Adrien
36 lines
1.8 KiB
Markdown
36 lines
1.8 KiB
Markdown
# Data Model: Basic Login Protection
|
|
|
|
**Feature**: 003-basic-login
|
|
**Date**: 2026-04-06
|
|
|
|
## No Backend Schema Changes
|
|
|
|
This feature introduces no new database tables or Flyway migrations. The user account is defined entirely in the Spring Security in-memory configuration (`SecurityConfig.java`) backed by environment variables.
|
|
|
|
## Frontend: Auth Store State
|
|
|
|
The Pinia `authStore` is the single source of truth for authentication state in the frontend.
|
|
|
|
```
|
|
AuthState
|
|
├── username: string | null — entered username, null if not logged in
|
|
├── password: string | null — entered password, null if not logged in
|
|
└── isAuthenticated: boolean — derived: true when both username and password are non-null
|
|
|
|
Actions
|
|
├── login(username, password) — validates credentials via /api/v1/auth/check, stores in sessionStorage on success
|
|
├── logout() — clears username, password, sessionStorage; redirects to /login
|
|
└── restoreSession() — reads credentials from sessionStorage on app start; calls /api/v1/auth/check to verify still valid
|
|
```
|
|
|
|
## Backend: Application Properties
|
|
|
|
Two properties configure the single allowed user account:
|
|
|
|
| Property | Default | Source | Example |
|
|
|----------|---------|--------|---------|
|
|
| `app.auth.username` | `neurosurgeon` | `application.yaml` / env var `APP_AUTH_USERNAME` | `admin` |
|
|
| `app.auth.password` | (required) | env var `APP_AUTH_PASSWORD` | `s3cret` |
|
|
|
|
No hashing is applied in the current `SecurityConfig` (`{noop}` prefix). The spec (FR-011) requires passwords not to be stored in plaintext — this refers to the backend config/env var pattern, which is acceptable as env vars are not persisted in the codebase. If hashing is required later, the `{noop}` prefix can be replaced with `{bcrypt}` without other code changes.
|