Skip to content

Add authentication endpoints to core service #215

Closed
#1068
Closed
Add authentication endpoints to core service#215
#1068
Labels
architectureCross-service architectural design or reviewcomplexity:largeLarge scope: 200+ lines, multiple filesenhancementNew feature or requestneeds-testsArea needs dedicated test coveragetriagedIssue has been triaged, ready for planning or implementation
Milestone
v0.3.3 — Core Service & Multi-tenancy
@geoffjay

Description

@geoffjay
geoffjay
opened on Mar 7, 2026

Context

The core service (#211) needs authentication endpoints for user login, registration, and session management. Sessions should be managed without requiring an external cache like Redis — instead use SQLite-backed session tokens.

Acceptance Criteria

  • Add POST /auth/register endpoint:
    • Accepts { username, email, full_name, password }
    • Creates user with hashed password
    • Creates a default personal organization and membership
    • Returns user info (without password hash)
  • Add POST /auth/login endpoint:
    • Accepts { username, password } or { email, password }
    • Verifies password against stored hash
    • Generates a session token (random, stored in SQLite sessions table)
    • Returns { token, user, active_organization }
  • Add POST /auth/logout endpoint:
    • Requires valid session token in Authorization: Bearer <token> header
    • Deletes session from SQLite
  • Add GET /auth/me endpoint:
    • Returns current user info and active organization
  • Create sessions SQLite table:
    • token (TEXT, primary key, random 256-bit hex)
    • user_id (UUID, foreign key to users)
    • created_at (TEXT/datetime)
    • expires_at (TEXT/datetime)
  • Add session expiry (configurable, default 24h) with cleanup on login
  • Add auth middleware extractor for protected routes
  • Add unit tests for all endpoints
  • Use agentd_common::error::ApiError for error responses (401 Unauthorized variant needed)

Notes

  • No external dependencies (no Redis, no JWT libraries) — simple SQLite-backed sessions
  • A 401 Unauthorized variant should be added to agentd_common::error::ApiError

Relevant Files

  • crates/common/src/error.rs — needs Unauthorized variant
  • crates/orchestrator/src/api.rs — reference for API endpoint patterns
  • New: crates/core/src/api/auth.rs, crates/core/src/storage/sessions.rs, crates/core/src/middleware/auth.rs

Dependencies

Metadata

Metadata

Assignees

No one assigned

    Labels

    architectureCross-service architectural design or reviewcomplexity:largeLarge scope: 200+ lines, multiple filesenhancementNew feature or requestneeds-testsArea needs dedicated test coveragetriagedIssue has been triaged, ready for planning or implementation

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions