Monolith Auth and Sessions
Use this skill when
- •Adding authentication or protecting routes.
- •Reading/writing session values.
Core components
- •Session package:
app/session/session.go - •Auth middleware and controller (generated by auth scaffold)
- •Config secret:
config.SECRET_KEY
Bootstrap auth
Run: make generator authentication
Scaffold includes:
- •
Usermodel - •session helpers
- •auth middleware
- •auth controller
- •login/signup templates
- •routes for
/login,/signup,/logout
Session model
- •Session store is Gorilla cookie store.
- •Initialized once in
session.InitSession(). - •Standard keys include login flag and email.
Route protection pattern
Wrap handlers with login/admin middleware decorators.
If user is anonymous, redirect to /login.
Security notes
- •Always set
SECRET_KEYin production. - •Never trust only client-side state for authorization decisions.
- •Re-check privileges server-side in middleware.