giles
6419aa38c5
Login had no visible entry point — you could only reach it by hitting a guard. Add an auth footer the pages splice in: "log in" when logged out, "signed in as <user> · log out" when logged in. - host/auth-footer: SX fragment reading the session principal; guards a session-less request so it's safe to call anywhere. - GET /logout added alongside POST so the footer link is a plain <a> (logout is low-harm; GET is acceptable). Clears the session, redirects home. - home and post pages splice (host/auth-footer req) into their footer. Tests: home + post footers show a login link when anonymous; GET /logout -> 303. 221/221. Verified live: anonymous shows "log in"; logged in shows "signed in as admin · log out"; /logout reverts it. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
6.3 KiB
6.3 KiB