pptx704
931b7d54b3
Implement OAuth 2.0 login via GitHub as an alternative to email/password. Uses a provider registry pattern (internal/auth/oauth/) so adding Google or other providers later requires only a new Provider implementation. Flow: GET /v1/auth/oauth/github redirects to GitHub, callback exchanges the code for a user profile, upserts the user + team atomically, and redirects to the frontend with a JWT token. Key changes: - Migration: make password_hash nullable, add oauth_providers table - Provider registry with GitHubProvider (profile + email fallback) - CSRF state cookie with HMAC-SHA256 validation - Race-safe registration (23505 collision retries as login) - Startup validation: CP_PUBLIC_URL required when OAuth is configured Not fully tested — needs integration tests with a real GitHub OAuth app and end-to-end testing with the frontend callback page.
8 lines
232 B
SQL
8 lines
232 B
SQL
-- name: InsertOAuthProvider :exec
|
|
INSERT INTO oauth_providers (provider, provider_id, user_id, email)
|
|
VALUES ($1, $2, $3, $4);
|
|
|
|
-- name: GetOAuthProvider :one
|
|
SELECT * FROM oauth_providers
|
|
WHERE provider = $1 AND provider_id = $2;
|