aboutsummaryrefslogtreecommitdiff
path: root/auth/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'auth/README.md')
-rw-r--r--auth/README.md26
1 files changed, 26 insertions, 0 deletions
diff --git a/auth/README.md b/auth/README.md
new file mode 100644
index 0000000..de81c28
--- /dev/null
+++ b/auth/README.md
@@ -0,0 +1,26 @@
+# Authentication
+
+[back to index](../README.md)
+
+How sessions work. Login to get a token, send it on every request, logout when done.
+
+Not that hard see?
+
+## Pages
+
+- [Login](login.md) `POST /auth/login` authenticate and get a session token
+- [Logout](logout.md) `POST /auth/logout` kill yourself
+- [Status](status.md) `GET /auth/status` check if your session is still alive and when it kills itself
+- [Clear Sessions](clear_sessions.md) `POST /auth/clear-sessions` adminier: nuke all sessions for a specific user
+
+## How it works
+
+1. call `/auth/login` with credentials using ur sign in methodick.
+2. get a magic session token back
+3. send that token as `Authorization: Bearer <token>` on every damn request after that
+4. when youre done call `/auth/logout` to kill yourself
+5. sessions expire after a configurable timeout if you dont use them
+
+Sessions should optionally be able to persist across server restarts (server should only store a hash of the token in the database, never the raw token itself obviously). On restart it loads them hash brownies back.
+
+Each user should have a max number of concurrent sessions (configurable). When you go over the limit the oldest session gets deported to hell automatically to make room for the new one.
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2026-02-16 02:31:21 +0000