wikiapiserver/db, branch master Small server utility to make working with wikimedia enterprise api a little bit easier. feat: log article API failures to database 2026-06-25T19:35:50+00:00 wikiapiserver 2026-06-25T19:35:50+00:00 795fb7facf403f4e3d452d2e08ba11f98e8ee997 - Created api_logs table (username, article_name, status_code, response_time_ms, error, request_url) - GetArticle logs failures (network errors and non-2xx responses) with timing, status code, and response body - Successful requests are not logged 
- Created api_logs table (username, article_name, status_code,
  response_time_ms, error, request_url)
- GetArticle logs failures (network errors and non-2xx responses)
  with timing, status code, and response body
- Successful requests are not logged
feat: GET /token?username=... returns access_token and valid_until 2026-06-25T12:59:59+00:00 wikiapiserver 2026-06-25T12:59:59+00:00 857fc8bd77e36a45b249b83419c7ba3dde2b792a Returns the stored access_token and the timestamp when it was created (access_token_created). Returns 401 for unknown users. 
Returns the stored access_token and the timestamp when it was
created (access_token_created). Returns 401 for unknown users.
feat: token refresh with age-based logic 2026-06-25T12:47:35+00:00 wikiapiserver 2026-06-25T12:47:35+00:00 cc960860e4109b4eb50721d0b3338df4b859d559 - RefreshTokens checks token age and chooses the right path: - refresh_token > 90 days: re-auth via WikimediaLogin (full login) - access_token > 24 hours: refresh via WikimediaTokenRefresh - otherwise: return current tokens - WikimediaTokenRefresh posts to /v1/token-refresh endpoint - Login also uses WikimediaLogin instead of local RotateTokens - Removed dead RotateTokens, RefreshByToken, and randomHex - DSN includes parseTime=true for timestamp columns 
- RefreshTokens checks token age and chooses the right path:
  - refresh_token > 90 days: re-auth via WikimediaLogin (full login)
  - access_token > 24 hours: refresh via WikimediaTokenRefresh
  - otherwise: return current tokens
- WikimediaTokenRefresh posts to /v1/token-refresh endpoint
- Login also uses WikimediaLogin instead of local RotateTokens
- Removed dead RotateTokens, RefreshByToken, and randomHex
- DSN includes parseTime=true for timestamp columns
refactor: extract Wikimedia auth into reusable function 2026-06-25T12:40:16+00:00 wikiapiserver 2026-06-25T12:40:16+00:00 e375b6cc68f4a9b0e91b25479538dc76d1f1e620 - WikimediaLogin is a standalone function: POSTs to auth.enterprise.wikimedia.com and returns the tokens. Can be called from any flow. - Register composes WikimediaLogin + CreateAccount - CreateAccount now takes tokens as arguments (pure DB insert) 
- WikimediaLogin is a standalone function: POSTs to auth.enterprise.wikimedia.com
  and returns the tokens. Can be called from any flow.
- Register composes WikimediaLogin + CreateAccount
- CreateAccount now takes tokens as arguments (pure DB insert)
fix: update queries for new refresh_token_created column and add error logging 2026-06-25T11:10:33+00:00 wikiapiserver 2026-06-25T11:10:33+00:00 21fb3c12c86fe3f03531c4f323854da36fb82628 - INSERT and UPDATE now set both refresh_token_created and access_token_created timestamps - Register handler logs the actual error on failure 
- INSERT and UPDATE now set both refresh_token_created and
  access_token_created timestamps
- Register handler logs the actual error on failure
refactor: store tokens in plaintext 2026-06-25T10:47:38+00:00 wikiapiserver 2026-06-25T10:47:38+00:00 363d4edfed8361ba3121278eb5d7f5e5779e964c Remove SHA-256 hashing of refresh_token and access_token. Tokens are now stored and looked up as-is, matching the Wikimedia API format. 
Remove SHA-256 hashing of refresh_token and access_token.
Tokens are now stored and looked up as-is, matching the
Wikimedia API format.
feat: integrate Wikimedia Enterprise auth API on register 2026-06-25T10:45:50+00:00 wikiapiserver 2026-06-25T10:45:50+00:00 742cd195c0018bcbc6e748d9100b643ffe1f6358 Register now calls POST /v1/login on the Wikimedia auth endpoint to obtain refresh_token and access_token. Tokens are hashed (SHA-256) before storage. If the API call fails, registration fails. 
Register now calls POST /v1/login on the Wikimedia auth endpoint
to obtain refresh_token and access_token. Tokens are hashed (SHA-256)
before storage. If the API call fails, registration fails.
refactor: remove token generation from register 2026-06-25T10:36:15+00:00 wikiapiserver 2026-06-25T10:36:15+00:00 ad6b1f3138cd3cd953f9caa6ab5483f0d1ac03eb Register only saves username and plaintext password. Token fields are left empty until set by the Wikimedia API. 
Register only saves username and plaintext password.
Token fields are left empty until set by the Wikimedia API.
refactor: store password in plaintext 2026-06-25T10:30:55+00:00 wikiapiserver 2026-06-25T10:30:55+00:00 550ca6c19b99e899d60153faeaf505530d508f3d Remove SHA-256 hashing for the password column. Tokens still hashed with SHA-256 in the database. 
Remove SHA-256 hashing for the password column.
Tokens still hashed with SHA-256 in the database.
feat: initial wiki API server with account management 2026-06-25T10:23:11+00:00 wikiapiserver 2026-06-25T10:22:58+00:00 6667426e24bba82ade4702cb8f85849bebec6077 - HTTP API with JSON over configurable port (default 8080) - Endpoints: POST /register, POST /login, POST /refresh, GET /health - MariaDB storage with SHA-256 hashed credentials and tokens - Token rotation on login and refresh - Config loaded from config.json (not tracked in git) - Graceful shutdown on SIGINT/SIGTERM - Connection pool (25 max open, 10 idle, 5min max lifetime) 
- HTTP API with JSON over configurable port (default 8080)
- Endpoints: POST /register, POST /login, POST /refresh, GET /health
- MariaDB storage with SHA-256 hashed credentials and tokens
- Token rotation on login and refresh
- Config loaded from config.json (not tracked in git)
- Graceful shutdown on SIGINT/SIGTERM
- Connection pool (25 max open, 10 idle, 5min max lifetime)