Haelnorr
1b25e2f0a5
Simplified the database layer by removing custom interface wrappers and using standard library *sql.DB and *sql.Tx types directly. Changes: - Removed DBConnection and DBTransaction interfaces from database.go - Removed NewDBConnection() wrapper function - Updated TokenGenerator to use *sql.DB instead of DBConnection - Updated all validation and revocation methods to accept *sql.Tx - Updated TableManager to work with *sql.DB directly - Updated all tests to use db.Begin() instead of custom wrappers - Fixed GeneratorConfig.DB field (was DBConn) - Updated documentation in doc.go with correct API usage Benefits: - Simpler API with fewer abstractions - Works directly with database/sql standard library - Compatible with GORM (via gormDB.DB()) and Bun (share same *sql.DB) - Easier to understand and maintain - No unnecessary wrapper layers Breaking changes: - GeneratorConfig.DBConn renamed to GeneratorConfig.DB - Removed NewDBConnection() function - pass *sql.DB directly - ValidateAccess/ValidateRefresh now accept *sql.Tx instead of DBTransaction - Token.Revoke/CheckNotRevoked now accept *sql.Tx instead of DBTransaction 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
54 lines
1.4 KiB
Go
54 lines
1.4 KiB
Go
package hwsauth
|
|
|
|
import (
|
|
"net/http"
|
|
"time"
|
|
|
|
"git.haelnorr.com/h/golib/jwt"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
// Check the cookies for token strings and attempt to authenticate them
|
|
func (auth *Authenticator[T]) getAuthenticatedUser(
|
|
tx DBTransaction,
|
|
w http.ResponseWriter,
|
|
r *http.Request,
|
|
) (authenticatedModel[T], error) {
|
|
// Get token strings from cookies
|
|
atStr, rtStr := jwt.GetTokenCookies(r)
|
|
if atStr == "" && rtStr == "" {
|
|
return authenticatedModel[T]{}, errors.New("No token strings provided")
|
|
}
|
|
// Attempt to parse the access token
|
|
aT, err := auth.tokenGenerator.ValidateAccess(tx, atStr)
|
|
if err != nil {
|
|
// Access token invalid, attempt to parse refresh token
|
|
rT, err := auth.tokenGenerator.ValidateRefresh(tx, rtStr)
|
|
if err != nil {
|
|
return authenticatedModel[T]{}, errors.Wrap(err, "auth.tokenGenerator.ValidateRefresh")
|
|
}
|
|
// Refresh token valid, attempt to get a new token pair
|
|
model, err := auth.refreshAuthTokens(tx, w, r, rT)
|
|
if err != nil {
|
|
return authenticatedModel[T]{}, errors.Wrap(err, "auth.refreshAuthTokens")
|
|
}
|
|
// New token pair sent, return the authorized user
|
|
authUser := authenticatedModel[T]{
|
|
model: model,
|
|
fresh: time.Now().Unix(),
|
|
}
|
|
return authUser, nil
|
|
}
|
|
|
|
// Access token valid
|
|
model, err := auth.load(tx, aT.SUB)
|
|
if err != nil {
|
|
return authenticatedModel[T]{}, errors.Wrap(err, "auth.load")
|
|
}
|
|
authUser := authenticatedModel[T]{
|
|
model: model,
|
|
fresh: aT.Fresh,
|
|
}
|
|
return authUser, nil
|
|
}
|