xTr1m/GameList
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ca25d4f0eedc4e26287e424909b5343070b36be7
GameList/TASKS.md
Frank Tovar ca25d4f0ee Add auth plan to TASKS
2026-01-29 00:48:17 +01:00

1.5 KiB
Raw Blame History

CoopGameChooser Task List

Auth overhaul — username/password instead of random cookie

  • Data model: add username + password hash/salt to Player (or a tiny Account table), enforce unique username, update AppDbContext config and create an EF migration; ensure factory reset seeds stay valid.
  • Cookie pipeline: refactor UsePlayerIdentity into a reader that only trusts existing player cookies; add helper to issue/clear the cookie after login/register while keeping HttpOnly/SameSite/Secure semantics.
  • Auth endpoints: add /api/auth/register, /api/auth/login, /api/auth/logout; registration should create the player, set the player cookie, and store display name; login validates password and reissues cookie; logout clears cookie.
  • Endpoint auth guard: replace GetOrCreatePlayer with a GetAuthenticatedPlayer helper that returns 401 when unauthenticated; update all suggest/vote/state endpoints to depend on an authenticated player without creating one implicitly.
  • Frontend UX: add login/register screen shown when /api/me returns 401; on success hide auth pane, preload name, then refresh phase data; include a logout control to clear local state.
  • Docs: update API.md (and SPEC.md if needed) to document new auth flows, required auth for existing endpoints, and cookie token behavior.
  • Ops/migration notes: generate/apply migration, note upgrade path for existing random-ID players (likely reset or manual backfill), and verify IIS/base-path configs still work.
Reference in New Issue View Git Blame Copy Permalink