initial v0.8 pre-release

tokens/admin.go

@@ -10,7 +10,7 @@ import (
 // NewAdminAuthToken generates and returns a new admin authentication token.
 func NewAdminAuthToken(app core.App, admin *models.Admin) (string, error) {
 	return security.NewToken(
-		jwt.MapClaims{"id": admin.Id, "type": "admin"},
+		jwt.MapClaims{"id": admin.Id, "type": TypeAdmin},
 		(admin.TokenKey + app.Settings().AdminAuthToken.Secret),
 		app.Settings().AdminAuthToken.Duration,
 	)
@@ -19,7 +19,7 @@ func NewAdminAuthToken(app core.App, admin *models.Admin) (string, error) {
 // NewAdminResetPasswordToken generates and returns a new admin password reset request token.
 func NewAdminResetPasswordToken(app core.App, admin *models.Admin) (string, error) {
 	return security.NewToken(
-		jwt.MapClaims{"id": admin.Id, "type": "admin", "email": admin.Email},
+		jwt.MapClaims{"id": admin.Id, "type": TypeAdmin, "email": admin.Email},
 		(admin.TokenKey + app.Settings().AdminPasswordResetToken.Secret),
 		app.Settings().AdminPasswordResetToken.Duration,
 	)

tokens/record.go

@@ -0,0 +1,78 @@
+package tokens
+
+import (
+	"errors"
+
+	"github.com/golang-jwt/jwt/v4"
+	"github.com/pocketbase/pocketbase/core"
+	"github.com/pocketbase/pocketbase/models"
+	"github.com/pocketbase/pocketbase/tools/security"
+)
+
+// NewRecordAuthToken generates and returns a new auth record authentication token.
+func NewRecordAuthToken(app core.App, record *models.Record) (string, error) {
+	if !record.Collection().IsAuth() {
+		return "", errors.New("The record is not from an auth collection.")
+	}
+
+	return security.NewToken(
+		jwt.MapClaims{
+			"id":           record.Id,
+			"type":         TypeAuthRecord,
+			"collectionId": record.Collection().Id,
+		},
+		(record.TokenKey() + app.Settings().RecordAuthToken.Secret),
+		app.Settings().RecordAuthToken.Duration,
+	)
+}
+
+// NewRecordVerifyToken generates and returns a new record verification token.
+func NewRecordVerifyToken(app core.App, record *models.Record) (string, error) {
+	if !record.Collection().IsAuth() {
+		return "", errors.New("The record is not from an auth collection.")
+	}
+
+	return security.NewToken(
+		jwt.MapClaims{
+			"id":           record.Id,
+			"type":         TypeAuthRecord,
+			"collectionId": record.Collection().Id,
+			"email":        record.Email(),
+		},
+		(record.TokenKey() + app.Settings().RecordVerificationToken.Secret),
+		app.Settings().RecordVerificationToken.Duration,
+	)
+}
+
+// NewRecordResetPasswordToken generates and returns a new auth record password reset request token.
+func NewRecordResetPasswordToken(app core.App, record *models.Record) (string, error) {
+	if !record.Collection().IsAuth() {
+		return "", errors.New("The record is not from an auth collection.")
+	}
+
+	return security.NewToken(
+		jwt.MapClaims{
+			"id":           record.Id,
+			"type":         TypeAuthRecord,
+			"collectionId": record.Collection().Id,
+			"email":        record.Email(),
+		},
+		(record.TokenKey() + app.Settings().RecordPasswordResetToken.Secret),
+		app.Settings().RecordPasswordResetToken.Duration,
+	)
+}
+
+// NewRecordChangeEmailToken generates and returns a new auth record change email request token.
+func NewRecordChangeEmailToken(app core.App, record *models.Record, newEmail string) (string, error) {
+	return security.NewToken(
+		jwt.MapClaims{
+			"id":           record.Id,
+			"type":         TypeAuthRecord,
+			"collectionId": record.Collection().Id,
+			"email":        record.Email(),
+			"newEmail":     newEmail,
+		},
+		(record.TokenKey() + app.Settings().RecordEmailChangeToken.Secret),
+		app.Settings().RecordEmailChangeToken.Duration,
+	)
+}

tokens/record_test.go

@@ -0,0 +1,100 @@
+package tokens_test
+
+import (
+	"testing"
+
+	"github.com/pocketbase/pocketbase/tests"
+	"github.com/pocketbase/pocketbase/tokens"
+)
+
+func TestNewRecordAuthToken(t *testing.T) {
+	app, _ := tests.NewTestApp()
+	defer app.Cleanup()
+
+	user, err := app.Dao().FindAuthRecordByEmail("users", "test@example.com")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	token, err := tokens.NewRecordAuthToken(app, user)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tokenRecord, _ := app.Dao().FindAuthRecordByToken(
+		token,
+		app.Settings().RecordAuthToken.Secret,
+	)
+	if tokenRecord == nil || tokenRecord.Id != user.Id {
+		t.Fatalf("Expected auth record %v, got %v", user, tokenRecord)
+	}
+}
+
+func TestNewRecordVerifyToken(t *testing.T) {
+	app, _ := tests.NewTestApp()
+	defer app.Cleanup()
+
+	user, err := app.Dao().FindAuthRecordByEmail("users", "test@example.com")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	token, err := tokens.NewRecordVerifyToken(app, user)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tokenRecord, _ := app.Dao().FindAuthRecordByToken(
+		token,
+		app.Settings().RecordVerificationToken.Secret,
+	)
+	if tokenRecord == nil || tokenRecord.Id != user.Id {
+		t.Fatalf("Expected auth record %v, got %v", user, tokenRecord)
+	}
+}
+
+func TestNewRecordResetPasswordToken(t *testing.T) {
+	app, _ := tests.NewTestApp()
+	defer app.Cleanup()
+
+	user, err := app.Dao().FindAuthRecordByEmail("users", "test@example.com")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	token, err := tokens.NewRecordResetPasswordToken(app, user)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tokenRecord, _ := app.Dao().FindAuthRecordByToken(
+		token,
+		app.Settings().RecordPasswordResetToken.Secret,
+	)
+	if tokenRecord == nil || tokenRecord.Id != user.Id {
+		t.Fatalf("Expected auth record %v, got %v", user, tokenRecord)
+	}
+}
+
+func TestNewRecordChangeEmailToken(t *testing.T) {
+	app, _ := tests.NewTestApp()
+	defer app.Cleanup()
+
+	user, err := app.Dao().FindAuthRecordByEmail("users", "test@example.com")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	token, err := tokens.NewRecordChangeEmailToken(app, user, "test_new@example.com")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tokenRecord, _ := app.Dao().FindAuthRecordByToken(
+		token,
+		app.Settings().RecordEmailChangeToken.Secret,
+	)
+	if tokenRecord == nil || tokenRecord.Id != user.Id {
+		t.Fatalf("Expected auth record %v, got %v", user, tokenRecord)
+	}
+}

tokens/tokens.go

@@ -1,2 +1,7 @@
 // Package tokens implements various user and admin tokens generation methods.
 package tokens
+
+const (
+	TypeAdmin      = "admin"
+	TypeAuthRecord = "authRecord"
+)

tokens/user.go

@@ -1,44 +0,0 @@
-package tokens
-
-import (
-	"github.com/golang-jwt/jwt/v4"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/models"
-	"github.com/pocketbase/pocketbase/tools/security"
-)
-
-// NewUserAuthToken generates and returns a new user authentication token.
-func NewUserAuthToken(app core.App, user *models.User) (string, error) {
-	return security.NewToken(
-		jwt.MapClaims{"id": user.Id, "type": "user"},
-		(user.TokenKey + app.Settings().UserAuthToken.Secret),
-		app.Settings().UserAuthToken.Duration,
-	)
-}
-
-// NewUserVerifyToken generates and returns a new user verification token.
-func NewUserVerifyToken(app core.App, user *models.User) (string, error) {
-	return security.NewToken(
-		jwt.MapClaims{"id": user.Id, "type": "user", "email": user.Email},
-		(user.TokenKey + app.Settings().UserVerificationToken.Secret),
-		app.Settings().UserVerificationToken.Duration,
-	)
-}
-
-// NewUserResetPasswordToken generates and returns a new user password reset request token.
-func NewUserResetPasswordToken(app core.App, user *models.User) (string, error) {
-	return security.NewToken(
-		jwt.MapClaims{"id": user.Id, "type": "user", "email": user.Email},
-		(user.TokenKey + app.Settings().UserPasswordResetToken.Secret),
-		app.Settings().UserPasswordResetToken.Duration,
-	)
-}
-
-// NewUserChangeEmailToken generates and returns a new user change email request token.
-func NewUserChangeEmailToken(app core.App, user *models.User, newEmail string) (string, error) {
-	return security.NewToken(
-		jwt.MapClaims{"id": user.Id, "type": "user", "email": user.Email, "newEmail": newEmail},
-		(user.TokenKey + app.Settings().UserEmailChangeToken.Secret),
-		app.Settings().UserEmailChangeToken.Duration,
-	)
-}

tokens/user_test.go

@@ -1,100 +0,0 @@
-package tokens_test
-
-import (
-	"testing"
-
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tokens"
-)
-
-func TestNewUserAuthToken(t *testing.T) {
-	app, _ := tests.NewTestApp()
-	defer app.Cleanup()
-
-	user, err := app.Dao().FindUserByEmail("test@example.com")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	token, err := tokens.NewUserAuthToken(app, user)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	tokenUser, _ := app.Dao().FindUserByToken(
-		token,
-		app.Settings().UserAuthToken.Secret,
-	)
-	if tokenUser == nil || tokenUser.Id != user.Id {
-		t.Fatalf("Expected user %v, got %v", user, tokenUser)
-	}
-}
-
-func TestNewUserVerifyToken(t *testing.T) {
-	app, _ := tests.NewTestApp()
-	defer app.Cleanup()
-
-	user, err := app.Dao().FindUserByEmail("test@example.com")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	token, err := tokens.NewUserVerifyToken(app, user)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	tokenUser, _ := app.Dao().FindUserByToken(
-		token,
-		app.Settings().UserVerificationToken.Secret,
-	)
-	if tokenUser == nil || tokenUser.Id != user.Id {
-		t.Fatalf("Expected user %v, got %v", user, tokenUser)
-	}
-}
-
-func TestNewUserResetPasswordToken(t *testing.T) {
-	app, _ := tests.NewTestApp()
-	defer app.Cleanup()
-
-	user, err := app.Dao().FindUserByEmail("test@example.com")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	token, err := tokens.NewUserResetPasswordToken(app, user)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	tokenUser, _ := app.Dao().FindUserByToken(
-		token,
-		app.Settings().UserPasswordResetToken.Secret,
-	)
-	if tokenUser == nil || tokenUser.Id != user.Id {
-		t.Fatalf("Expected user %v, got %v", user, tokenUser)
-	}
-}
-
-func TestNewUserChangeEmailToken(t *testing.T) {
-	app, _ := tests.NewTestApp()
-	defer app.Cleanup()
-
-	user, err := app.Dao().FindUserByEmail("test@example.com")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	token, err := tokens.NewUserChangeEmailToken(app, user, "test_new@example.com")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	tokenUser, _ := app.Dao().FindUserByToken(
-		token,
-		app.Settings().UserEmailChangeToken.Secret,
-	)
-	if tokenUser == nil || tokenUser.Id != user.Id {
-		t.Fatalf("Expected user %v, got %v", user, tokenUser)
-	}
-}