By: Michael Lynch <git@mtlynch.io>
Simplify shared-secret auth plumbing Move session cleanup out of handlers.New so the server constructor only takes request-time dependencies. Replace the extra auth_users table and session creation transaction with a single auth_sessions table, and let the session manager own expiration checks through its injected clock. Use direct password-hash verification for the shared secret instead of adapting simpleauth's username/password store interface.
| Time to Start | Worker time | Duration | Time to finish | |
| Config | 0s | 2s | 2s | 2s |
| Eval | - | - | - | - |
| Build | 5s | 20s | - | - |
| Test | - | - | - | - |
| Deploy | - | - | - | - |
| Suite | 0s | 23s | - | - |