From 96fad1a4e78c7209e5a0f3496e8b59d591fbe500 Mon Sep 17 00:00:00 2001
From: nsfisis <nsfisis@gmail.com>
Date: Sun, 15 Feb 2026 11:12:50 +0900
Subject: refactor(auth): replace JWT authentication with server-side sessions

Migrate from stateless JWT tokens to server-side session management
backed by PostgreSQL. Sessions are hashed with SHA-256 before storage,
cleaned up periodically, and invalidated on logout. This removes the
need for JWT_SECRET/COOKIE_SECRET environment variables and the
golang-jwt dependency.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 backend/go.mod | 1 -
 1 file changed, 1 deletion(-)

(limited to 'backend/go.mod')

diff --git a/backend/go.mod b/backend/go.mod
index 388f706..3c73ff6 100644
--- a/backend/go.mod
+++ b/backend/go.mod
@@ -4,7 +4,6 @@ go 1.25.0
 
 require (
 	github.com/getkin/kin-openapi v0.133.0
-	github.com/golang-jwt/jwt/v5 v5.3.1
 	github.com/hibiken/asynq v0.26.0
 	github.com/jackc/pgx/v5 v5.8.0
 	github.com/labstack/echo/v4 v4.15.0
-- 
cgit v1.3.1