pptx704
931b7d54b3
Implement OAuth 2.0 login via GitHub as an alternative to email/password. Uses a provider registry pattern (internal/auth/oauth/) so adding Google or other providers later requires only a new Provider implementation. Flow: GET /v1/auth/oauth/github redirects to GitHub, callback exchanges the code for a user profile, upserts the user + team atomically, and redirects to the frontend with a JWT token. Key changes: - Migration: make password_hash nullable, add oauth_providers table - Provider registry with GitHubProvider (profile + email fallback) - CSRF state cookie with HMAC-SHA256 validation - Race-safe registration (23505 collision retries as login) - Startup validation: CP_PUBLIC_URL required when OAuth is configured Not fully tested — needs integration tests with a real GitHub OAuth app and end-to-end testing with the frontend callback page.
96 lines
2.0 KiB
Go
96 lines
2.0 KiB
Go
// Code generated by sqlc. DO NOT EDIT.
|
|
// versions:
|
|
// sqlc v1.30.0
|
|
// source: users.sql
|
|
|
|
package db
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/jackc/pgx/v5/pgtype"
|
|
)
|
|
|
|
const getUserByEmail = `-- name: GetUserByEmail :one
|
|
SELECT id, email, password_hash, created_at, updated_at FROM users WHERE email = $1
|
|
`
|
|
|
|
func (q *Queries) GetUserByEmail(ctx context.Context, email string) (User, error) {
|
|
row := q.db.QueryRow(ctx, getUserByEmail, email)
|
|
var i User
|
|
err := row.Scan(
|
|
&i.ID,
|
|
&i.Email,
|
|
&i.PasswordHash,
|
|
&i.CreatedAt,
|
|
&i.UpdatedAt,
|
|
)
|
|
return i, err
|
|
}
|
|
|
|
const getUserByID = `-- name: GetUserByID :one
|
|
SELECT id, email, password_hash, created_at, updated_at FROM users WHERE id = $1
|
|
`
|
|
|
|
func (q *Queries) GetUserByID(ctx context.Context, id string) (User, error) {
|
|
row := q.db.QueryRow(ctx, getUserByID, id)
|
|
var i User
|
|
err := row.Scan(
|
|
&i.ID,
|
|
&i.Email,
|
|
&i.PasswordHash,
|
|
&i.CreatedAt,
|
|
&i.UpdatedAt,
|
|
)
|
|
return i, err
|
|
}
|
|
|
|
const insertUser = `-- name: InsertUser :one
|
|
INSERT INTO users (id, email, password_hash)
|
|
VALUES ($1, $2, $3)
|
|
RETURNING id, email, password_hash, created_at, updated_at
|
|
`
|
|
|
|
type InsertUserParams struct {
|
|
ID string `json:"id"`
|
|
Email string `json:"email"`
|
|
PasswordHash pgtype.Text `json:"password_hash"`
|
|
}
|
|
|
|
func (q *Queries) InsertUser(ctx context.Context, arg InsertUserParams) (User, error) {
|
|
row := q.db.QueryRow(ctx, insertUser, arg.ID, arg.Email, arg.PasswordHash)
|
|
var i User
|
|
err := row.Scan(
|
|
&i.ID,
|
|
&i.Email,
|
|
&i.PasswordHash,
|
|
&i.CreatedAt,
|
|
&i.UpdatedAt,
|
|
)
|
|
return i, err
|
|
}
|
|
|
|
const insertUserOAuth = `-- name: InsertUserOAuth :one
|
|
INSERT INTO users (id, email)
|
|
VALUES ($1, $2)
|
|
RETURNING id, email, password_hash, created_at, updated_at
|
|
`
|
|
|
|
type InsertUserOAuthParams struct {
|
|
ID string `json:"id"`
|
|
Email string `json:"email"`
|
|
}
|
|
|
|
func (q *Queries) InsertUserOAuth(ctx context.Context, arg InsertUserOAuthParams) (User, error) {
|
|
row := q.db.QueryRow(ctx, insertUserOAuth, arg.ID, arg.Email)
|
|
var i User
|
|
err := row.Scan(
|
|
&i.ID,
|
|
&i.Email,
|
|
&i.PasswordHash,
|
|
&i.CreatedAt,
|
|
&i.UpdatedAt,
|
|
)
|
|
return i, err
|
|
}
|