| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Returns the stored access_token and the timestamp when it was
created (access_token_created). Returns 401 for unknown users.
|
|
- RefreshTokens checks token age and chooses the right path:
- refresh_token > 90 days: re-auth via WikimediaLogin (full login)
- access_token > 24 hours: refresh via WikimediaTokenRefresh
- otherwise: return current tokens
- WikimediaTokenRefresh posts to /v1/token-refresh endpoint
- Login also uses WikimediaLogin instead of local RotateTokens
- Removed dead RotateTokens, RefreshByToken, and randomHex
- DSN includes parseTime=true for timestamp columns
|
|
- WikimediaLogin is a standalone function: POSTs to auth.enterprise.wikimedia.com
and returns the tokens. Can be called from any flow.
- Register composes WikimediaLogin + CreateAccount
- CreateAccount now takes tokens as arguments (pure DB insert)
|
|
- INSERT and UPDATE now set both refresh_token_created and
access_token_created timestamps
- Register handler logs the actual error on failure
|
|
Remove SHA-256 hashing of refresh_token and access_token.
Tokens are now stored and looked up as-is, matching the
Wikimedia API format.
|
|
Register now calls POST /v1/login on the Wikimedia auth endpoint
to obtain refresh_token and access_token. Tokens are hashed (SHA-256)
before storage. If the API call fails, registration fails.
|
|
Register only saves username and plaintext password.
Token fields are left empty until set by the Wikimedia API.
|
|
Remove SHA-256 hashing for the password column.
Tokens still hashed with SHA-256 in the database.
|
|
- HTTP API with JSON over configurable port (default 8080)
- Endpoints: POST /register, POST /login, POST /refresh, GET /health
- MariaDB storage with SHA-256 hashed credentials and tokens
- Token rotation on login and refresh
- Config loaded from config.json (not tracked in git)
- Graceful shutdown on SIGINT/SIGTERM
- Connection pool (25 max open, 10 idle, 5min max lifetime)
|
