| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Returns the stored access_token and the timestamp when it was
created (access_token_created). Returns 401 for unknown users.
|
|
- RefreshTokens checks token age and chooses the right path:
- refresh_token > 90 days: re-auth via WikimediaLogin (full login)
- access_token > 24 hours: refresh via WikimediaTokenRefresh
- otherwise: return current tokens
- WikimediaTokenRefresh posts to /v1/token-refresh endpoint
- Login also uses WikimediaLogin instead of local RotateTokens
- Removed dead RotateTokens, RefreshByToken, and randomHex
- DSN includes parseTime=true for timestamp columns
|
|
- WikimediaLogin is a standalone function: POSTs to auth.enterprise.wikimedia.com
and returns the tokens. Can be called from any flow.
- Register composes WikimediaLogin + CreateAccount
- CreateAccount now takes tokens as arguments (pure DB insert)
|
|
- INSERT and UPDATE now set both refresh_token_created and
access_token_created timestamps
- Register handler logs the actual error on failure
|
|
- HTTP API with JSON over configurable port (default 8080)
- Endpoints: POST /register, POST /login, POST /refresh, GET /health
- MariaDB storage with SHA-256 hashed credentials and tokens
- Token rotation on login and refresh
- Config loaded from config.json (not tracked in git)
- Graceful shutdown on SIGINT/SIGTERM
- Connection pool (25 max open, 10 idle, 5min max lifetime)
|
