From 96fad1a4e78c7209e5a0f3496e8b59d591fbe500 Mon Sep 17 00:00:00 2001
From: nsfisis <nsfisis@gmail.com>
Date: Sun, 15 Feb 2026 11:12:50 +0900
Subject: refactor(auth): replace JWT authentication with server-side sessions

Migrate from stateless JWT tokens to server-side session management
backed by PostgreSQL. Sessions are hashed with SHA-256 before storage,
cleaned up periodically, and invalidated on logout. This removes the
need for JWT_SECRET/COOKIE_SECRET environment variables and the
golang-jwt dependency.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 backend/gen/api/handler_wrapper_gen.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'backend/gen/api/handler_wrapper_gen.go')

diff --git a/backend/gen/api/handler_wrapper_gen.go b/backend/gen/api/handler_wrapper_gen.go
index c6e3e8a..3a9d31f 100644
--- a/backend/gen/api/handler_wrapper_gen.go
+++ b/backend/gen/api/handler_wrapper_gen.go
@@ -128,7 +128,7 @@ func NewHandler(queries *db.Queries, hub GameHubInterface, conf *config.Config)
 {{ range . }}
 	func (h *HandlerWrapper) {{ .Name }}(ctx context.Context, request {{ .Name }}RequestObject) ({{ .Name }}ResponseObject, error) {
 		{{ if .RequiresLogin -}}
-			user, ok := GetJWTClaimsFromContext(ctx)
+			user, ok := GetUserFromContext(ctx)
 			if !ok {
 				return {{ .Name }}401JSONResponse{
 					Message: "Unauthorized",
-- 
cgit v1.3.1