ValidateSession hashes the plaintext token and looks up the session. Returns the associated user and session, or (nil, nil) if not found/expired.
(db *gorm.DB, token, hmacSecret string)
| 48 | // ValidateSession hashes the plaintext token and looks up the session. |
| 49 | // Returns the associated user and session, or (nil, nil) if not found/expired. |
| 50 | func ValidateSession(db *gorm.DB, token, hmacSecret string) (*User, *Session) { |
| 51 | hash := HashAPIKey(token, hmacSecret) |
| 52 | |
| 53 | var session Session |
| 54 | if err := db.Preload("User").Where("id = ? AND expires_at > ?", hash, time.Now()).First(&session).Error; err != nil { |
| 55 | return nil, nil |
| 56 | } |
| 57 | if session.User.Status != StatusActive { |
| 58 | return nil, nil |
| 59 | } |
| 60 | return &session.User, &session |
| 61 | } |
| 62 | |
| 63 | // DeleteSession removes a session by hashing the plaintext token. |
| 64 | func DeleteSession(db *gorm.DB, token, hmacSecret string) error { |
no test coverage detected