feat: Implement database session fallback for token validation in the authentication middleware.

2026-02-06 22:16:28 +08:00 · 2026-02-06 22:16:28 +08:00 · de66aec30e
commit de66aec30e
parent 51336af5b7
3 changed files with 44 additions and 3 deletions
--- a/api/api.go
+++ b/api/api.go
@ -2148,7 +2148,9 @@ func (h *handler) mfaStatus(c *gin.Context) {
 		user, err = h.findUserByIdentifier(ctx, identifier)
 		if err != nil {
 			if errors.Is(err, store.ErrUserNotFound) {
-				respondError(c, http.StatusNotFound, "user_not_found", "user not found")
+				c.JSON(http.StatusOK, gin.H{
+					"mfa_enabled": false,
+				})
 				return
 			}
 			respondError(c, http.StatusInternalServerError, "mfa_status_failed", "failed to load user for status")
@ -2709,6 +2711,10 @@ func (h *handler) isRootAccount(user *store.User) bool {
 }

 func respondError(c *gin.Context, status int, code, message string) {
+	if status >= 500 {
+		slog.Error("api_error", "status", status, "code", code, "message", message, "path", c.Request.URL.Path, "method", c.Request.Method)
+	}
+
 	c.JSON(status, gin.H{
 		"error":   code,
 		"message": message,
--- a/config/local-test.yaml
+++ b/config/local-test.yaml
@ -0,0 +1,35 @@
+mode: "server-agent"
+
+log:
+  level: debug
+
+auth:
+  enable: true
+  token:
+    publicToken: "test-public-token"
+    refreshSecret: "test-refresh-secret"
+    accessSecret: "test-access-secret"
+    accessExpiry: "1h"
+    refreshExpiry: "168h"
+
+server:
+  addr: "127.0.0.1:8080"
+  publicUrl: "http://localhost:8080"
+  allowedOrigins:
+    - "http://localhost:3000"
+    - "http://127.0.0.1:3000"
+
+store:
+  driver: "memory"
+  dsn: ""
+
+session:
+  ttl: 24h
+
+agents:
+  credentials:
+    - id: "test-agent"
+      name: "Test Agent"
+      token: "test-agent-token"
+      groups:
+        - "default"
--- a/internal/store/postgres.go
+++ b/internal/store/postgres.go
@ -190,10 +190,10 @@ func (s *postgresStore) CreateUser(ctx context.Context, user *User) error {
 		args = append(args, user.Active)
 		idx++
 	}
-	if caps.hasProxyUUID {
+	if caps.hasProxyUUID && user.ProxyUUID != "" {
 		columns = append(columns, "proxy_uuid")
 		placeholders = append(placeholders, fmt.Sprintf("$%d", idx))
-		args = append(args, nullForEmpty(user.ProxyUUID))
+		args = append(args, user.ProxyUUID)
 		idx++
 	}
 	if caps.hasProxyUUIDExpiresAt {