From 96fad1a4e78c7209e5a0f3496e8b59d591fbe500 Mon Sep 17 00:00:00 2001
From: nsfisis <nsfisis@gmail.com>
Date: Sun, 15 Feb 2026 11:12:50 +0900
Subject: refactor(auth): replace JWT authentication with server-side sessions

Migrate from stateless JWT tokens to server-side session management
backed by PostgreSQL. Sessions are hashed with SHA-256 before storage,
cleaned up periodically, and invalidated on logout. This removes the
need for JWT_SECRET/COOKIE_SECRET environment variables and the
golang-jwt dependency.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 backend/db/models.go | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'backend/db/models.go')

diff --git a/backend/db/models.go b/backend/db/models.go
index c6ef25f..c4a713d 100644
--- a/backend/db/models.go
+++ b/backend/db/models.go
@@ -40,6 +40,13 @@ type Problem struct {
 	SampleCode  string
 }
 
+type Session struct {
+	SessionID string
+	UserID    int32
+	ExpiresAt pgtype.Timestamp
+	CreatedAt pgtype.Timestamp
+}
+
 type Submission struct {
 	SubmissionID int32
 	GameID       int32
-- 
cgit v1.3.1