feat: Implement full auth pipeline — login, register, JWT, bootstrap

Backend auth flow is now functional: - services/auth.rs: Argon2id password hashing, JWT access/refresh tokens - services/encryption.rs: AES-256-GCM encrypt/decrypt, hex token generation - api/auth.rs: Login, register, refresh, logout, /me endpoints - middleware/auth.rs: JWT Bearer token extractor (FromRequestParts) - db/users.rs + licenses.rs: Full CRUD with runtime queries (no compile-time DB) - main.rs: Bootstrap admin user on first run via ADMIN_EMAIL/ADMIN_PASSWORD env vars - NATS connection now optional for dev (graceful fallback) - Added hex and http crates to Cargo.toml Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14 21:49:37 -05:00
parent 9217f77998
commit 5668675b6a
10 changed files with 671 additions and 101 deletions
--- a/.env.example
+++ b/.env.example
@@ -11,8 +11,16 @@ NATS_URL=nats://localhost:4222

 # Auth
 JWT_SECRET=change-me-to-a-random-64-char-string
+JWT_ACCESS_EXPIRY_SECONDS=900
+JWT_REFRESH_EXPIRY_SECONDS=604800
 ENCRYPTION_KEY=change-me-to-a-random-32-byte-hex-key

+# Bootstrap Admin (creates admin user on first run if no users exist)
+ADMIN_EMAIL=admin@corrosionmgmt.com
+ADMIN_PASSWORD=corrosion-dev-2026
+ADMIN_USERNAME=Commander
+ADMIN_LICENSE_KEY=CORROSION-DEV-0001-ADMIN
+
 # Cloudflare (subdomain provisioning)
 CLOUDFLARE_API_TOKEN=
 CLOUDFLARE_ZONE_ID=