Authentication

MiniWork provides built-in session-based authentication with Argon2id password hashing.

Login Flow

export async function action(ctx) {
  const { email, password } = await ctx.formData();
  
  const user = ctx.db.query(
    'SELECT * FROM users WHERE email = ?',
    [email.toLowerCase()]
  );
  
  if (!user) return { error: 'Invalid credentials' };
  
  const valid = await ctx.auth.verifyPassword(password, user.password_hash);
  if (!valid) return { error: 'Invalid credentials' };
  
  await ctx.auth.login(user);
  return ctx.redirect('/dashboard');
}

Registration

export async function action(ctx) {
  const { email, password } = await ctx.formData();
  
  const passwordHash = await ctx.auth.hashPassword(password);
  
  ctx.db.run(
    'INSERT INTO users (email, password_hash) VALUES (?, ?)',
    [email.toLowerCase(), passwordHash]
  );
  
  return ctx.redirect('/login');
}

Protected Routes

export const guards = [
  { type: 'auth', redirect: '/login' },
  { type: 'role', value: 'admin', redirect: '/' },
];