diff options
| author | wikiapiserver | 2026-06-25 12:47:38 +0200 |
|---|---|---|
| committer | wikiapiserver | 2026-06-25 12:47:38 +0200 |
| commit | 363d4edfed8361ba3121278eb5d7f5e5779e964c (patch) | |
| tree | 8788b8f0f000737395e029c055c9fa6ec221587a /db/db.go | |
| parent | 742cd195c0018bcbc6e748d9100b643ffe1f6358 (diff) | |
| download | wikiapiserver-363d4edfed8361ba3121278eb5d7f5e5779e964c.tar.gz | |
refactor: store tokens in plaintext
Remove SHA-256 hashing of refresh_token and access_token.
Tokens are now stored and looked up as-is, matching the
Wikimedia API format.
Diffstat (limited to 'db/db.go')
| -rw-r--r-- | db/db.go | 14 |
1 files changed, 4 insertions, 10 deletions
@@ -3,7 +3,6 @@ package db import ( "context" "crypto/rand" - "crypto/sha256" "database/sql" "encoding/hex" "encoding/json" @@ -73,11 +72,6 @@ func randomHex(n int) (string, error) { return hex.EncodeToString(b), nil } -func sha256hex(s string) string { - h := sha256.Sum256([]byte(s)) - return hex.EncodeToString(h[:]) -} - // WikimediaTokens holds the tokens returned by the Wikimedia auth API. type WikimediaTokens struct { RefreshToken string `json:"refresh_token"` @@ -139,8 +133,8 @@ func (d *DB) CreateAccount(ctx context.Context, username, plaintextPW string) (* `INSERT INTO account (username, password, refresh_token, access_token, access_token_created) VALUES (?, ?, ?, ?, NOW())`, username, plaintextPW, - sha256hex(tokens.RefreshToken), - sha256hex(tokens.AccessToken), + tokens.RefreshToken, + tokens.AccessToken, ) if err != nil { if isDupKeyError(err) { @@ -205,7 +199,7 @@ func (d *DB) RotateTokens(ctx context.Context, id int64) (*Account, error) { } res, err := d.conn.ExecContext(ctx, - `UPDATE account SET refresh_token = SHA2(?, 256), access_token = SHA2(?, 256), access_token_created = NOW() + `UPDATE account SET refresh_token = ?, access_token = ?, access_token_created = NOW() WHERE id = ?`, rt, at, id) if err != nil { return nil, fmt.Errorf("rotate tokens: %w", err) @@ -236,7 +230,7 @@ func (d *DB) RotateTokens(ctx context.Context, id int64) (*Account, error) { func (d *DB) RefreshByToken(ctx context.Context, refreshToken string) (*Account, error) { var id int64 err := d.conn.QueryRowContext(ctx, - `SELECT id FROM account WHERE refresh_token = SHA2(?, 256)`, refreshToken, + `SELECT id FROM account WHERE refresh_token = ?`, refreshToken, ).Scan(&id) if err != nil { if errors.Is(err, sql.ErrNoRows) { |