Max Mayfield 5ee869b9d8 Implement auth: login/signup (scrypt), API key generation, shared migration ...

- Login: email + password lookup, scrypt verify, JWT token
- Signup: create tenant + owner user in transaction, slug generation
- API key: dd0c_ prefix, SHA-256 hash (not bcrypt — faster for API key lookups), prefix index
- Scrypt over bcrypt: zero native deps, Node.js built-in crypto
- Auth routes skip JWT middleware (login/signup are public)
- 002_auth.sql: users + api_keys tables with RLS, copied to all products
- Synced auth middleware to P3/P4/P5/P6

2026-03-01 03:19:18 +00:00

7.1 KiB

Raw Blame History

View Raw