49 lines
1.6 KiB
Go
49 lines
1.6 KiB
Go
package tables
|
|
|
|
import (
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/maximhq/bifrost/framework/encrypt"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
// SessionsTable represents a session in the database
|
|
type SessionsTable struct {
|
|
ID int `gorm:"primaryKey;autoIncrement" json:"id"`
|
|
Token string `gorm:"type:text;not null;uniqueIndex" json:"token"`
|
|
ExpiresAt time.Time `gorm:"index;not null" json:"expires_at,omitempty"`
|
|
CreatedAt time.Time `gorm:"index;not null" json:"created_at"`
|
|
UpdatedAt time.Time `gorm:"index;not null" json:"updated_at"`
|
|
EncryptionStatus string `gorm:"type:varchar(20);default:'plain_text'" json:"-"`
|
|
TokenHash string `gorm:"type:varchar(64);index:idx_session_token_hash,unique" json:"-"`
|
|
}
|
|
|
|
// TableName sets the table name for each model
|
|
func (SessionsTable) TableName() string { return "sessions" }
|
|
|
|
// BeforeSave hook to hash and encrypt the session token
|
|
func (s *SessionsTable) BeforeSave(tx *gorm.DB) error {
|
|
// Hash must be computed before encryption (from plaintext value)
|
|
if s.Token != "" {
|
|
s.TokenHash = encrypt.HashSHA256(s.Token)
|
|
}
|
|
if encrypt.IsEnabled() && s.Token != "" {
|
|
if err := encryptString(&s.Token); err != nil {
|
|
return fmt.Errorf("failed to encrypt session token: %w", err)
|
|
}
|
|
s.EncryptionStatus = EncryptionStatusEncrypted
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// AfterFind hook to decrypt the session token
|
|
func (s *SessionsTable) AfterFind(tx *gorm.DB) error {
|
|
if s.EncryptionStatus == EncryptionStatusEncrypted {
|
|
if err := decryptString(&s.Token); err != nil {
|
|
return fmt.Errorf("failed to decrypt session token: %w", err)
|
|
}
|
|
}
|
|
return nil
|
|
}
|