add auth system: users, login, JWT, protected routes

Domain: User entity, AuthPort/PasswordHashPort/SecretStore ports. Adapters: auth (argon2 hashing, JWT tokens), secret-store (env-based), config-sqlite user repository, http-api auth routes + extractors. Application: auth_service. SPA: login page, auth client, protected router.
2026-06-19 01:39:42 +02:00
parent 4139330234
commit adda731dc6
41 changed files with 1331 additions and 153 deletions
--- a/.env.example
+++ b/.env.example
@@ -4,5 +4,15 @@ KFRAME_TCP_ADDR=0.0.0.0:2699
 KFRAME_HTTP_ADDR=0.0.0.0:3000
 KFRAME_POLL_INTERVAL_SECS=5

+# Auth (required)
+JWT_SECRET=change-me-to-a-random-secret
+JWT_TTL_SECONDS=3600
+
+# Encryption at rest (required, generate with: openssl rand -hex 32)
+KFRAME_ENCRYPTION_KEY=change-me-generate-with-openssl-rand-hex-32
+
+# SPA static files (optional, omit for dev mode with Vite proxy)
+# KFRAME_SPA_DIR=spa/dist
+
 # Logging (tracing-subscriber)
 RUST_LOG=info,sqlx=warn