refactor: switch API from token auth to cookie-based session auth

- Remove API token system entirely (model, migration, middleware)
- Add migration 007 to drop api_tokens table
- Add POST /api/v1/login endpoint for JSON credential auth
- API routes now use session cookies (same as web UI)
- Remove /api/v1/tokens endpoint
- HandleAPIWhoAmI uses session auth instead of token context
- APISessionAuth middleware returns JSON 401 instead of redirect
- Update all API tests to use cookie-based authentication

Addresses review comment on PR #74.

This commit is contained in:

user

2026-02-16 00:31:10 -08:00

parent 0536f57ec2

commit 9ac1d25788

7 changed files with 221 additions and 407 deletions

									
										1

internal/database/migrations/007_drop_api_tokens.sql
									
										Normal file
									
												View File
												
				@@ -0,0 +1 @@

				DROP TABLE IF EXISTS api_tokens;

				`@@ -0,0 +1 @@`
				`DROP TABLE IF EXISTS api_tokens;`

refactor: switch API from token auth to cookie-based session auth

1 internal/database/migrations/007_drop_api_tokens.sql Normal file Unescape Escape View File

1

internal/database/migrations/007_drop_api_tokens.sql Normal file

View File