summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorwikiapiserver2026-06-25 12:47:38 +0200
committerwikiapiserver2026-06-25 12:47:38 +0200
commit363d4edfed8361ba3121278eb5d7f5e5779e964c (patch)
tree8788b8f0f000737395e029c055c9fa6ec221587a
parent742cd195c0018bcbc6e748d9100b643ffe1f6358 (diff)
downloadwikiapiserver-363d4edfed8361ba3121278eb5d7f5e5779e964c.tar.gz
refactor: store tokens in plaintext
Remove SHA-256 hashing of refresh_token and access_token. Tokens are now stored and looked up as-is, matching the Wikimedia API format.
Diffstat
-rw-r--r--db/db.go14
1 files changed, 4 insertions, 10 deletions
diff --git a/db/db.go b/db/db.go
index 7c26c8c..50b1f17 100644
--- a/db/db.go
+++ b/db/db.go
@@ -3,7 +3,6 @@ package db
import (
"context"
"crypto/rand"
- "crypto/sha256"
"database/sql"
"encoding/hex"
"encoding/json"
@@ -73,11 +72,6 @@ func randomHex(n int) (string, error) {
return hex.EncodeToString(b), nil
}
-func sha256hex(s string) string {
- h := sha256.Sum256([]byte(s))
- return hex.EncodeToString(h[:])
-}
-
// WikimediaTokens holds the tokens returned by the Wikimedia auth API.
type WikimediaTokens struct {
RefreshToken string `json:"refresh_token"`
@@ -139,8 +133,8 @@ func (d *DB) CreateAccount(ctx context.Context, username, plaintextPW string) (*
`INSERT INTO account (username, password, refresh_token, access_token, access_token_created)
VALUES (?, ?, ?, ?, NOW())`,
username, plaintextPW,
- sha256hex(tokens.RefreshToken),
- sha256hex(tokens.AccessToken),
+ tokens.RefreshToken,
+ tokens.AccessToken,
)
if err != nil {
if isDupKeyError(err) {
@@ -205,7 +199,7 @@ func (d *DB) RotateTokens(ctx context.Context, id int64) (*Account, error) {
}
res, err := d.conn.ExecContext(ctx,
- `UPDATE account SET refresh_token = SHA2(?, 256), access_token = SHA2(?, 256), access_token_created = NOW()
+ `UPDATE account SET refresh_token = ?, access_token = ?, access_token_created = NOW()
WHERE id = ?`, rt, at, id)
if err != nil {
return nil, fmt.Errorf("rotate tokens: %w", err)
@@ -236,7 +230,7 @@ func (d *DB) RotateTokens(ctx context.Context, id int64) (*Account, error) {
func (d *DB) RefreshByToken(ctx context.Context, refreshToken string) (*Account, error) {
var id int64
err := d.conn.QueryRowContext(ctx,
- `SELECT id FROM account WHERE refresh_token = SHA2(?, 256)`, refreshToken,
+ `SELECT id FROM account WHERE refresh_token = ?`, refreshToken,
).Scan(&id)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {