Remove access tokens from entgo#1357
Merged
Merged
Conversation
jakubno
force-pushed
the
remove-access-token-from-entgo-eng-3185
branch
2 times, most recently
from
ce1250e to
267b66c
Compare
jakubno
force-pushed
the
remove-access-token-from-entgo-eng-3185
branch
from
9d75dd9 to
af512a3
Compare
djeebus
reviewed
Oct 27, 2025
| @@ -0,0 +1,6 @@ | |||
| -- name: ValidateEnvBuilds :one | |||
Contributor
There was a problem hiding this comment.
If we're not using the results, we might be able to swap this for :exec and just check for an error.
Member
Author
There was a problem hiding this comment.
It wouldn't return an error
djeebus
reviewed
Oct 27, 2025
Comment on lines
+38
to
52
| func ValidateAccessToken(ctx context.Context, db *client.Client, accessToken string) bool { | ||
| hashedToken, err := keys.VerifyKey(keys.AccessTokenPrefix, accessToken) | ||
| if err != nil { | ||
| return false | ||
| } | ||
|
|
||
| exists, err := db.AccessToken.Query().Where(accesstoken.AccessTokenHash(hashedToken)).Exist(ctx) | ||
| _, err = db.GetUserIDFromAccessToken(ctx, hashedToken) | ||
| if err != nil { | ||
| log.Printf("Error while checking access token: %s\n", err.Error()) | ||
|
|
||
| return false | ||
| } | ||
|
|
||
| return exists | ||
| return true | ||
| } |
Contributor
There was a problem hiding this comment.
It'd be easy to get some tests around this, via testcontainers
djeebus
approved these changes
Oct 27, 2025
dobrac
reviewed
Oct 27, 2025
dobrac
approved these changes
Oct 29, 2025
ValentaTomas
pushed a commit
that referenced
this pull request
May 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note
Replaces ent-based AccessToken with sqlc-backed queries and clients, updates reverse proxy and seeding to use them, adds DB-backed validation and tests.
queries/builds/validate_build.sqland generatedExistsWaitingTemplateBuildfor access validation viaaccess_tokens.client.TestsRawSQL,testutilswith Testcontainers + migrations.sqlc.yaml(glob queries, type overrides).packages/db/client(sqlc) for access token validation and template access checks.Validatepath usesExistsWaitingTemplateBuild;ValidateAccessTokenusesGetUserIDFromAccessToken.handlers.NewStorenow acceptscontext.Contextand builds sqlc client; wiring updated.Validatecovering token/env/status cases.Userschema and generated code accordingly.Written by Cursor Bugbot for commit bd3bf35. This will update automatically on new commits. Configure here.