From de66aec30e1cb4e2cb2994df3e93e1afd689ce7b Mon Sep 17 00:00:00 2001
From: Haitao Pan <manbuzhe2009@qq.com>
Date: Fri, 6 Feb 2026 22:16:28 +0800
Subject: [PATCH] feat: Implement database session fallback for token
 validation in the authentication middleware.

---
 api/api.go                 |  8 +++++++-
 config/local-test.yaml     | 35 +++++++++++++++++++++++++++++++++++
 internal/store/postgres.go |  4 ++--
 3 files changed, 44 insertions(+), 3 deletions(-)
 create mode 100644 config/local-test.yaml

diff --git a/api/api.go b/api/api.go
index f7edc50..1bfd21f 100644
--- a/api/api.go
+++ b/api/api.go
@@ -2148,7 +2148,9 @@ func (h *handler) mfaStatus(c *gin.Context) {
 		user, err = h.findUserByIdentifier(ctx, identifier)
 		if err != nil {
 			if errors.Is(err, store.ErrUserNotFound) {
-				respondError(c, http.StatusNotFound, "user_not_found", "user not found")
+				c.JSON(http.StatusOK, gin.H{
+					"mfa_enabled": false,
+				})
 				return
 			}
 			respondError(c, http.StatusInternalServerError, "mfa_status_failed", "failed to load user for status")
@@ -2709,6 +2711,10 @@ func (h *handler) isRootAccount(user *store.User) bool {
 }
 
 func respondError(c *gin.Context, status int, code, message string) {
+	if status >= 500 {
+		slog.Error("api_error", "status", status, "code", code, "message", message, "path", c.Request.URL.Path, "method", c.Request.Method)
+	}
+
 	c.JSON(status, gin.H{
 		"error":   code,
 		"message": message,
diff --git a/config/local-test.yaml b/config/local-test.yaml
new file mode 100644
index 0000000..033f8e6
--- /dev/null
+++ b/config/local-test.yaml
@@ -0,0 +1,35 @@
+mode: "server-agent"
+
+log:
+  level: debug
+
+auth:
+  enable: true
+  token:
+    publicToken: "test-public-token"
+    refreshSecret: "test-refresh-secret"
+    accessSecret: "test-access-secret"
+    accessExpiry: "1h"
+    refreshExpiry: "168h"
+
+server:
+  addr: "127.0.0.1:8080"
+  publicUrl: "http://localhost:8080"
+  allowedOrigins:
+    - "http://localhost:3000"
+    - "http://127.0.0.1:3000"
+
+store:
+  driver: "memory"
+  dsn: ""
+
+session:
+  ttl: 24h
+
+agents:
+  credentials:
+    - id: "test-agent"
+      name: "Test Agent"
+      token: "test-agent-token"
+      groups:
+        - "default"
diff --git a/internal/store/postgres.go b/internal/store/postgres.go
index 197e3fc..d4dcbfb 100644
--- a/internal/store/postgres.go
+++ b/internal/store/postgres.go
@@ -190,10 +190,10 @@ func (s *postgresStore) CreateUser(ctx context.Context, user *User) error {
 		args = append(args, user.Active)
 		idx++
 	}
-	if caps.hasProxyUUID {
+	if caps.hasProxyUUID && user.ProxyUUID != "" {
 		columns = append(columns, "proxy_uuid")
 		placeholders = append(placeholders, fmt.Sprintf("$%d", idx))
-		args = append(args, nullForEmpty(user.ProxyUUID))
+		args = append(args, user.ProxyUUID)
 		idx++
 	}
 	if caps.hasProxyUUIDExpiresAt {