92633f935e
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Successful in 11s
CI / integration (pull_request) Successful in 18s
CI / ui (pull_request) Successful in 1m7s
CI / conformance (pull_request) Successful in 10s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Successful in 1m42s
Record the execution platform (kind vk|telegram|direct + device subtype ios|android|web) on each session, captured at creation and carried gateway->backend as a trusted X-Platform header, so the upcoming store-compliance gate has an unforgeable execution context. - backend.sessions gains nullable platform_kind/platform_subtype columns (migration 00011, CHECK-constrained, jet regenerated); session.Platform captures them at mint, resolve returns them, middleware exposes platform(c). kind is derived from the establish endpoint, never a client field; the account-merge session mint inherits the caller's platform. - gateway derives the platform (VK subtype from the signed vk_platform via vkauth, Telegram/direct best-effort from the client) and injects X-Platform on every authenticated backend call through the request context. - ui submits a best-effort device subtype on the telegram/guest/email login requests (new FBS subtype field); VK is server-derived from the signed params. - an unattributed session is untrusted (view-only); VK/TG self-heal on the next cold-start re-mint, direct/email on re-login. Signal plumbing only, no user-visible change; X-Platform is inert until the gate consumes it.
86 lines
2.6 KiB
Go
86 lines
2.6 KiB
Go
package session
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/google/uuid"
|
|
)
|
|
|
|
// Service mints, resolves, and revokes sessions over the store and the
|
|
// write-through cache. The gateway is its only caller.
|
|
type Service struct {
|
|
store *Store
|
|
cache *Cache
|
|
}
|
|
|
|
// NewService constructs a Service over store and cache.
|
|
func NewService(store *Store, cache *Cache) *Service {
|
|
return &Service{store: store, cache: cache}
|
|
}
|
|
|
|
// Warm hydrates the cache from the store. Call once before serving traffic.
|
|
func (svc *Service) Warm(ctx context.Context) error {
|
|
return svc.cache.Warm(ctx, svc.store)
|
|
}
|
|
|
|
// Ready reports whether the session cache has been warmed.
|
|
func (svc *Service) Ready() bool {
|
|
return svc.cache.Ready()
|
|
}
|
|
|
|
// Create mints a new active session for accountID carrying the captured platform
|
|
// and returns the plaintext token (shown to the caller once) together with the
|
|
// persisted session. Pass the zero Platform for a session that could not be
|
|
// attributed to a trusted platform.
|
|
func (svc *Service) Create(ctx context.Context, accountID uuid.UUID, platform Platform) (string, Session, error) {
|
|
token, tokenHash, err := GenerateToken()
|
|
if err != nil {
|
|
return "", Session{}, err
|
|
}
|
|
sess, err := svc.store.Insert(ctx, accountID, tokenHash, platform)
|
|
if err != nil {
|
|
return "", Session{}, err
|
|
}
|
|
svc.cache.Add(sess)
|
|
return token, sess, nil
|
|
}
|
|
|
|
// Resolve maps a presented token to its active session, consulting the cache
|
|
// first and falling back to the store (repopulating the cache on a hit).
|
|
// Returns ErrNotFound when no active session matches.
|
|
func (svc *Service) Resolve(ctx context.Context, token string) (Session, error) {
|
|
hash := HashToken(token)
|
|
if sess, ok := svc.cache.Get(hash); ok {
|
|
return sess, nil
|
|
}
|
|
sess, err := svc.store.FindActiveByTokenHash(ctx, hash)
|
|
if err != nil {
|
|
return Session{}, err
|
|
}
|
|
svc.cache.Add(sess)
|
|
return sess, nil
|
|
}
|
|
|
|
// Revoke revokes the session for the presented token. It is idempotent:
|
|
// revoking an unknown or already-revoked token returns nil.
|
|
func (svc *Service) Revoke(ctx context.Context, token string) error {
|
|
hash := HashToken(token)
|
|
if _, _, err := svc.store.RevokeByTokenHash(ctx, hash, time.Now().UTC()); err != nil {
|
|
return err
|
|
}
|
|
svc.cache.Remove(hash)
|
|
return nil
|
|
}
|
|
|
|
// RevokeAllForAccount revokes every active session of accountID and evicts them
|
|
// from the cache. The account-merge flow calls it to retire a secondary account.
|
|
// It is idempotent.
|
|
func (svc *Service) RevokeAllForAccount(ctx context.Context, accountID uuid.UUID) error {
|
|
if _, err := svc.store.RevokeAllForAccount(ctx, accountID, time.Now().UTC()); err != nil {
|
|
return err
|
|
}
|
|
svc.cache.RemoveByAccount(accountID)
|
|
return nil
|
|
}
|