diff options
| author | nsfisis <nsfisis@gmail.com> | 2026-02-15 11:12:50 +0900 |
|---|---|---|
| committer | nsfisis <nsfisis@gmail.com> | 2026-02-15 11:14:28 +0900 |
| commit | 96fad1a4e78c7209e5a0f3496e8b59d591fbe500 (patch) | |
| tree | 8e43fb3918cd7401fe68cac933fe943c794b7634 /backend/api/handler_wrapper.go | |
| parent | 2f1a8a1c599300d0964d7fbbfd824e2d74f0bf4a (diff) | |
| download | phperkaigi-2026-albatross-96fad1a4e78c7209e5a0f3496e8b59d591fbe500.tar.gz phperkaigi-2026-albatross-96fad1a4e78c7209e5a0f3496e8b59d591fbe500.tar.zst phperkaigi-2026-albatross-96fad1a4e78c7209e5a0f3496e8b59d591fbe500.zip | |
refactor(auth): replace JWT authentication with server-side sessions
Migrate from stateless JWT tokens to server-side session management
backed by PostgreSQL. Sessions are hashed with SHA-256 before storage,
cleaned up periodically, and invalidated on logout. This removes the
need for JWT_SECRET/COOKIE_SECRET environment variables and the
golang-jwt dependency.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Diffstat (limited to 'backend/api/handler_wrapper.go')
| -rw-r--r-- | backend/api/handler_wrapper.go | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/backend/api/handler_wrapper.go b/backend/api/handler_wrapper.go index 5feaac7..8e3e8cd 100644 --- a/backend/api/handler_wrapper.go +++ b/backend/api/handler_wrapper.go @@ -26,7 +26,7 @@ func NewHandler(queries *db.Queries, hub GameHubInterface, conf *config.Config) } func (h *HandlerWrapper) GetGame(ctx context.Context, request GetGameRequestObject) (GetGameResponseObject, error) { - user, ok := GetJWTClaimsFromContext(ctx) + user, ok := GetUserFromContext(ctx) if !ok { return GetGame401JSONResponse{ Message: "Unauthorized", @@ -36,7 +36,7 @@ func (h *HandlerWrapper) GetGame(ctx context.Context, request GetGameRequestObje } func (h *HandlerWrapper) GetGamePlayLatestState(ctx context.Context, request GetGamePlayLatestStateRequestObject) (GetGamePlayLatestStateResponseObject, error) { - user, ok := GetJWTClaimsFromContext(ctx) + user, ok := GetUserFromContext(ctx) if !ok { return GetGamePlayLatestState401JSONResponse{ Message: "Unauthorized", @@ -46,7 +46,7 @@ func (h *HandlerWrapper) GetGamePlayLatestState(ctx context.Context, request Get } func (h *HandlerWrapper) GetGameWatchLatestStates(ctx context.Context, request GetGameWatchLatestStatesRequestObject) (GetGameWatchLatestStatesResponseObject, error) { - user, ok := GetJWTClaimsFromContext(ctx) + user, ok := GetUserFromContext(ctx) if !ok { return GetGameWatchLatestStates401JSONResponse{ Message: "Unauthorized", @@ -56,7 +56,7 @@ func (h *HandlerWrapper) GetGameWatchLatestStates(ctx context.Context, request G } func (h *HandlerWrapper) GetGameWatchRanking(ctx context.Context, request GetGameWatchRankingRequestObject) (GetGameWatchRankingResponseObject, error) { - user, ok := GetJWTClaimsFromContext(ctx) + user, ok := GetUserFromContext(ctx) if !ok { return GetGameWatchRanking401JSONResponse{ Message: "Unauthorized", @@ -66,7 +66,7 @@ func (h *HandlerWrapper) GetGameWatchRanking(ctx context.Context, request GetGam } func (h *HandlerWrapper) GetGames(ctx context.Context, request GetGamesRequestObject) (GetGamesResponseObject, error) { - user, ok := GetJWTClaimsFromContext(ctx) + user, ok := GetUserFromContext(ctx) if !ok { return GetGames401JSONResponse{ Message: "Unauthorized", @@ -76,7 +76,7 @@ func (h *HandlerWrapper) GetGames(ctx context.Context, request GetGamesRequestOb } func (h *HandlerWrapper) GetMe(ctx context.Context, request GetMeRequestObject) (GetMeResponseObject, error) { - user, ok := GetJWTClaimsFromContext(ctx) + user, ok := GetUserFromContext(ctx) if !ok { return GetMe401JSONResponse{ Message: "Unauthorized", @@ -86,7 +86,7 @@ func (h *HandlerWrapper) GetMe(ctx context.Context, request GetMeRequestObject) } func (h *HandlerWrapper) GetTournament(ctx context.Context, request GetTournamentRequestObject) (GetTournamentResponseObject, error) { - user, ok := GetJWTClaimsFromContext(ctx) + user, ok := GetUserFromContext(ctx) if !ok { return GetTournament401JSONResponse{ Message: "Unauthorized", @@ -96,7 +96,7 @@ func (h *HandlerWrapper) GetTournament(ctx context.Context, request GetTournamen } func (h *HandlerWrapper) PostGamePlayCode(ctx context.Context, request PostGamePlayCodeRequestObject) (PostGamePlayCodeResponseObject, error) { - user, ok := GetJWTClaimsFromContext(ctx) + user, ok := GetUserFromContext(ctx) if !ok { return PostGamePlayCode401JSONResponse{ Message: "Unauthorized", @@ -106,7 +106,7 @@ func (h *HandlerWrapper) PostGamePlayCode(ctx context.Context, request PostGameP } func (h *HandlerWrapper) PostGamePlaySubmit(ctx context.Context, request PostGamePlaySubmitRequestObject) (PostGamePlaySubmitResponseObject, error) { - user, ok := GetJWTClaimsFromContext(ctx) + user, ok := GetUserFromContext(ctx) if !ok { return PostGamePlaySubmit401JSONResponse{ Message: "Unauthorized", @@ -120,7 +120,7 @@ func (h *HandlerWrapper) PostLogin(ctx context.Context, request PostLoginRequest } func (h *HandlerWrapper) PostLogout(ctx context.Context, request PostLogoutRequestObject) (PostLogoutResponseObject, error) { - user, ok := GetJWTClaimsFromContext(ctx) + user, ok := GetUserFromContext(ctx) if !ok { return PostLogout401JSONResponse{ Message: "Unauthorized", |