Skip to content

epic(#7): consolidated epic PR#11

Open
eric-cielo wants to merge 3 commits intomainfrom
epic/7-epic-add-user-authentication
Open

epic(#7): consolidated epic PR#11
eric-cielo wants to merge 3 commits intomainfrom
epic/7-epic-add-user-authentication

Conversation

@eric-cielo
Copy link
Copy Markdown
Owner

@eric-cielo eric-cielo commented Apr 17, 2026

Epic #7

moflo and others added 3 commits April 17, 2026 13:40
@claude
feat: implement signup flow (#8)
a9b8d8c 
Add email/password signup with validation, duplicate detection,
password hashing, and session token issuance backed by an
in-memory user store.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@claude
feat: implement login flow (#9)
d75a25c 
- Adds src/login.js with login() accepting email + password
- Verifies credentials against scrypt hash using timingSafeEqual
- Returns a session token on success, generic error on failure
  (no user enumeration: same error for unknown email and wrong password)
- Per-email rate limiter prevents brute-force attacks with configurable
  max attempts and sliding window; successful login resets the counter
- Tests cover success, case-insensitive email, wrong password, unknown
  email, non-string input, rate limiting, window expiry, and isolation
  between emails

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@claude
feat: implement password reset flow (#10)
13e4240 
Adds request/complete password reset with 1-hour token expiry,
single-use tokens, and invalidation of all existing sessions on reset.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@eric-cielo