[server][auth] Rename accessToken => apiKey

2026-01-06 03:31:02 -06:00 · 2025-06-29 12:30:44 +05:30
parent dce623b2a6
commit b386053a60
10 changed files with 36 additions and 36 deletions
--- a/server/internal/api/authenticator/authenticator.go
+++ b/server/internal/api/authenticator/authenticator.go
@@ -39,9 +39,9 @@ func Require(c *gin.Context) {
 func extractUserDetails(c *gin.Context) (core.User, error) {
 	db := db.Get(c.Request.Context())
 	if header := c.Request.Header.Get("Authorization"); header == "" {
-		if cookie, err := c.Request.Cookie("auth_token"); err == nil {
-			token := cookie.Value
-			if u, err := auth.VerifyAccessToken(db, token); err == nil {
+		if cookie, err := c.Request.Cookie("api_key"); err == nil {
+			apiKey := cookie.Value
+			if u, err := auth.VerifyAPIKey(db, apiKey); err == nil {
 				return u, nil
 			} else {
 				return core.User{}, err
@@ -58,8 +58,8 @@ func extractUserDetails(c *gin.Context) (core.User, error) {
 				return core.User{}, err
 			}
 		}
-	} else if token, ok := checkAuthHeader(header, "bearer"); ok {
-		if u, err := auth.VerifyAccessToken(db, token); err == nil {
+	} else if apiKey, ok := checkAuthHeader(header, "api-key"); ok {
+		if u, err := auth.VerifyAPIKey(db, apiKey); err == nil {
 			return u, nil
 		} else {
 			return core.User{}, err
--- a/server/internal/api/authenticator/token.go
+++ b/server/internal/api/authenticator/token.go
@@ -4,22 +4,22 @@ import (
 	"github.com/gin-gonic/gin"
 )

-const keyToken = "token"
+const keyAPIKey = "api_key"

-func GetToken(c *gin.Context) string {
-	val, ok := c.Get(keyToken)
+func GetAPIKey(c *gin.Context) string {
+	val, ok := c.Get(keyAPIKey)
 	if !ok {
 		return ""
 	}
 	return val.(string)
 }

-func RequireToken(c *gin.Context) {
+func RequireAPIKey(c *gin.Context) {
 	if header := c.Request.Header.Get("Authorization"); header == "" {
 		panic(errAuthRequired)
-	} else if token, ok := checkAuthHeader(header, "bearer"); !ok {
+	} else if apiKey, ok := checkAuthHeader(header, "api-key"); !ok {
 		panic(errAuthRequired)
 	} else {
-		c.Set(keyToken, token)
+		c.Set(keyAPIKey, apiKey)
 	}
 }
--- a/server/internal/api/v1/auth/routes.go
+++ b/server/internal/api/v1/auth/routes.go
@@ -46,7 +46,7 @@ func SetupRoutes(r *gin.RouterGroup) {
 	group.GET("/oauth/start", handleOAuthStart)
 	group.GET("/oauth/redirect", handleOAuthRedirect)
 	group.POST("/token/login", handleTokenLogin)
-	group.POST("/set-cookie", authenticator.RequireToken, handleSetCookie)
+	group.POST("/set-cookie", authenticator.RequireAPIKey, handleSetCookie)
 }

 func handleConfig(c *gin.Context) {
@@ -133,8 +133,8 @@ func handleTokenLogin(c *gin.Context) {
 		panic(err)
 	} else {
 		c.JSON(200, responses.Login{
-			AccessToken: apiKey,
-			Bootstrap:   response,
+			APIKey:    apiKey,
+			Bootstrap: response,
 		})
 	}
 }
@@ -162,8 +162,8 @@ func handlePasswordAuth(c *gin.Context) {
 		panic(err)
 	} else {
 		c.JSON(200, responses.Login{
-			AccessToken: token,
-			Bootstrap:   response,
+			APIKey:    token,
+			Bootstrap: response,
 		})
 	}
 }
@@ -218,19 +218,19 @@ func handleResetPassword(c *gin.Context) {
 		panic(err)
 	} else {
 		c.JSON(200, responses.Login{
-			AccessToken: token,
-			Bootstrap:   response,
+			APIKey:    token,
+			Bootstrap: response,
 		})

 	}
 }

 func handleSetCookie(c *gin.Context) {
-	token := authenticator.GetToken(c)
+	token := authenticator.GetAPIKey(c)
 	if token == "" {
-		panic(core.NewError(http.StatusBadRequest, "missing_token", "Auth Token Not Specified"))
+		panic(core.NewError(http.StatusBadRequest, "missing_token", "API Key Not Specified"))
 	}
-	secure := c.Request.URL.Scheme == "https"
+	secure := c.Request.URL.Scheme == "https" || c.Request.TLS != nil
 	c.SetSameSite(http.SameSiteStrictMode)
-	c.SetCookie("auth_token", token, 3600, "", c.Request.URL.Hostname(), secure, true)
+	c.SetCookie("api_key", token, 3600, "", c.Request.URL.Hostname(), secure, true)
 }
--- a/server/internal/api/v1/responses/responses.go
+++ b/server/internal/api/v1/responses/responses.go
@@ -58,7 +58,7 @@ type Publink struct {
 }

 type Login struct {
-	AccessToken string `json:"access_token"`
+	APIKey string `json:"api_key"`
 	Bootstrap
 }

--- a/server/internal/auth/api_key.go
+++ b/server/internal/auth/api_key.go
@@ -10,8 +10,8 @@ import (
 	"github.com/jackc/pgx/v5/pgtype"
 )

-func VerifyAccessToken(db db.Handler, accessToken string) (user core.User, err error) {
-	const q = `SELECT t.expires, u.id, u.email, u.name, u.permissions, u.home FROM access_tokens t JOIN users u ON t.user_id = u.id WHERE t.id = $1; `
+func VerifyAPIKey(db db.Handler, accessToken string) (user core.User, err error) {
+	const q = `SELECT t.expires, u.id, u.email, u.name, u.permissions, u.home FROM api_keys k JOIN users u ON k.user_id = u.id WHERE k.id = $1; `
 	row := db.QueryRow(q, accessToken)

 	var expires pgtype.Timestamp
@@ -26,11 +26,11 @@ func VerifyAccessToken(db db.Handler, accessToken string) (user core.User, err e
 	return
 }

-func insertAccessToken(db db.TxHandler, userID int32) (string, error) {
-	const q = `INSERT INTO access_tokens(id, expires, user_id) VALUES ($1::TEXT, NOW() + $2::INTERVAL, $3::INT)`
+func insertAPIKey(db db.TxHandler, userID int32) (string, error) {
+	const q = `INSERT INTO api_keys(id, expires, user_id) VALUES ($1::TEXT, NOW() + $2::INTERVAL, $3::INT)`

-	token := generateRandomString(apiTokenLength)
-	if _, err := db.Exec(q, token, accessTokenValidity, userID); err != nil {
+	token := generateRandomString(apiKeyLength)
+	if _, err := db.Exec(q, token, apiKeyValidity, userID); err != nil {
 		return "", err
 	} else {
 		return token, nil
--- a/server/internal/auth/auth.go
+++ b/server/internal/auth/auth.go
@@ -19,11 +19,11 @@ var autoCreateDomains []string
 var passwordConfig PasswordConfig
 var passwordBackend PasswordBackend

-const apiTokenLength = 32
+const apiKeyLength = 32
 const resetTokenLength = 24
 const resetTokenDuration = 10 * time.Minute

-var accessTokenValidity = pgtype.Interval{
+var apiKeyValidity = pgtype.Interval{
 	Days:  30,
 	Valid: true,
 }
--- a/server/internal/auth/password.go
+++ b/server/internal/auth/password.go
@@ -37,7 +37,7 @@ func VerifyUserPassword(d db.Handler, email, password string) (core.User, error)
 func PerformPasswordLogin(db db.TxHandler, email, password string) (core.User, string, error) {
 	if user, err := VerifyUserPassword(db, email, password); err != nil {
 		return core.User{}, "", err
-	} else if token, err := insertAccessToken(db, user.ID); err != nil {
+	} else if token, err := insertAPIKey(db, user.ID); err != nil {
 		return core.User{}, "", err
 	} else {
 		return user, token, nil
--- a/server/internal/auth/password_reset.go
+++ b/server/internal/auth/password_reset.go
@@ -62,7 +62,7 @@ func ResetUserPassword(db db.TxHandler, email, resetToken, password string) (cor
 		return core.User{}, "", ErrCredentialsInvalid
 	}

-	apiToken, err := insertAccessToken(db, user.ID)
+	apiToken, err := insertAPIKey(db, user.ID)
 	if err != nil {
 		return core.User{}, "", err
 	}
--- a/server/internal/auth/token.go
+++ b/server/internal/auth/token.go
@@ -18,7 +18,7 @@ func PerformTokenLogin(db db.TxHandler, token string) (core.User, string, error)
 		return core.User{}, "", err
 	} else if user, err := core.UserByID(db, userID); err != nil {
 		return core.User{}, "", err
-	} else if token, err := insertAccessToken(db, userID); err != nil {
+	} else if token, err := insertAPIKey(db, userID); err != nil {
 		return core.User{}, "", err
 	} else {
 		return user, token, err
--- a/server/internal/db/migrations/data/004_access_tokens.sql
+++ b/server/internal/db/migrations/data/004_access_tokens.sql
@@ -1,4 +1,4 @@
-CREATE TABLE access_tokens(
+CREATE TABLE api_keys(
    id          TEXT NOT NULL PRIMARY KEY,
    created     TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
    expires     TIMESTAMP NOT NULL,
@@ -7,4 +7,4 @@ CREATE TABLE access_tokens(

 ---- create above / drop below ----

-DROP TABLE access_tokens;
+DROP TABLE api_keys;