Merge SEC-08: atomic system token issuance

2026-03-13 00:50:39 -07:00
parent 0bc7943d8f 51a5277062
commit fa45836612
4 changed files with 149 additions and 15 deletions
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -470,17 +470,15 @@ func (s *Server) handleTokenIssue(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	// Revoke existing system token if any.
+	// Atomically revoke existing system token (if any), track the new token,
+	// and update system_tokens — all in a single transaction.
+	// Security: prevents inconsistent state if a crash occurs mid-operation.
+	var oldJTI string
 	existing, err := s.db.GetSystemToken(acct.ID)
 	if err == nil && existing != nil {
-		_ = s.db.RevokeToken(existing.JTI, "rotated")
+		oldJTI = existing.JTI
 	}
-
-	if err := s.db.TrackToken(claims.JTI, acct.ID, claims.IssuedAt, claims.ExpiresAt); err != nil {
-		middleware.WriteError(w, http.StatusInternalServerError, "internal error", "internal_error")
-		return
-	}
-	if err := s.db.SetSystemToken(acct.ID, claims.JTI, claims.ExpiresAt); err != nil {
+	if err := s.db.IssueSystemToken(oldJTI, claims.JTI, acct.ID, claims.IssuedAt, claims.ExpiresAt); err != nil {
 		middleware.WriteError(w, http.StatusInternalServerError, "internal error", "internal_error")
 		return
 	}