acces token table

2025-10-29 09:15:33 +00:00 · 2025-05-23 09:32:01 +02:00
parent b81d783e8c
commit 9e922aa49a
9 changed files with 271 additions and 30 deletions
--- a/middleware/authenticated.go
+++ b/middleware/authenticated.go
@@ -53,6 +53,8 @@ func Authenticated(app core.App) func(*core.RequestEvent) error {
 		slog.Debug("User session detected", "user", user.Id, "name", user.Name, "session", session.ID)

 		if session.IsExpired() {
+			// TODO: (Maybe) less rigid handling here: for creation or update of items forgive shortly
+			// expired tokens, if CSRF and everything else is a match.
 			slog.Warn("Session expired", "user", user.Id, "name", user.Name, "session", session.ID)
 			cache.Delete(cookie.Value)
 			go func() {
@@ -69,6 +71,29 @@ func Authenticated(app core.App) func(*core.RequestEvent) error {
 		e.Set("user", user)
 		e.Set("session", session)

+		token := e.Request.URL.Query().Get("token")
+		if token != "" {
+			record, err := app.FindFirstRecordByData(dbmodels.ACCESS_TOKENS_TABLE, dbmodels.ACCESS_TOKENS_TOKEN_FIELD, token)
+			if err != nil {
+				slog.Error("Failed to find access token", "token", token, "error", err)
+				return e.Next()
+			}
+			a := dbmodels.NewAccessToken(record)
+
+			if a.User() != "" {
+				r, err := app.FindRecordById(dbmodels.USERS_TABLE, a.User())
+				if err != nil {
+					slog.Error("Failed to find access token user", "user", a.User(), "error", err)
+					return e.Next()
+				}
+
+				u := dbmodels.NewUser(r)
+				e.Set("access_token_user", u)
+			}
+
+			e.Set("access_token", a)
+		}
+
 		return e.Next()
 	}
 }