afdfee78b9
Issue daemon auth tokens (mdt_) on pairing session claim, bound to workspace_id + daemon_id with 1-year expiry. Add DaemonAuth middleware that validates these tokens and falls back to JWT/PAT for backward compatibility. Apply middleware to all daemon routes except pairing endpoints.
16 lines
471 B
SQL
16 lines
471 B
SQL
-- name: CreateDaemonToken :one
|
|
INSERT INTO daemon_token (token_hash, workspace_id, daemon_id, expires_at)
|
|
VALUES ($1, $2, $3, $4)
|
|
RETURNING *;
|
|
|
|
-- name: GetDaemonTokenByHash :one
|
|
SELECT * FROM daemon_token
|
|
WHERE token_hash = $1 AND expires_at > now();
|
|
|
|
-- name: DeleteDaemonTokensByWorkspaceAndDaemon :exec
|
|
DELETE FROM daemon_token
|
|
WHERE workspace_id = $1 AND daemon_id = $2;
|
|
|
|
-- name: DeleteExpiredDaemonTokens :exec
|
|
DELETE FROM daemon_token
|
|
WHERE expires_at <= now();
|