From 90c6b60bcba568e237fe28314aa03884945a53d9 Mon Sep 17 00:00:00 2001
From: wikiapiserver
Date: Sat, 27 Jun 2026 04:58:51 +0200
Subject: feat: auto-refresh expired tokens before /article and /token

- EnsureValidToken checks access_token_created age before each request.
  If token is >24h old, refreshes via WikimediaTokenRefresh (or falls
  back to full re-auth via WikimediaLogin).
- Register now upserts: updates tokens for existing users instead of
  failing with 'username already exists'.
- Both /article and /token call EnsureValidToken before responding.
---
 api/handlers.go | 29 ++++++++---------------------
 1 file changed, 8 insertions(+), 21 deletions(-)

(limited to 'api/handlers.go')

diff --git a/api/handlers.go b/api/handlers.go
index 4299b74..ba32a94 100644
--- a/api/handlers.go
+++ b/api/handlers.go
@@ -2,11 +2,9 @@ package api
 
 import (
 	"context"
-	"io"
 	"bytes"
-	"database/sql"
-	"errors"
 	"encoding/json"
+	"io"
 	"log"
 	"net/http"
 	"net/url"
@@ -86,12 +84,8 @@ func (h *Handler) Register(w http.ResponseWriter, r *http.Request) {
 
 	acct, err := h.db.Register(ctx, req.Username, req.Password)
 	if err != nil {
-		if err.Error() == "username already exists" {
-			badRequest(w, "username already exists")
-			return
-		}
 		log.Printf("register error: %v", err)
-		serverError(w, "could not create account")
+		serverError(w, "could not register account")
 		return
 	}
 
@@ -190,13 +184,10 @@ func (h *Handler) GetToken(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	acct, err := h.db.GetAccount(ctx, username)
+	acct, err := h.db.EnsureValidToken(ctx, username)
 	if err != nil {
-		if errors.Is(err, sql.ErrNoRows) {
-			unauthorized(w)
-			return
-		}
-		serverError(w, "could not retrieve token")
+		log.Printf("ensure token failed for %s: %v", username, err)
+		serverError(w, "could not get valid token")
 		return
 	}
 
@@ -218,16 +209,12 @@ func (h *Handler) GetArticle(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	acct, err := h.db.GetAccount(ctx, username)
+	acct, err := h.db.EnsureValidToken(ctx, username)
 	if err != nil {
-		if errors.Is(err, sql.ErrNoRows) {
-			unauthorized(w)
-			return
-		}
-		serverError(w, "could not retrieve token")
+		log.Printf("ensure token failed for %s: %v", username, err)
+		serverError(w, "could not get valid token")
 		return
 	}
-
 	baseURL := "https://api.enterprise.wikimedia.com/v2/structured-contents/" + url.QueryEscape(article)
 
 	body, err := json.Marshal(map[string]any{
-- 
cgit v1.2.3