afdfee78b9
Issue daemon auth tokens (mdt_) on pairing session claim, bound to workspace_id + daemon_id with 1-year expiry. Add DaemonAuth middleware that validates these tokens and falls back to JWT/PAT for backward compatibility. Apply middleware to all daemon routes except pairing endpoints.
11 lines
464 B
SQL
11 lines
464 B
SQL
CREATE TABLE daemon_token (
|
|
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
|
token_hash TEXT NOT NULL,
|
|
workspace_id UUID NOT NULL REFERENCES workspace(id) ON DELETE CASCADE,
|
|
daemon_id TEXT NOT NULL,
|
|
expires_at TIMESTAMPTZ NOT NULL,
|
|
created_at TIMESTAMPTZ NOT NULL DEFAULT now()
|
|
);
|
|
|
|
CREATE UNIQUE INDEX idx_daemon_token_hash ON daemon_token(token_hash);
|
|
CREATE INDEX idx_daemon_token_workspace_daemon ON daemon_token(workspace_id, daemon_id);
|