arcodange/dance-lessons-coach
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(user): magic_link_tokens table + repository (ADR-0028 Phase A.3) #61

Merged
arcodange merged 1 commits from feat/magic-link-storage-phase-a3 into main 2026-05-05 11:24:07 +02:00
Conversation 0 Commits 1 Files Changed 4 +425 -3
arcodange commented 2026-05-05 11:21:42 +02:00
Owner
Copy Link

Summary

ADR-0028 Phase A.3 — persistence layer for passwordless auth.

  • New `MagicLinkToken` GORM model + auto-migrate (both DSN-built and cfg-built init paths)
  • `PostgresRepository` methods : Create / GetByHash / MarkConsumed / DeleteExpired
  • Token plaintext NEVER stored — sha256 hex only (cf. ADR-0021 fingerprint pattern)
  • 5 unit tests + 5 integration tests (`-tags integration`)

Test plan

  • `go test ./pkg/user/...` — unit suite green
  • `go test -tags integration ./pkg/user/ -run TestMagicLinkRepo` — 5/5 green vs local Postgres
  • `go vet ./...` clean
## Summary ADR-0028 Phase A.3 — persistence layer for passwordless auth. - New \`MagicLinkToken\` GORM model + auto-migrate (both DSN-built and cfg-built init paths) - \`PostgresRepository\` methods : Create / GetByHash / MarkConsumed / DeleteExpired - Token plaintext NEVER stored — sha256 hex only (cf. ADR-0021 fingerprint pattern) - 5 unit tests + 5 integration tests (\`-tags integration\`) ## Test plan - \`go test ./pkg/user/...\` — unit suite green - \`go test -tags integration ./pkg/user/ -run TestMagicLinkRepo\` — 5/5 green vs local Postgres - \`go vet ./...\` clean
arcodange added 1 commit 2026-05-05 11:21:43 +02:00
feat(user): magic_link_tokens table + repository (ADR-0028 Phase A.3) c878619478 
Adds the persistence layer for the passwordless-auth flow. The token VALUE is
never stored — only its sha256 hex digest, mirroring ADR-0021 secret retention
via fingerprint. Plaintext is generated server-side, emailed once, and rehashed
on consume.

Repository methods : Create / GetByHash / MarkConsumed / DeleteExpired.
AutoMigrate wired in both PostgresRepository init paths (DSN-built + cfg-built).

Tests :
- 5 unit tests : token generation shape, URL-safety, uniqueness, hash stability
- 5 integration tests (build tag `integration`) : end-to-end against real Postgres,
  cover the happy path, missing-hash, consume idempotency, expired-cleanup,
  and the unique-index defensive check
arcodange merged commit c9ab876dfe into main 2026-05-05 11:24:07 +02:00
arcodange deleted branch feat/magic-link-storage-phase-a3 2026-05-05 11:24:08 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
arcodange
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: arcodange/dance-lessons-coach#61
Delete Branch "feat/magic-link-storage-phase-a3"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?