AgentSkillsCN

monolith-auth-and-sessions

适用于在这款单体应用中实现登录/注册/注销、访问控制,以及基于 Cookie 的会话逻辑时使用。

SKILL.md
--- frontmatter
name: monolith-auth-and-sessions
description: Use when implementing login/signup/logout, access control, and cookie-backed session logic in this Monolith app.

Monolith Auth and Sessions

Use this skill when

  • Adding authentication or protecting routes.
  • Reading/writing session values.

Core components

  • Session package: app/session/session.go
  • Auth middleware and controller (generated by auth scaffold)
  • Config secret: config.SECRET_KEY

Bootstrap auth

Run: make generator authentication

Scaffold includes:

  • User model
  • session helpers
  • auth middleware
  • auth controller
  • login/signup templates
  • routes for /login, /signup, /logout

Session model

  • Session store is Gorilla cookie store.
  • Initialized once in session.InitSession().
  • Standard keys include login flag and email.

Route protection pattern

Wrap handlers with login/admin middleware decorators. If user is anonymous, redirect to /login.

Security notes

  • Always set SECRET_KEY in production.
  • Never trust only client-side state for authorization decisions.
  • Re-check privileges server-side in middleware.