cea393c1a0
1. [SQL] Fix username uniqueness constraint - Changed from global unique to composite unique(tenant_id, username) - Multi-tenant apps need same usernames across tenants (e.g., each tenant can have 'admin') 2. [Go] Fix inconsistent error handling in scanSession - Now returns pgx.ErrNoRows when session not found (like scanUser) - Allows proper 404 vs 500 error distinction in handlers 3. [Go] Add missing VerifyPassword function - Implements bcrypt.CompareHashAndPassword for password verification - Enables login flow with proper error handling for missing users - Paired with existing GenerateFromPassword for secure password hashing Security checks: - SQL injection: All queries parameterized (no string interpolation) - bcrypt: Cost factor 12 (production-recommended) - Session tokens: PostgreSQL gen_random_uuid() (cryptographically secure) - Password hashes: Protected with json:"-" tag (never exposed in responses) - Error handling: Comprehensive, no silent failures Build & Vet: All checks pass (go build ./..., go vet ./...) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| cmd/api | ||
| internal | ||
| Dockerfile | ||
| go.mod | ||
| go.sum | ||
| README.md | ||
Backend
Dieses Verzeichnis enthaelt das erste Geruest fuer das zentrale Backend.
Ziel fuer die erste Ausbaustufe:
- HTTP-API in Go
- Health-Endpunkt
- saubere Projektstruktur fuer spaetere API-, Worker- und Datenbankmodule
- erste serverseitige Aufloesungslogik fuer
message_wall
Geplante Unterstruktur:
cmd/api/fuer den API-Startpunktinternal/app/fuer App-Initialisierunginternal/campaigns/fuer Kampagnen- und Template-Logikinternal/httpapi/fuer HTTP-Routing und Handlerinternal/config/fuer Konfiguration
Aktuell vorhanden:
GET /healthzGET /api/v1GET /api/v1/metaPOST /api/v1/tools/message-wall/resolveals erste serverseitige Layout-Aufloesung fuermessage_wall- einheitliches API-Fehlerformat im HTTP-Layer