Stage 1: backend foundation (Postgres, sessions, accounts, OTel)
- internal/postgres: pgx-over-database/sql pool (otelsql), embedded goose
migrations into schema 'backend', committed go-jet code + cmd/jetgen tool.
- internal/account: durable accounts + unified telegram/email identities
(UUIDv7 keys), find-or-create provisioning with unique-conflict handling.
- internal/session: opaque 256-bit tokens stored as a SHA-256 hash, revoke-only
(no TTL); write-through cache gating /readyz; store + service.
- internal/telemetry: OTel tracer/meter providers (none/stdout) + request-timing
middleware; internal/config gains Postgres + OTel env loading.
- internal/server: /api/v1 {public,user,internal,admin} skeleton + X-User-ID
middleware; /readyz checks DB ping + cache; main wires
telemetry -> db+migrate -> warm cache -> server.
- Tests: unit + integration (build tag 'integration', testcontainers
postgres:17) for migrations, accounts, sessions, readyz; new integration.yaml.
- Docs: ARCHITECTURE, TESTING, PLAN refinements, root + backend READMEs.
Session/account REST handlers deferred to Stage 6 (gateway); OTLP + dashboards
to Stage 11.
This commit is contained in:
Ilia Denisov
@@ -0,0 +1,73 @@
|
||||
package session
|
||||
|
||||
import (
|
||||
"context"
|
||||
"time"
|
||||
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
// Service mints, resolves, and revokes sessions over the store and the
|
||||
// write-through cache. The gateway is its only caller (from a later stage); the
|
||||
// HTTP surface is wired then.
|
||||
type Service struct {
|
||||
store *Store
|
||||
cache *Cache
|
||||
}
|
||||
|
||||
// NewService constructs a Service over store and cache.
|
||||
func NewService(store *Store, cache *Cache) *Service {
|
||||
return &Service{store: store, cache: cache}
|
||||
}
|
||||
|
||||
// Warm hydrates the cache from the store. Call once before serving traffic.
|
||||
func (svc *Service) Warm(ctx context.Context) error {
|
||||
return svc.cache.Warm(ctx, svc.store)
|
||||
}
|
||||
|
||||
// Ready reports whether the session cache has been warmed.
|
||||
func (svc *Service) Ready() bool {
|
||||
return svc.cache.Ready()
|
||||
}
|
||||
|
||||
// Create mints a new active session for accountID and returns the plaintext
|
||||
// token (shown to the caller once) together with the persisted session.
|
||||
func (svc *Service) Create(ctx context.Context, accountID uuid.UUID) (string, Session, error) {
|
||||
token, tokenHash, err := GenerateToken()
|
||||
if err != nil {
|
||||
return "", Session{}, err
|
||||
}
|
||||
sess, err := svc.store.Insert(ctx, accountID, tokenHash)
|
||||
if err != nil {
|
||||
return "", Session{}, err
|
||||
}
|
||||
svc.cache.Add(sess)
|
||||
return token, sess, nil
|
||||
}
|
||||
|
||||
// Resolve maps a presented token to its active session, consulting the cache
|
||||
// first and falling back to the store (repopulating the cache on a hit).
|
||||
// Returns ErrNotFound when no active session matches.
|
||||
func (svc *Service) Resolve(ctx context.Context, token string) (Session, error) {
|
||||
hash := HashToken(token)
|
||||
if sess, ok := svc.cache.Get(hash); ok {
|
||||
return sess, nil
|
||||
}
|
||||
sess, err := svc.store.FindActiveByTokenHash(ctx, hash)
|
||||
if err != nil {
|
||||
return Session{}, err
|
||||
}
|
||||
svc.cache.Add(sess)
|
||||
return sess, nil
|
||||
}
|
||||
|
||||
// Revoke revokes the session for the presented token. It is idempotent:
|
||||
// revoking an unknown or already-revoked token returns nil.
|
||||
func (svc *Service) Revoke(ctx context.Context, token string) error {
|
||||
hash := HashToken(token)
|
||||
if _, _, err := svc.store.RevokeByTokenHash(ctx, hash, time.Now().UTC()); err != nil {
|
||||
return err
|
||||
}
|
||||
svc.cache.Remove(hash)
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user