Adrien
1.8 KiB
Data Model: Basic Login Protection
Feature: 003-basic-login
Date: 2026-04-06
No Backend Schema Changes
This feature introduces no new database tables or Flyway migrations. The user account is defined entirely in the Spring Security in-memory configuration (SecurityConfig.java) backed by environment variables.
Frontend: Auth Store State
The Pinia authStore is the single source of truth for authentication state in the frontend.
AuthState
├── username: string | null — entered username, null if not logged in
├── password: string | null — entered password, null if not logged in
└── isAuthenticated: boolean — derived: true when both username and password are non-null
Actions
├── login(username, password) — validates credentials via /api/v1/auth/check, stores in sessionStorage on success
├── logout() — clears username, password, sessionStorage; redirects to /login
└── restoreSession() — reads credentials from sessionStorage on app start; calls /api/v1/auth/check to verify still valid
Backend: Application Properties
Two properties configure the single allowed user account:
| Property | Default | Source | Example |
|---|---|---|---|
app.auth.username |
neurosurgeon |
application.yaml / env var APP_AUTH_USERNAME |
admin |
app.auth.password |
(required) | env var APP_AUTH_PASSWORD |
s3cret |
No hashing is applied in the current SecurityConfig ({noop} prefix). The spec (FR-011) requires passwords not to be stored in plaintext — this refers to the backend config/env var pattern, which is acceptable as env vars are not persisted in the codebase. If hashing is required later, the {noop} prefix can be replaced with {bcrypt} without other code changes.