h/golib
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
hws/v0.4.1
golib/jwt/cookies.go
Haelnorr 1b25e2f0a5 Refactor database interface to use *sql.DB directly 
Simplified the database layer by removing custom interface wrappers
and using standard library *sql.DB and *sql.Tx types directly.

Changes:
- Removed DBConnection and DBTransaction interfaces from database.go
- Removed NewDBConnection() wrapper function
- Updated TokenGenerator to use *sql.DB instead of DBConnection
- Updated all validation and revocation methods to accept *sql.Tx
- Updated TableManager to work with *sql.DB directly
- Updated all tests to use db.Begin() instead of custom wrappers
- Fixed GeneratorConfig.DB field (was DBConn)
- Updated documentation in doc.go with correct API usage

Benefits:
- Simpler API with fewer abstractions
- Works directly with database/sql standard library
- Compatible with GORM (via gormDB.DB()) and Bun (share same *sql.DB)
- Easier to understand and maintain
- No unnecessary wrapper layers

Breaking changes:
- GeneratorConfig.DBConn renamed to GeneratorConfig.DB
- Removed NewDBConnection() function - pass *sql.DB directly
- ValidateAccess/ValidateRefresh now accept *sql.Tx instead of DBTransaction
- Token.Revoke/CheckNotRevoked now accept *sql.Tx instead of DBTransaction

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-11 17:39:30 +11:00

102 lines
3.0 KiB
Go
Raw Permalink Blame History

package jwt
import (
"github.com/pkg/errors"
"net/http"
"time"
)
// GetTokenCookies extracts access and refresh tokens from HTTP request cookies.
// Returns empty strings for any cookies that don't exist.
//
// Returns:
// - acc: The access token value from the "access" cookie (empty if not found)
// - ref: The refresh token value from the "refresh" cookie (empty if not found)
func GetTokenCookies(
r *http.Request,
) (acc string, ref string) {
accCookie, accErr := r.Cookie("access")
refCookie, refErr := r.Cookie("refresh")
var (
accStr string = ""
refStr string = ""
)
if accErr == nil {
accStr = accCookie.Value
}
if refErr == nil {
refStr = refCookie.Value
}
return accStr, refStr
}
// setToken is an internal helper that sets a token cookie with the specified parameters.
// The cookie is HttpOnly for security and uses SameSite=Lax mode.
//
// Parameters:
// - w: HTTP response writer to set the cookie on
// - token: The token value to store in the cookie
// - scope: The cookie name ("access" or "refresh")
// - exp: Unix timestamp when the token expires
// - rememberme: If true, sets cookie expiration; if false, cookie is session-only
// - useSSL: If true, marks cookie as Secure (HTTPS only)
func setToken(
w http.ResponseWriter,
token string,
scope string,
exp int64,
rememberme bool,
useSSL bool,
) {
tokenCookie := &http.Cookie{
Name: scope,
Value: token,
Path: "/",
HttpOnly: true,
SameSite: http.SameSiteLaxMode,
Secure: useSSL,
}
if rememberme {
tokenCookie.Expires = time.Unix(exp, 0)
}
http.SetCookie(w, tokenCookie)
}
// SetTokenCookies generates new access and refresh tokens for a user and sets them as HTTP cookies.
// This is a convenience function that combines token generation with cookie setting.
// Cookies are HttpOnly and use SameSite=Lax for security.
//
// Parameters:
// - w: HTTP response writer to set cookies on
// - r: HTTP request (unused but kept for API consistency)
// - tokenGen: The TokenGenerator to use for creating tokens
// - subject: The user ID to generate tokens for
// - fresh: If true, marks the access token as fresh for sensitive operations
// - rememberMe: If true, tokens persist beyond browser session
// - useSSL: If true, marks cookies as Secure (HTTPS only)
//
// Returns an error if token generation fails. Cookies are only set if both tokens
// are generated successfully.
func SetTokenCookies(
w http.ResponseWriter,
r *http.Request,
tokenGen *TokenGenerator,
subject int,
fresh bool,
rememberMe bool,
useSSL bool,
) error {
at, atexp, err := tokenGen.NewAccess(subject, fresh, rememberMe)
if err != nil {
return errors.Wrap(err, "jwt.GenerateAccessToken")
}
rt, rtexp, err := tokenGen.NewRefresh(subject, rememberMe)
if err != nil {
return errors.Wrap(err, "jwt.GenerateRefreshToken")
}
// Don't set the cookies until we know no errors occured
setToken(w, at, "access", atexp, rememberMe, useSSL)
setToken(w, rt, "refresh", rtexp, rememberMe, useSSL)
return nil
}
Reference in New Issue View Git Blame Copy Permalink