| name | monolith-auth-and-sessions |
| description | Use when implementing login/signup/logout, access control, and cookie-backed session logic in this Monolith app. |
Monolith Auth and Sessions
Use this skill when
- Adding authentication or protecting routes.
- Reading/writing session values.
Core components
- Session package:
app/session/session.go
- Auth middleware and controller (generated by auth scaffold)
- Config secret:
config.SECRET_KEY
Bootstrap auth
Run: make generator authentication
Scaffold includes:
User model
- session helpers
- auth middleware
- auth controller
- login/signup templates
- routes for
/login, /signup, /logout
Session model
- Session store is Gorilla cookie store.
- Initialized once in
session.InitSession().
- Standard keys include login flag and email.
Route protection pattern
Wrap handlers with login/admin middleware decorators.
If user is anonymous, redirect to /login.
Security notes
- Always set
SECRET_KEY in production.
- Never trust only client-side state for authorization decisions.
- Re-check privileges server-side in middleware.