Fork 0

Commit graph

Author	SHA1	Message	Date
goose	4e58fb832e	Docs: Complete Phase 2.3 with final status report Phase 2.3 (JWT Authentication) is now COMPLETE. Delivered Features: - JWT Access Tokens (15 min expiry) - JWT Refresh Tokens (30 day expiry) - Token Rotation (old tokens revoked on refresh) - Token Revocation (logout) - PBKDF2 Password Hashing (100K iterations) - Auth endpoints: register, login, refresh, logout - Protected routes with JWT middleware - Health check endpoints Statistics: - 3 commits in Phase 2.3 - +1,611 insertions, -155 deletions - 20+ files created - Compilation: PASS - Server startup: PASS Documentation: - Verification report - Completion summary - Final status report - Environment example - Test script Next: Phase 2.4 (User Management Enhancement)	2026-02-15 09:07:25 -03:00
goose	02b24a3ac1	Phase 2.3: Complete JWT Authentication with token rotation and revocation - Fixed DateTime timestamp issues (use timestamp_millis instead of to_millis) - Implemented token rotation: old refresh tokens revoked on refresh - Implemented logout revocation: tokens immediately marked as revoked - Removed rate limiting (deferred to Phase 2.6) - Created comprehensive verification report - Updated STATUS.md All Phase 2.3 objectives complete: ✅ JWT Access Tokens (15 min expiry) ✅ JWT Refresh Tokens (30 day expiry) ✅ Token Rotation ✅ Token Revocation ✅ PBKDF2 Password Hashing ✅ Auth endpoints (register, login, refresh, logout) ✅ Protected routes with JWT middleware ✅ Health check endpoints Compiles successfully with only unused code warnings.	2026-02-15 09:05:34 -03:00
goose	8b2c13501f	Phase 2.3: JWT Authentication implementation - Implemented JWT-based authentication system with access and refresh tokens - Added password hashing service using PBKDF2 - Created authentication handlers: register, login, refresh, logout - Added protected routes with JWT middleware - Created user profile handlers - Fixed all compilation errors - Added integration tests for authentication endpoints - Added reqwest dependency for testing - Created test script and environment example documentation All changes: - backend/src/auth/: Complete auth module (JWT, password, claims) - backend/src/handlers/: Auth, users, and health handlers - backend/src/middleware/: JWT authentication middleware - backend/src/config/: Added AppState with Clone derive - backend/src/main.rs: Fixed imports and added auth routes - backend/src/db/mod.rs: Changed error handling to anyhow::Result - backend/Cargo.toml: Added reqwest for testing - backend/tests/auth_tests.rs: Integration tests - thoughts/: Documentation updates (STATUS.md, env.example, test_auth.sh)	2026-02-14 20:03:11 -03:00

Author

SHA1

Message

Date

goose

4e58fb832e

Docs: Complete Phase 2.3 with final status report

Phase 2.3 (JWT Authentication) is now COMPLETE.

Delivered Features:
- JWT Access Tokens (15 min expiry)
- JWT Refresh Tokens (30 day expiry)
- Token Rotation (old tokens revoked on refresh)
- Token Revocation (logout)
- PBKDF2 Password Hashing (100K iterations)
- Auth endpoints: register, login, refresh, logout
- Protected routes with JWT middleware
- Health check endpoints

Statistics:
- 3 commits in Phase 2.3
- +1,611 insertions, -155 deletions
- 20+ files created
- Compilation: PASS
- Server startup: PASS

Documentation:
- Verification report
- Completion summary
- Final status report
- Environment example
- Test script

Next: Phase 2.4 (User Management Enhancement)

2026-02-15 09:07:25 -03:00

goose

02b24a3ac1

Phase 2.3: Complete JWT Authentication with token rotation and revocation

- Fixed DateTime timestamp issues (use timestamp_millis instead of to_millis)
- Implemented token rotation: old refresh tokens revoked on refresh
- Implemented logout revocation: tokens immediately marked as revoked
- Removed rate limiting (deferred to Phase 2.6)
- Created comprehensive verification report
- Updated STATUS.md

All Phase 2.3 objectives complete:
✅ JWT Access Tokens (15 min expiry)
✅ JWT Refresh Tokens (30 day expiry)
✅ Token Rotation
✅ Token Revocation
✅ PBKDF2 Password Hashing
✅ Auth endpoints (register, login, refresh, logout)
✅ Protected routes with JWT middleware
✅ Health check endpoints

Compiles successfully with only unused code warnings.

2026-02-15 09:05:34 -03:00

goose

8b2c13501f

Phase 2.3: JWT Authentication implementation

- Implemented JWT-based authentication system with access and refresh tokens
- Added password hashing service using PBKDF2
- Created authentication handlers: register, login, refresh, logout
- Added protected routes with JWT middleware
- Created user profile handlers
- Fixed all compilation errors
- Added integration tests for authentication endpoints
- Added reqwest dependency for testing
- Created test script and environment example documentation

All changes:
- backend/src/auth/: Complete auth module (JWT, password, claims)
- backend/src/handlers/: Auth, users, and health handlers
- backend/src/middleware/: JWT authentication middleware
- backend/src/config/: Added AppState with Clone derive
- backend/src/main.rs: Fixed imports and added auth routes
- backend/src/db/mod.rs: Changed error handling to anyhow::Result
- backend/Cargo.toml: Added reqwest for testing
- backend/tests/auth_tests.rs: Integration tests
- thoughts/: Documentation updates (STATUS.md, env.example, test_auth.sh)

2026-02-14 20:03:11 -03:00