diff options
| author | nsfisis <nsfisis@gmail.com> | 2026-02-15 11:12:50 +0900 |
|---|---|---|
| committer | nsfisis <nsfisis@gmail.com> | 2026-02-15 11:14:28 +0900 |
| commit | 96fad1a4e78c7209e5a0f3496e8b59d591fbe500 (patch) | |
| tree | 8e43fb3918cd7401fe68cac933fe943c794b7634 /backend/auth/session.go | |
| parent | 2f1a8a1c599300d0964d7fbbfd824e2d74f0bf4a (diff) | |
| download | phperkaigi-2026-albatross-96fad1a4e78c7209e5a0f3496e8b59d591fbe500.tar.gz phperkaigi-2026-albatross-96fad1a4e78c7209e5a0f3496e8b59d591fbe500.tar.zst phperkaigi-2026-albatross-96fad1a4e78c7209e5a0f3496e8b59d591fbe500.zip | |
refactor(auth): replace JWT authentication with server-side sessions
Migrate from stateless JWT tokens to server-side session management
backed by PostgreSQL. Sessions are hashed with SHA-256 before storage,
cleaned up periodically, and invalidated on logout. This removes the
need for JWT_SECRET/COOKIE_SECRET environment variables and the
golang-jwt dependency.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Diffstat (limited to 'backend/auth/session.go')
| -rw-r--r-- | backend/auth/session.go | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/backend/auth/session.go b/backend/auth/session.go new file mode 100644 index 0000000..a0d5aa4 --- /dev/null +++ b/backend/auth/session.go @@ -0,0 +1,21 @@ +package auth + +import ( + "crypto/rand" + "crypto/sha256" + "encoding/hex" + "fmt" +) + +func GenerateSessionID() (string, error) { + b := make([]byte, 32) + if _, err := rand.Read(b); err != nil { + return "", fmt.Errorf("generate session ID: %w", err) + } + return hex.EncodeToString(b), nil +} + +func HashSessionID(raw string) string { + h := sha256.Sum256([]byte(raw)) + return hex.EncodeToString(h[:]) +} |