Haelnorr
1b25e2f0a5
Simplified the database layer by removing custom interface wrappers and using standard library *sql.DB and *sql.Tx types directly. Changes: - Removed DBConnection and DBTransaction interfaces from database.go - Removed NewDBConnection() wrapper function - Updated TokenGenerator to use *sql.DB instead of DBConnection - Updated all validation and revocation methods to accept *sql.Tx - Updated TableManager to work with *sql.DB directly - Updated all tests to use db.Begin() instead of custom wrappers - Fixed GeneratorConfig.DB field (was DBConn) - Updated documentation in doc.go with correct API usage Benefits: - Simpler API with fewer abstractions - Works directly with database/sql standard library - Compatible with GORM (via gormDB.DB()) and Bun (share same *sql.DB) - Easier to understand and maintain - No unnecessary wrapper layers Breaking changes: - GeneratorConfig.DBConn renamed to GeneratorConfig.DB - Removed NewDBConnection() function - pass *sql.DB directly - ValidateAccess/ValidateRefresh now accept *sql.Tx instead of DBTransaction - Token.Revoke/CheckNotRevoked now accept *sql.Tx instead of DBTransaction 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
102 lines
3.0 KiB
Go
102 lines
3.0 KiB
Go
package jwt
|
|
|
|
import (
|
|
"github.com/pkg/errors"
|
|
"net/http"
|
|
"time"
|
|
)
|
|
|
|
// GetTokenCookies extracts access and refresh tokens from HTTP request cookies.
|
|
// Returns empty strings for any cookies that don't exist.
|
|
//
|
|
// Returns:
|
|
// - acc: The access token value from the "access" cookie (empty if not found)
|
|
// - ref: The refresh token value from the "refresh" cookie (empty if not found)
|
|
func GetTokenCookies(
|
|
r *http.Request,
|
|
) (acc string, ref string) {
|
|
accCookie, accErr := r.Cookie("access")
|
|
refCookie, refErr := r.Cookie("refresh")
|
|
var (
|
|
accStr string = ""
|
|
refStr string = ""
|
|
)
|
|
if accErr == nil {
|
|
accStr = accCookie.Value
|
|
}
|
|
if refErr == nil {
|
|
refStr = refCookie.Value
|
|
}
|
|
return accStr, refStr
|
|
}
|
|
|
|
// setToken is an internal helper that sets a token cookie with the specified parameters.
|
|
// The cookie is HttpOnly for security and uses SameSite=Lax mode.
|
|
//
|
|
// Parameters:
|
|
// - w: HTTP response writer to set the cookie on
|
|
// - token: The token value to store in the cookie
|
|
// - scope: The cookie name ("access" or "refresh")
|
|
// - exp: Unix timestamp when the token expires
|
|
// - rememberme: If true, sets cookie expiration; if false, cookie is session-only
|
|
// - useSSL: If true, marks cookie as Secure (HTTPS only)
|
|
func setToken(
|
|
w http.ResponseWriter,
|
|
token string,
|
|
scope string,
|
|
exp int64,
|
|
rememberme bool,
|
|
useSSL bool,
|
|
) {
|
|
tokenCookie := &http.Cookie{
|
|
Name: scope,
|
|
Value: token,
|
|
Path: "/",
|
|
HttpOnly: true,
|
|
SameSite: http.SameSiteLaxMode,
|
|
Secure: useSSL,
|
|
}
|
|
if rememberme {
|
|
tokenCookie.Expires = time.Unix(exp, 0)
|
|
}
|
|
http.SetCookie(w, tokenCookie)
|
|
}
|
|
|
|
// SetTokenCookies generates new access and refresh tokens for a user and sets them as HTTP cookies.
|
|
// This is a convenience function that combines token generation with cookie setting.
|
|
// Cookies are HttpOnly and use SameSite=Lax for security.
|
|
//
|
|
// Parameters:
|
|
// - w: HTTP response writer to set cookies on
|
|
// - r: HTTP request (unused but kept for API consistency)
|
|
// - tokenGen: The TokenGenerator to use for creating tokens
|
|
// - subject: The user ID to generate tokens for
|
|
// - fresh: If true, marks the access token as fresh for sensitive operations
|
|
// - rememberMe: If true, tokens persist beyond browser session
|
|
// - useSSL: If true, marks cookies as Secure (HTTPS only)
|
|
//
|
|
// Returns an error if token generation fails. Cookies are only set if both tokens
|
|
// are generated successfully.
|
|
func SetTokenCookies(
|
|
w http.ResponseWriter,
|
|
r *http.Request,
|
|
tokenGen *TokenGenerator,
|
|
subject int,
|
|
fresh bool,
|
|
rememberMe bool,
|
|
useSSL bool,
|
|
) error {
|
|
at, atexp, err := tokenGen.NewAccess(subject, fresh, rememberMe)
|
|
if err != nil {
|
|
return errors.Wrap(err, "jwt.GenerateAccessToken")
|
|
}
|
|
rt, rtexp, err := tokenGen.NewRefresh(subject, rememberMe)
|
|
if err != nil {
|
|
return errors.Wrap(err, "jwt.GenerateRefreshToken")
|
|
}
|
|
// Don't set the cookies until we know no errors occured
|
|
setToken(w, at, "access", atexp, rememberMe, useSSL)
|
|
setToken(w, rt, "refresh", rtexp, rememberMe, useSSL)
|
|
return nil
|
|
}
|