fix(auth): wiring Auth/Sessions, нормализация email, GetUserByID для /me, 409 на дубль, timing-guard логина

This commit is contained in:
2026-07-03 20:29:05 +07:00
parent aa0ef1c6a9
commit 35ffe73ae3
8 changed files with 265 additions and 10 deletions
+8 -1
View File
@@ -5,10 +5,12 @@ import (
"log"
"net/http"
"strings"
"time"
"github.com/jackc/pgx/v5/pgxpool"
"github.com/vasyakrg/dns-autoresolver/internal/api"
"github.com/vasyakrg/dns-autoresolver/internal/auth"
"github.com/vasyakrg/dns-autoresolver/internal/config"
"github.com/vasyakrg/dns-autoresolver/internal/crypto"
"github.com/vasyakrg/dns-autoresolver/internal/provider/registry"
@@ -18,6 +20,10 @@ import (
"github.com/vasyakrg/dns-autoresolver/internal/web"
)
// sessionTTL is how long a login session cookie remains valid before the
// user must re-authenticate.
const sessionTTL = 720 * time.Hour
// isAPIPath reports whether path must be routed to the API router rather
// than the SPA. "/api" (no trailing slash) counts as an API path too —
// only strings.HasPrefix(path, "/api/") would otherwise miss it and fall
@@ -46,12 +52,13 @@ func main() {
log.Fatalf("cipher: %v", err)
}
st := store.New(pool)
sessions := auth.NewSessions(st, sessionTTL)
reg := registry.New()
reg.Register(selectel.New())
svc := service.New(st, st, reg, cipher)
a := &api.API{Svc: svc, Store: st, Cipher: cipher, Reg: reg}
a := &api.API{Svc: svc, Store: st, Cipher: cipher, Reg: reg, Auth: st, Sessions: sessions}
apiRouter := api.NewRouter(a)
webHandler, err := web.Handler()