Ilia Denisov
eeaad62b10
- internal/postgres: pgx-over-database/sql pool (otelsql), embedded goose
migrations into schema 'backend', committed go-jet code + cmd/jetgen tool.
- internal/account: durable accounts + unified telegram/email identities
(UUIDv7 keys), find-or-create provisioning with unique-conflict handling.
- internal/session: opaque 256-bit tokens stored as a SHA-256 hash, revoke-only
(no TTL); write-through cache gating /readyz; store + service.
- internal/telemetry: OTel tracer/meter providers (none/stdout) + request-timing
middleware; internal/config gains Postgres + OTel env loading.
- internal/server: /api/v1 {public,user,internal,admin} skeleton + X-User-ID
middleware; /readyz checks DB ping + cache; main wires
telemetry -> db+migrate -> warm cache -> server.
- Tests: unit + integration (build tag 'integration', testcontainers
postgres:17) for migrations, accounts, sessions, readyz; new integration.yaml.
- Docs: ARCHITECTURE, TESTING, PLAN refinements, root + backend READMEs.
Session/account REST handlers deferred to Stage 6 (gateway); OTLP + dashboards
to Stage 11.
74 lines
2.1 KiB
Go
74 lines
2.1 KiB
Go
package session
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/google/uuid"
|
|
)
|
|
|
|
// Service mints, resolves, and revokes sessions over the store and the
|
|
// write-through cache. The gateway is its only caller (from a later stage); the
|
|
// HTTP surface is wired then.
|
|
type Service struct {
|
|
store *Store
|
|
cache *Cache
|
|
}
|
|
|
|
// NewService constructs a Service over store and cache.
|
|
func NewService(store *Store, cache *Cache) *Service {
|
|
return &Service{store: store, cache: cache}
|
|
}
|
|
|
|
// Warm hydrates the cache from the store. Call once before serving traffic.
|
|
func (svc *Service) Warm(ctx context.Context) error {
|
|
return svc.cache.Warm(ctx, svc.store)
|
|
}
|
|
|
|
// Ready reports whether the session cache has been warmed.
|
|
func (svc *Service) Ready() bool {
|
|
return svc.cache.Ready()
|
|
}
|
|
|
|
// Create mints a new active session for accountID and returns the plaintext
|
|
// token (shown to the caller once) together with the persisted session.
|
|
func (svc *Service) Create(ctx context.Context, accountID uuid.UUID) (string, Session, error) {
|
|
token, tokenHash, err := GenerateToken()
|
|
if err != nil {
|
|
return "", Session{}, err
|
|
}
|
|
sess, err := svc.store.Insert(ctx, accountID, tokenHash)
|
|
if err != nil {
|
|
return "", Session{}, err
|
|
}
|
|
svc.cache.Add(sess)
|
|
return token, sess, nil
|
|
}
|
|
|
|
// Resolve maps a presented token to its active session, consulting the cache
|
|
// first and falling back to the store (repopulating the cache on a hit).
|
|
// Returns ErrNotFound when no active session matches.
|
|
func (svc *Service) Resolve(ctx context.Context, token string) (Session, error) {
|
|
hash := HashToken(token)
|
|
if sess, ok := svc.cache.Get(hash); ok {
|
|
return sess, nil
|
|
}
|
|
sess, err := svc.store.FindActiveByTokenHash(ctx, hash)
|
|
if err != nil {
|
|
return Session{}, err
|
|
}
|
|
svc.cache.Add(sess)
|
|
return sess, nil
|
|
}
|
|
|
|
// Revoke revokes the session for the presented token. It is idempotent:
|
|
// revoking an unknown or already-revoked token returns nil.
|
|
func (svc *Service) Revoke(ctx context.Context, token string) error {
|
|
hash := HashToken(token)
|
|
if _, _, err := svc.store.RevokeByTokenHash(ctx, hash, time.Now().UTC()); err != nil {
|
|
return err
|
|
}
|
|
svc.cache.Remove(hash)
|
|
return nil
|
|
}
|