refactor: replace refresh & access token with auth token only

changes authentication to no longer use a refresh token & access token for accessing protected endpoints. Instead only an auth token is used. Before the login flow was: Login -> get refresh (stored as HttpOnly cookie) + access token (stored in memory) -> protected endpoint request (attach access token as Authorization header) -> access token expires in 15 minutes, so use refresh token to obtain new one when that happens now it looks like this: Login -> get auth token (stored as HttpOnly cookie) -> make protected endpont request (token sent) the reasoning for using the refresh + access token was to reduce DB calls, but in the end I don't think its worth the hassle.
2021-04-28 21:32:19 -05:00
parent 3392b3345d
commit 229a53fa0a
47 changed files with 3989 additions and 3717 deletions
--- a/internal/db/query/token.sql
+++ b/internal/db/query/token.sql
@ -1,14 +1,14 @@
-- name: GetRefreshTokenByID :one
-SELECT * FROM refresh_token WHERE token_id = $1;
+-- name: GetAuthTokenByID :one
+SELECT * FROM auth_token WHERE token_id = $1;

-- name: CreateRefreshToken :one
-INSERT INTO refresh_token (user_id, created_at, expires_at) VALUES ($1, $2, $3) RETURNING *;
+-- name: CreateAuthToken :one
+INSERT INTO auth_token (user_id, created_at, expires_at) VALUES ($1, $2, $3) RETURNING *;

-- name: DeleteRefreshTokenByID :exec
-DELETE FROM refresh_token WHERE token_id = $1;
+-- name: DeleteAuthTokenByID :exec
+DELETE FROM auth_token WHERE token_id = $1;

-- name: DeleteRefreshTokenByUserID :exec
-DELETE FROM refresh_token WHERE user_id = $1;
+-- name: DeleteAuthTokenByUserID :exec
+DELETE FROM auth_token WHERE user_id = $1;

 -- name: DeleteExpiredTokens :exec
-DELETE FROM refresh_token WHERE expires_at <= NOW();
+DELETE FROM auth_token WHERE expires_at <= NOW();