vikunja/pkg/routes/api/shared
kolaente 78f79accb5 refactor(auth): extract transport-agnostic login, logout and OIDC cores
Pull the credential/TOTP check, session deletion, user-token issuance and
OIDC callback flow out of the v1 echo handlers and into reusable helpers so
both /api/v1 and the upcoming /api/v2 share one implementation:

- auth.IssueUserToken + auth.WriteUserAuthCookies split the token/cookie
  machinery from the echo response; NewUserAuthTokenResponse now wraps them.
- auth.SessionIDFromContext reads the sid claim for logout.
- shared.AuthenticateUserCredentials, shared.DeleteSession hold the login
  and logout cores.
- openid.AuthenticateCallback holds the OIDC exchange/getOrCreate/TOTP/team
  sync, returning the user; HandleCallback issues the token as before.

v1 behaviour is unchanged on the wire.
2026-06-17 19:43:41 +00:00
..
admin_user.go feat(api/v2): add admin actions on /api/v2 2026-06-11 19:32:42 +00:00
auth.go refactor(auth): extract transport-agnostic login, logout and OIDC cores 2026-06-17 19:43:41 +00:00
auth_provider.go refactor(user): extract shared account orchestration into models/user/shared for v1+v2 2026-06-11 07:02:31 +00:00
info.go feat(api/v2): add public instance info endpoint 2026-06-11 20:07:43 +00:00
testing.go refactor(testing): extract e2e fixture reset/truncate into shared package 2026-06-17 12:13:50 +00:00