h/golib
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor database interface to use *sql.DB directly

Browse Source 
Simplified the database layer by removing custom interface wrappers
and using standard library *sql.DB and *sql.Tx types directly.

Changes:
- Removed DBConnection and DBTransaction interfaces from database.go
- Removed NewDBConnection() wrapper function
- Updated TokenGenerator to use *sql.DB instead of DBConnection
- Updated all validation and revocation methods to accept *sql.Tx
- Updated TableManager to work with *sql.DB directly
- Updated all tests to use db.Begin() instead of custom wrappers
- Fixed GeneratorConfig.DB field (was DBConn)
- Updated documentation in doc.go with correct API usage

Benefits:
- Simpler API with fewer abstractions
- Works directly with database/sql standard library
- Compatible with GORM (via gormDB.DB()) and Bun (share same *sql.DB)
- Easier to understand and maintain
- No unnecessary wrapper layers

Breaking changes:
- GeneratorConfig.DBConn renamed to GeneratorConfig.DB
- Removed NewDBConnection() function - pass *sql.DB directly
- ValidateAccess/ValidateRefresh now accept *sql.Tx instead of DBTransaction
- Token.Revoke/CheckNotRevoked now accept *sql.Tx instead of DBTransaction

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Haelnorr
2026-01-11 17:39:30 +11:00
parent 557e9812e6
commit 1b25e2f0a5
44 changed files with 3728 additions and 294 deletions
Download Patch File Download Diff File Expand all files Collapse all files

132
hwsauth/authenticator.go
View File

@@ -10,31 +10,28 @@ import (
)
type Authenticator[T Model] struct {
tokenGenerator *jwt.TokenGenerator
load LoadFunc[T]
conn *sql.DB
ignoredPaths []string
logger *zerolog.Logger
server *hws.Server
errorPage hws.ErrorPage
SSL bool // Use SSL for JWT tokens. Default true
TrustedHost string // TrustedHost to use for SSL verification
SecretKey string // Secret key to use for JWT tokens
AccessTokenExpiry int64 // Expiry time for Access tokens in minutes. Default 5
RefreshTokenExpiry int64 // Expiry time for Refresh tokens in minutes. Default 1440 (1 day)
TokenFreshTime int64 // Expiry time of token freshness. Default 5 minutes
LandingPage string // Path of the desired landing page for logged in users
tokenGenerator *jwt.TokenGenerator
load LoadFunc[T]
conn DBConnection
ignoredPaths []string
logger *zerolog.Logger
server *hws.Server
errorPage hws.ErrorPageFunc
SSL bool // Use SSL for JWT tokens. Default true
LandingPage string // Path of the desired landing page for logged in users
}
// NewAuthenticator creates and returns a new Authenticator using the provided configuration.
// All expiry times should be provided in minutes.
// trustedHost and secretKey strings must be provided.
// If cfg is nil or any required fields are not set, default values will be used or an error returned.
// Required fields: SecretKey (no default)
// If SSL is true, TrustedHost is also required.
func NewAuthenticator[T Model](
cfg *Config,
load LoadFunc[T],
server *hws.Server,
conn *sql.DB,
conn DBConnection,
logger *zerolog.Logger,
errorPage hws.ErrorPage,
errorPage hws.ErrorPageFunc,
) (*Authenticator[T], error) {
if load == nil {
return nil, errors.New("No function to load model supplied")
@@ -51,43 +48,70 @@ func NewAuthenticator[T Model](
if errorPage == nil {
return nil, errors.New("No ErrorPage provided")
}
// Validate config
if cfg == nil {
return nil, errors.New("Config is required")
}
if cfg.SecretKey == "" {
return nil, errors.New("SecretKey is required")
}
if cfg.SSL && cfg.TrustedHost == "" {
return nil, errors.New("TrustedHost is required when SSL is enabled")
}
if cfg.AccessTokenExpiry == 0 {
cfg.AccessTokenExpiry = 5
}
if cfg.RefreshTokenExpiry == 0 {
cfg.RefreshTokenExpiry = 1440
}
if cfg.TokenFreshTime == 0 {
cfg.TokenFreshTime = 5
}
if cfg.LandingPage == "" {
cfg.LandingPage = "/profile"
}
// Cast DBConnection to *sql.DB
// DBConnection is satisfied by *sql.DB, so this cast should be safe for standard usage
sqlDB, ok := conn.(*sql.DB)
if !ok {
return nil, errors.New("DBConnection must be *sql.DB for JWT token generation")
}
// Configure JWT table
tableConfig := jwt.DefaultTableConfig()
if cfg.JWTTableName != "" {
tableConfig.TableName = cfg.JWTTableName
}
// Create token generator
tokenGen, err := jwt.CreateGenerator(jwt.GeneratorConfig{
AccessExpireAfter: cfg.AccessTokenExpiry,
RefreshExpireAfter: cfg.RefreshTokenExpiry,
FreshExpireAfter: cfg.TokenFreshTime,
TrustedHost: cfg.TrustedHost,
SecretKey: cfg.SecretKey,
DBConn: sqlDB,
DBType: jwt.DatabaseType{
Type: cfg.DatabaseType,
Version: cfg.DatabaseVersion,
},
TableConfig: tableConfig,
})
if err != nil {
return nil, errors.Wrap(err, "jwt.CreateGenerator")
}
auth := Authenticator[T]{
load: load,
server: server,
conn: conn,
logger: logger,
errorPage: errorPage,
AccessTokenExpiry: 5,
RefreshTokenExpiry: 1440,
TokenFreshTime: 5,
SSL: true,
tokenGenerator: tokenGen,
load: load,
server: server,
conn: conn,
logger: logger,
errorPage: errorPage,
SSL: cfg.SSL,
LandingPage: cfg.LandingPage,
}
return &auth, nil
}
// Initialise finishes the setup and prepares the Authenticator for use.
// Any custom configuration must be set before Initialise is called
func (auth *Authenticator[T]) Initialise() error {
if auth.TrustedHost == "" {
return errors.New("Trusted host must be provided")
}
if auth.SecretKey == "" {
return errors.New("Secret key cannot be blank")
}
if auth.LandingPage == "" {
return errors.New("No landing page specified")
}
tokenGen, err := jwt.CreateGenerator(
auth.AccessTokenExpiry,
auth.RefreshTokenExpiry,
auth.TokenFreshTime,
auth.TrustedHost,
auth.SecretKey,
auth.conn,
)
if err != nil {
return errors.Wrap(err, "jwt.CreateGenerator")
}
auth.tokenGenerator = tokenGen
return nil
}