Stage 11: account linking & merge (email + Telegram Login Widget) (#12)
This commit was merged in pull request #12.
This commit is contained in:
@@ -4,6 +4,8 @@ import (
|
||||
"context"
|
||||
"sync"
|
||||
"sync/atomic"
|
||||
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
// Cache is the in-memory write-through projection of the active rows in
|
||||
@@ -93,3 +95,19 @@ func (c *Cache) Remove(tokenHash string) {
|
||||
defer c.mu.Unlock()
|
||||
delete(c.byHash, tokenHash)
|
||||
}
|
||||
|
||||
// RemoveByAccount evicts every cached session belonging to accountID. The
|
||||
// account-merge flow uses it to drop a retired secondary account's sessions
|
||||
// (Stage 11); a linear scan is adequate at the cache's size.
|
||||
func (c *Cache) RemoveByAccount(accountID uuid.UUID) {
|
||||
if c == nil {
|
||||
return
|
||||
}
|
||||
c.mu.Lock()
|
||||
defer c.mu.Unlock()
|
||||
for hash, s := range c.byHash {
|
||||
if s.AccountID == accountID {
|
||||
delete(c.byHash, hash)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -71,3 +71,14 @@ func (svc *Service) Revoke(ctx context.Context, token string) error {
|
||||
svc.cache.Remove(hash)
|
||||
return nil
|
||||
}
|
||||
|
||||
// RevokeAllForAccount revokes every active session of accountID and evicts them
|
||||
// from the cache. The account-merge flow calls it to retire a secondary account
|
||||
// (Stage 11). It is idempotent.
|
||||
func (svc *Service) RevokeAllForAccount(ctx context.Context, accountID uuid.UUID) error {
|
||||
if _, err := svc.store.RevokeAllForAccount(ctx, accountID, time.Now().UTC()); err != nil {
|
||||
return err
|
||||
}
|
||||
svc.cache.RemoveByAccount(accountID)
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -110,6 +110,34 @@ func (s *Store) RevokeByTokenHash(ctx context.Context, tokenHash string, at time
|
||||
return modelToSession(row), true, nil
|
||||
}
|
||||
|
||||
// RevokeAllForAccount transitions every active session of accountID to revoked
|
||||
// and returns the post-update rows (so the caller can evict them from the cache).
|
||||
// It backs the account-merge flow, which retires a secondary account's sessions
|
||||
// (Stage 11). No matching rows is not an error.
|
||||
func (s *Store) RevokeAllForAccount(ctx context.Context, accountID uuid.UUID, at time.Time) ([]Session, error) {
|
||||
stmt := table.Sessions.
|
||||
UPDATE(table.Sessions.Status, table.Sessions.RevokedAt).
|
||||
SET(postgres.String(StatusRevoked), postgres.TimestampzT(at)).
|
||||
WHERE(
|
||||
table.Sessions.AccountID.EQ(postgres.UUID(accountID)).
|
||||
AND(table.Sessions.Status.EQ(postgres.String(StatusActive))),
|
||||
).
|
||||
RETURNING(table.Sessions.AllColumns)
|
||||
|
||||
var rows []model.Sessions
|
||||
if err := stmt.QueryContext(ctx, s.db, &rows); err != nil {
|
||||
if errors.Is(err, qrm.ErrNoRows) {
|
||||
return nil, nil
|
||||
}
|
||||
return nil, fmt.Errorf("session: revoke all for account %s: %w", accountID, err)
|
||||
}
|
||||
out := make([]Session, 0, len(rows))
|
||||
for _, row := range rows {
|
||||
out = append(out, modelToSession(row))
|
||||
}
|
||||
return out, nil
|
||||
}
|
||||
|
||||
// ListActive loads every active session. Cache.Warm calls this at boot.
|
||||
func (s *Store) ListActive(ctx context.Context) ([]Session, error) {
|
||||
stmt := postgres.SELECT(table.Sessions.AllColumns).
|
||||
|
||||
Reference in New Issue
Block a user