Refactor database interface to use *sql.DB directly
Simplified the database layer by removing custom interface wrappers and using standard library *sql.DB and *sql.Tx types directly. Changes: - Removed DBConnection and DBTransaction interfaces from database.go - Removed NewDBConnection() wrapper function - Updated TokenGenerator to use *sql.DB instead of DBConnection - Updated all validation and revocation methods to accept *sql.Tx - Updated TableManager to work with *sql.DB directly - Updated all tests to use db.Begin() instead of custom wrappers - Fixed GeneratorConfig.DB field (was DBConn) - Updated documentation in doc.go with correct API usage Benefits: - Simpler API with fewer abstractions - Works directly with database/sql standard library - Compatible with GORM (via gormDB.DB()) and Bun (share same *sql.DB) - Easier to understand and maintain - No unnecessary wrapper layers Breaking changes: - GeneratorConfig.DBConn renamed to GeneratorConfig.DB - Removed NewDBConnection() function - pass *sql.DB directly - ValidateAccess/ValidateRefresh now accept *sql.Tx instead of DBTransaction - Token.Revoke/CheckNotRevoked now accept *sql.Tx instead of DBTransaction 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -6,9 +6,26 @@ import (
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
// Parse an access token and return a struct with all the claims. Does validation on
|
||||
// all the claims, including checking if it is expired, has a valid issuer, and
|
||||
// has the correct scope.
|
||||
// ValidateAccess parses and validates a JWT access token string.
|
||||
//
|
||||
// This method performs comprehensive validation including:
|
||||
// - Signature verification using the secret key
|
||||
// - Expiration time checking (token must not be expired)
|
||||
// - Issuer verification (must match trusted host)
|
||||
// - Scope verification (must be "access" token)
|
||||
// - Revocation status check (if database is configured)
|
||||
//
|
||||
// The validation must be performed within a database transaction context to ensure
|
||||
// consistency when checking the blacklist. If no database is configured, the
|
||||
// revocation check is skipped.
|
||||
//
|
||||
// Parameters:
|
||||
// - tx: Database transaction for checking token revocation status
|
||||
// - tokenString: The JWT token string to validate
|
||||
//
|
||||
// Returns:
|
||||
// - *AccessToken: The validated token with all claims, or nil if validation fails
|
||||
// - error: Detailed error if validation fails (expired, revoked, invalid signature, etc.)
|
||||
func (gen *TokenGenerator) ValidateAccess(
|
||||
tx *sql.Tx,
|
||||
tokenString string,
|
||||
@@ -69,18 +86,35 @@ func (gen *TokenGenerator) ValidateAccess(
|
||||
}
|
||||
|
||||
valid, err := token.CheckNotRevoked(tx)
|
||||
if err != nil && gen.dbConn != nil {
|
||||
if err != nil && gen.db != nil {
|
||||
return nil, errors.Wrap(err, "token.CheckNotRevoked")
|
||||
}
|
||||
if !valid && gen.dbConn != nil {
|
||||
if !valid && gen.db != nil {
|
||||
return nil, errors.New("Token has been revoked")
|
||||
}
|
||||
return token, nil
|
||||
}
|
||||
|
||||
// Parse a refresh token and return a struct with all the claims. Does validation on
|
||||
// all the claims, including checking if it is expired, has a valid issuer, and
|
||||
// has the correct scope.
|
||||
// ValidateRefresh parses and validates a JWT refresh token string.
|
||||
//
|
||||
// This method performs comprehensive validation including:
|
||||
// - Signature verification using the secret key
|
||||
// - Expiration time checking (token must not be expired)
|
||||
// - Issuer verification (must match trusted host)
|
||||
// - Scope verification (must be "refresh" token)
|
||||
// - Revocation status check (if database is configured)
|
||||
//
|
||||
// The validation must be performed within a database transaction context to ensure
|
||||
// consistency when checking the blacklist. If no database is configured, the
|
||||
// revocation check is skipped.
|
||||
//
|
||||
// Parameters:
|
||||
// - tx: Database transaction for checking token revocation status
|
||||
// - tokenString: The JWT token string to validate
|
||||
//
|
||||
// Returns:
|
||||
// - *RefreshToken: The validated token with all claims, or nil if validation fails
|
||||
// - error: Detailed error if validation fails (expired, revoked, invalid signature, etc.)
|
||||
func (gen *TokenGenerator) ValidateRefresh(
|
||||
tx *sql.Tx,
|
||||
tokenString string,
|
||||
@@ -136,10 +170,10 @@ func (gen *TokenGenerator) ValidateRefresh(
|
||||
}
|
||||
|
||||
valid, err := token.CheckNotRevoked(tx)
|
||||
if err != nil && gen.dbConn != nil {
|
||||
if err != nil && gen.db != nil {
|
||||
return nil, errors.Wrap(err, "token.CheckNotRevoked")
|
||||
}
|
||||
if !valid && gen.dbConn != nil {
|
||||
if !valid && gen.db != nil {
|
||||
return nil, errors.New("Token has been revoked")
|
||||
}
|
||||
return token, nil
|
||||
|
||||
Reference in New Issue
Block a user