Skip to content

Remove access tokens from entgo #1357

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Oct 29, 2025
Merged

Remove access tokens from entgo #1357

merged 12 commits into from
Oct 29, 2025

Conversation

@jakubno
Copy link
Member

@jakubno jakubno commented Oct 15, 2025
edited by cursor bot
Loading

Note

Replaces ent-based AccessToken with sqlc-backed queries and clients, updates reverse proxy and seeding to use them, adds DB-backed validation and tests.

  • DB (sqlc):
    • Add queries/builds/validate_build.sql and generated ExistsWaitingTemplateBuild for access validation via access_tokens.
    • Introduce test helpers: client.TestsRawSQL, testutils with Testcontainers + migrations.
    • Expand sqlc.yaml (glob queries, type overrides).
  • Reverse Proxy (auth):
    • Replace ent usage with packages/db/client (sqlc) for access token validation and template access checks.
    • New Validate path uses ExistsWaitingTemplateBuild; ValidateAccessToken uses GetUserIDFromAccessToken.
    • handlers.NewStore now accepts context.Context and builds sqlc client; wiring updated.
    • Add tests for Validate covering token/env/status cases.
  • Shared Models (ent):
    • Remove AccessToken model and all related code/edges; update User schema and generated code accordingly.
  • Seeding/Local Dev/Tests:
    • Migrate seed scripts and local-dev seeding to create/delete tokens/API keys via sqlc client (raw SQL cleanup where needed).
    • Update integration seed to use sqlc for token/API key creation.
  • Dependencies:
    • Update go.mod files to include sqlc/testing deps and local replaces.

Written by Cursor Bugbot for commit bd3bf35. This will update automatically on new commits. Configure here.

@jakubno jakubno added the improvement Improvement for current functionality label Oct 15, 2025
@linear
Copy link

linear bot commented Oct 15, 2025

ENG-3185 Remove access token from entgo

@jakubno jakubno force-pushed the remove-access-token-from-entgo-eng-3185 branch 2 times, most recently from ce1250e to 267b66c Compare October 15, 2025 11:58
@jakubno jakubno force-pushed the remove-access-token-from-entgo-eng-3185 branch from 9d75dd9 to af512a3 Compare October 27, 2025 10:28
@jakubno jakubno marked this pull request as ready for review October 27, 2025 21:19
djeebus
djeebus reviewed Oct 27, 2025
View reviewed changes
packages/db/queries/builds/validate_build.sql Outdated
@@ -0,0 +1,6 @@
-- name: ValidateEnvBuilds :one
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we're not using the results, we might be able to swap this for :exec and just check for an error.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It wouldn't return an error

djeebus
djeebus reviewed Oct 27, 2025
View reviewed changes
packages/docker-reverse-proxy/internal/auth/validate.go
Comment on lines +38 to 52
func ValidateAccessToken(ctx context.Context, db *client.Client, accessToken string) bool {
hashedToken, err := keys.VerifyKey(keys.AccessTokenPrefix, accessToken)
if err != nil {
return false
}

exists, err := db.AccessToken.Query().Where(accesstoken.AccessTokenHash(hashedToken)).Exist(ctx)
_, err = db.GetUserIDFromAccessToken(ctx, hashedToken)
if err != nil {
log.Printf("Error while checking access token: %s\n", err.Error())

return false
}

return exists
return true
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd be easy to get some tests around this, via testcontainers

dobrac
dobrac reviewed Oct 27, 2025
View reviewed changes
@sitole sitole assigned djeebus and dobrac and unassigned sitole Oct 29, 2025
dobrac
dobrac approved these changes Oct 29, 2025
View reviewed changes
@jakubno jakubno enabled auto-merge (squash) October 29, 2025 13:42
@jakubno jakubno merged commit 91d753e into main Oct 29, 2025
26 checks passed
@jakubno jakubno deleted the remove-access-token-from-entgo-eng-3185 branch October 29, 2025 14:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@djeebus djeebus djeebus approved these changes

@dobrac dobrac dobrac approved these changes

@ValentaTomas ValentaTomas Awaiting requested review from ValentaTomas ValentaTomas is a code owner

Assignees

@djeebus djeebus

@dobrac dobrac

Labels

improvement Improvement for current functionality

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jakubno @djeebus @dobrac @sitole