refactor: use gorm generics api for database actions

feat: add routine to cleanup expired sessions
refactor: generate a verifier on every oauth auth session
2025-10-30 21:55:43 +00:00 · 2025-10-19 19:16:53 +03:00 · 2025-10-19 19:10:24 +03:00 · 2025-10-19 19:03:38 +03:00
7 changed files with 53 additions and 18 deletions
--- a/internal/bootstrap/app_bootstrap.go
+++ b/internal/bootstrap/app_bootstrap.go
@@ -2,6 +2,7 @@ package bootstrap

 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -13,11 +14,13 @@ import (
 	"tinyauth/internal/config"
 	"tinyauth/internal/controller"
 	"tinyauth/internal/middleware"
+	"tinyauth/internal/model"
 	"tinyauth/internal/service"
 	"tinyauth/internal/utils"

 	"github.com/gin-gonic/gin"
 	"github.com/rs/zerolog/log"
+	"gorm.io/gorm"
 )

 type Controller interface {
@@ -277,6 +280,10 @@ func (app *BootstrapApp) Setup() error {
 		go app.heartbeat()
 	}

+	// Start DB cleanup routine
+	log.Debug().Msg("Starting database cleanup routine")
+	go app.dbCleanup(database)
+
 	// Start server
 	address := fmt.Sprintf("%s:%d", app.config.Address, app.config.Port)
 	log.Info().Msgf("Starting server on %s", address)
@@ -338,3 +345,17 @@ func (app *BootstrapApp) heartbeat() {
 		}
 	}
 }
+
+func (app *BootstrapApp) dbCleanup(db *gorm.DB) {
+	ticker := time.NewTicker(time.Duration(30) * time.Minute)
+	defer ticker.Stop()
+	ctx := context.Background()
+
+	for ; true; <-ticker.C {
+		log.Debug().Msg("Cleaning up old database sessions")
+		_, err := gorm.G[model.Session](db).Where("expiry < ?", time.Now().UnixMilli()).Delete(ctx)
+		if err != nil {
+			log.Error().Err(err).Msg("Failed to cleanup old sessions")
+		}
+	}
+}
--- a/internal/controller/oauth_controller.go
+++ b/internal/controller/oauth_controller.go
@@ -72,6 +72,7 @@ func (controller *OAuthController) oauthURLHandler(c *gin.Context) {
 		return
 	}

+	service.GenerateVerifier()
 	state := service.GenerateState()
 	authURL := service.GetAuthURL(state)
 	c.SetCookie(controller.config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
--- a/internal/service/auth_service.go
+++ b/internal/service/auth_service.go
@@ -1,6 +1,8 @@
 package service

 import (
+	"context"
+	"errors"
 	"fmt"
 	"regexp"
 	"strings"
@@ -41,6 +43,7 @@ type AuthService struct {
 	loginMutex    sync.RWMutex
 	ldap          *LdapService
 	database      *gorm.DB
+	ctx           context.Context
 }

 func NewAuthService(config AuthServiceConfig, docker *DockerService, ldap *LdapService, database *gorm.DB) *AuthService {
@@ -54,6 +57,7 @@ func NewAuthService(config AuthServiceConfig, docker *DockerService, ldap *LdapS
 }

 func (auth *AuthService) Init() error {
+	auth.ctx = context.Background()
 	return nil
 }

@@ -213,7 +217,7 @@ func (auth *AuthService) CreateSessionCookie(c *gin.Context, data *config.Sessio
 		OAuthName:   data.OAuthName,
 	}

-	err = auth.database.Create(&session).Error
+	err = gorm.G[model.Session](auth.database).Create(auth.ctx, &session)

 	if err != nil {
 		return err
@@ -231,10 +235,10 @@ func (auth *AuthService) DeleteSessionCookie(c *gin.Context) error {
 		return err
 	}

-	res := auth.database.Unscoped().Where("uuid = ?", cookie).Delete(&model.Session{})
+	_, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Delete(auth.ctx)

-	if res.Error != nil {
-		return res.Error
+	if err != nil {
+		return err
 	}

 	c.SetCookie(auth.config.SessionCookieName, "", -1, "/", fmt.Sprintf(".%s", auth.config.CookieDomain), auth.config.SecureCookie, true)
@@ -249,15 +253,13 @@ func (auth *AuthService) GetSessionCookie(c *gin.Context) (config.SessionCookie,
 		return config.SessionCookie{}, err
 	}

-	var session model.Session
+	session, err := gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).First(auth.ctx)

-	res := auth.database.Unscoped().Where("uuid = ?", cookie).First(&session)
-
-	if res.Error != nil {
-		return config.SessionCookie{}, res.Error
+	if err != nil {
+		return config.SessionCookie{}, err
 	}

-	if res.RowsAffected == 0 {
+	if errors.Is(err, gorm.ErrRecordNotFound) {
 		return config.SessionCookie{}, fmt.Errorf("session not found")
 	}

--- a/internal/service/generic_oauth_service.go
+++ b/internal/service/generic_oauth_service.go
@@ -59,10 +59,8 @@ func (generic *GenericOAuthService) Init() error {
 	ctx := context.Background()

 	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
-	verifier := oauth2.GenerateVerifier()

 	generic.context = ctx
-	generic.verifier = verifier
 	return nil
 }

@@ -76,6 +74,12 @@ func (generic *GenericOAuthService) GenerateState() string {
 	return state
 }

+func (generic *GenericOAuthService) GenerateVerifier() string {
+	verifier := oauth2.GenerateVerifier()
+	generic.verifier = verifier
+	return verifier
+}
+
 func (generic *GenericOAuthService) GetAuthURL(state string) string {
 	return generic.config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(generic.verifier))
 }
--- a/internal/service/github_oauth_service.go
+++ b/internal/service/github_oauth_service.go
@@ -53,10 +53,7 @@ func (github *GithubOAuthService) Init() error {
 	httpClient := &http.Client{}
 	ctx := context.Background()
 	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
-	verifier := oauth2.GenerateVerifier()
-
 	github.context = ctx
-	github.verifier = verifier
 	return nil
 }

@@ -70,6 +67,12 @@ func (github *GithubOAuthService) GenerateState() string {
 	return state
 }

+func (github *GithubOAuthService) GenerateVerifier() string {
+	verifier := oauth2.GenerateVerifier()
+	github.verifier = verifier
+	return verifier
+}
+
 func (github *GithubOAuthService) GetAuthURL(state string) string {
 	return github.config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(github.verifier))
 }
--- a/internal/service/google_oauth_service.go
+++ b/internal/service/google_oauth_service.go
@@ -48,10 +48,7 @@ func (google *GoogleOAuthService) Init() error {
 	httpClient := &http.Client{}
 	ctx := context.Background()
 	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
-	verifier := oauth2.GenerateVerifier()
-
 	google.context = ctx
-	google.verifier = verifier
 	return nil
 }

@@ -65,6 +62,12 @@ func (oauth *GoogleOAuthService) GenerateState() string {
 	return state
 }

+func (google *GoogleOAuthService) GenerateVerifier() string {
+	verifier := oauth2.GenerateVerifier()
+	google.verifier = verifier
+	return verifier
+}
+
 func (google *GoogleOAuthService) GetAuthURL(state string) string {
 	return google.config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(google.verifier))
 }
--- a/internal/service/oauth_broker_service.go
+++ b/internal/service/oauth_broker_service.go
@@ -11,6 +11,7 @@ import (
 type OAuthService interface {
 	Init() error
 	GenerateState() string
+	GenerateVerifier() string
 	GetAuthURL(state string) string
 	VerifyCode(code string) error
 	Userinfo() (config.Claims, error)
Author	SHA1	Message	Date
Stavros	6647c6cd78	refactor: use gorm generics api for database actions	2025-10-19 19:16:53 +03:00
Stavros	7231efcbc3	feat: add routine to cleanup expired sessions	2025-10-19 19:10:24 +03:00
Stavros	5482430907	refactor: generate a verifier on every oauth auth session	2025-10-19 19:03:38 +03:00