This adds support for full application-enforced authentication, with optional IAP headers. Some UX will not be great yet (e.g. the 401 page is useless).
It adds tests for all existing routes that require auth, as well as pages requiring admin.
Pages which are allowed without auth are:
/about
/feed/$feedId.xml
/image-uploads/$
Contains a set of test utilities to easily assert on auth requirements, as well as helpers to mock identities.
This adds support for full application-enforced authentication, with optional IAP headers. Some UX will not be great yet (e.g. the 401 page is useless).
It adds tests for all existing routes that require auth, as well as pages requiring admin.
Pages which are allowed without auth are:
Contains a set of test utilities to easily assert on auth requirements, as well as helpers to mock identities.