feat(daemon): add authentication for daemon API routes
Issue daemon auth tokens (mdt_) on pairing session claim, bound to workspace_id + daemon_id with 1-year expiry. Add DaemonAuth middleware that validates these tokens and falls back to JWT/PAT for backward compatibility. Apply middleware to all daemon routes except pairing endpoints.
This commit is contained in:
Jiayuan
Jiang Bohan
parent
dc3dec8ebe
commit
afdfee78b9
9 changed files with 306 additions and 16 deletions
16
server/pkg/db/queries/daemon_token.sql
Normal file
16
server/pkg/db/queries/daemon_token.sql
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
-- name: CreateDaemonToken :one
|
||||
INSERT INTO daemon_token (token_hash, workspace_id, daemon_id, expires_at)
|
||||
VALUES ($1, $2, $3, $4)
|
||||
RETURNING *;
|
||||
|
||||
-- name: GetDaemonTokenByHash :one
|
||||
SELECT * FROM daemon_token
|
||||
WHERE token_hash = $1 AND expires_at > now();
|
||||
|
||||
-- name: DeleteDaemonTokensByWorkspaceAndDaemon :exec
|
||||
DELETE FROM daemon_token
|
||||
WHERE workspace_id = $1 AND daemon_id = $2;
|
||||
|
||||
-- name: DeleteExpiredDaemonTokens :exec
|
||||
DELETE FROM daemon_token
|
||||
WHERE expires_at <= now();
|
||||
Loading…
Add table
Add a link
Reference in a new issue