Refactor database interface to use *sql.DB directly

Simplified the database layer by removing custom interface wrappers
and using standard library *sql.DB and *sql.Tx types directly.

Changes:
- Removed DBConnection and DBTransaction interfaces from database.go
- Removed NewDBConnection() wrapper function
- Updated TokenGenerator to use *sql.DB instead of DBConnection
- Updated all validation and revocation methods to accept *sql.Tx
- Updated TableManager to work with *sql.DB directly
- Updated all tests to use db.Begin() instead of custom wrappers
- Fixed GeneratorConfig.DB field (was DBConn)
- Updated documentation in doc.go with correct API usage

Benefits:
- Simpler API with fewer abstractions
- Works directly with database/sql standard library
- Compatible with GORM (via gormDB.DB()) and Bun (share same *sql.DB)
- Easier to understand and maintain
- No unnecessary wrapper layers

Breaking changes:
- GeneratorConfig.DBConn renamed to GeneratorConfig.DB
- Removed NewDBConnection() function - pass *sql.DB directly
- ValidateAccess/ValidateRefresh now accept *sql.Tx instead of DBTransaction
- Token.Revoke/CheckNotRevoked now accept *sql.Tx instead of DBTransaction

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

hwsauth/protectpage.go

@@ -3,14 +3,33 @@ package hwsauth
 import (
 	"net/http"
 	"time"
+
+	"git.haelnorr.com/h/golib/hws"
 )
 
 // Checks if the model is set in the context and shows 401 page if not logged in
 func (auth *Authenticator[T]) LoginReq(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		model := getAuthorizedModel[T](r.Context())
-		if model == nil {
-			auth.errorPage(http.StatusUnauthorized, w, r)
+		_, ok := getAuthorizedModel[T](r.Context())
+		if !ok {
+			page, err := auth.errorPage(http.StatusUnauthorized)
+			if err != nil {
+				auth.server.ThrowError(w, r, hws.HWSError{
+					Error:           err,
+					Message:         "Failed to get valid error page",
+					StatusCode:      http.StatusInternalServerError,
+					RenderErrorPage: true,
+				})
+			}
+			err = page.Render(r.Context(), w)
+			if err != nil {
+				auth.server.ThrowError(w, r, hws.HWSError{
+					Error:           err,
+					Message:         "Failed to render error page",
+					StatusCode:      http.StatusInternalServerError,
+					RenderErrorPage: true,
+				})
+			}
 			return
 		}
 		next.ServeHTTP(w, r)
@@ -21,8 +40,8 @@ func (auth *Authenticator[T]) LoginReq(next http.Handler) http.Handler {
 // they are logged in
 func (auth *Authenticator[T]) LogoutReq(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		model := getAuthorizedModel[T](r.Context())
-		if model != nil {
+		_, ok := getAuthorizedModel[T](r.Context())
+		if ok {
 			http.Redirect(w, r, auth.LandingPage, http.StatusFound)
 			return
 		}
@@ -30,9 +49,33 @@ func (auth *Authenticator[T]) LogoutReq(next http.Handler) http.Handler {
 	})
 }
 
+// FreshReq protects a route from access if the auth token is not fresh.
+// A status code of 444 will be written to the header and the request will be terminated.
+// As an example, this can be used on the client to show a confirm password dialog to refresh their login
 func (auth *Authenticator[T]) FreshReq(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		model := getAuthorizedModel[T](r.Context())
+		model, ok := getAuthorizedModel[T](r.Context())
+		if !ok {
+			page, err := auth.errorPage(http.StatusUnauthorized)
+			if err != nil {
+				auth.server.ThrowError(w, r, hws.HWSError{
+					Error:           err,
+					Message:         "Failed to get valid error page",
+					StatusCode:      http.StatusInternalServerError,
+					RenderErrorPage: true,
+				})
+			}
+			err = page.Render(r.Context(), w)
+			if err != nil {
+				auth.server.ThrowError(w, r, hws.HWSError{
+					Error:           err,
+					Message:         "Failed to render error page",
+					StatusCode:      http.StatusInternalServerError,
+					RenderErrorPage: true,
+				})
+			}
+			return
+		}
 		isFresh := time.Now().Before(time.Unix(model.fresh, 0))
 		if !isFresh {
 			w.WriteHeader(444)