Update architecture and decisions docs with auth refinements

2026-05-01 01:27:13 +08:00
parent b0356bf103
commit eaa31efd64
4 changed files with 57 additions and 16 deletions
--- a/docs/architecture.md
+++ b/docs/architecture.md
@@ -23,20 +23,20 @@ Rules:
 | Layer | Package | Purpose | Status |
 |-------|---------|---------|--------|
 | **CLI** | `cmd` | Cobra root command | 🛠 WIP |
-| | `cmd/serve.go` | `mygo serve` — wire deps, start HTTP | 🛠 WIP |
+| | `cmd/serve.go` | `mygo serve` — wire deps, start HTTP | ✅ |
 | | `cmd/config.go` | `mygo config` — config subcommand | 🛠 WIP |
 | | `cmd/status.go` | `mygo status` — health check | 🛠 WIP |
-| **Config** | `internal/config` | Viper load (YAML + env + flags) | 🛠 WIP |
+| **Config** | `internal/config` | Viper load (YAML + env + flags), typed Duration config via built-in decode hook | ✅ |
 | **App** | `internal/app` | Runtime dependency container and build metadata | 🛠 WIP |
-| **HTTP** | `internal/server` | Gin router init, route registration, graceful shutdown | 🛠 WIP |
+| **HTTP** | `internal/server` | Gin router init, route registration (public/protected split), graceful shutdown | ✅ |
 | | `internal/handler` | HTTP handlers (auth, file, admin, webdav...) | 🛠 WIP |
-| | `internal/middleware` | Gin middleware (logger, cors, auth) | 🛠 WIP |
-| **Business** | `internal/service` | Business logic (auth, file, admin) | 🛠 WIP |
-| | `internal/model` | Domain types (User, File, errors) | 🛠 WIP |
-| **Data** | `internal/repository` | Repository interfaces + GORM implementations | 🛠 WIP |
+| | `internal/middleware` | Gin middleware (logger, jwt, cors, auth) | 🛠 WIP |
+| **Business** | `internal/service` | Business logic: `AuthService` (register, login, refresh, logout, passkey CRUD) | ✅ |
+| | `internal/model` | Domain types (User, File, Credential, Session), error codes | ✅ |
+| **Data** | `internal/repository` | Repository interfaces + GORM implementations (User, Session, File, Credential) | ✅ |
 | | `internal/storage` | Storage backend interface + local disk impl | 🛠 WIP |
-| **Util** | `internal/auth` | JWT sign/verify, context helpers | 🛠 WIP |
-| | `internal/api` | Error body helpers | 🛠 WIP |
+| **Util** | `internal/auth` | JWT sign/verify (HS256), token type discrimination (access/refresh), password hashing (bcrypt), app passkey tokens | ✅ |
+| | `internal/api` | Unified JSON error response helpers | ✅ |

 ## API Routes (v0)

@@ -76,7 +76,8 @@ Applied to protected groups: auth (JWT validation, inject user into gin.Context)

 ## Server Responsibilities

- `cmd/serve.go` loads config, creates `app.WebApp`, builds the router, and starts the HTTP server.
+- `cmd/serve.go` loads config, calls `app.Bootstrap` to initialize DB + services, builds the router, and starts the HTTP server.
 - `app.WebApp` carries runtime dependencies and build metadata needed to assemble handlers.
- `internal/server` owns Gin router setup (`router.go`), route registration split into `routes_public.go` and `routes_protected.go`, and HTTP server lifecycle.
+- `internal/server` owns Gin router setup (`router.go`), route registration split into `routes_public.go` (public auth) and `routes_protected.go` (JWT-protected account).
+- Each route group creates its own handler instance: `routes_public.go` creates `AuthHandler`, `routes_protected.go` creates `AccountHandler` — no shared handler state between public and protected routes.
 - `RunWithGracefulShutdown` stops accepting new requests on termination and gives in-flight requests time to finish.
--- a/docs/decisions.md
+++ b/docs/decisions.md
@@ -48,3 +48,20 @@
 - Version is build metadata from `internal/app/version.go`, not a config-file field.
 - `app.WebApp` is the place to add future services, repositories, storage, and app metadata incrementally.
 - Request ID middleware is not part of the current foundation; add it only with a logging/tracing/error-correlation design.
+
+## 2026-04-29: Auth Refinements
+
+**Context**: Auth layer had three structural weaknesses — handler duplication, indistinguishable token types, and fragile config duration parsing.
+
+**Decisions**:
+
+| Decision | Guidance |
+|----------|----------|
+| One handler per route group | `AuthHandler` owns `/auth/*` (public); `AccountHandler` owns `/account/*` (protected). A route group maps 1:1 to a handler type. |
+| JWT `type` claim | `Claims.Type` distinguishes access from refresh tokens. Middleware and service enforce the correct type at their respective boundaries. `ParseToken` does no type check — it verifies cryptographic validity only. |
+| `time.Duration` in config structs | Config fields representing durations use `time.Duration` directly. Viper's built-in `StringToTimeDurationHookFunc` handles string→Duration conversion at unmarshal time. No accessor methods, no runtime parsing. Invalid values fail at startup via `Load()`. |
+
+**Consequences**:
+- Handlers are independently extensible (caching, rate limiting scoped per handler).
+- Refresh tokens cannot authenticate API requests; access tokens cannot be used to issue new token pairs.
+- New duration config fields require zero boilerplate — declare as `time.Duration` in the struct.
--- a/docs/development.md
+++ b/docs/development.md
@@ -26,12 +26,35 @@ go vet ./...
 go fmt ./...
 ```

+## Dependencies
+
+```bash
+go mod tidy     # after adding/removing imports
+```
+
 ## Config

-Server config is in `config.yaml` (symlink to `config.example.yaml` in development environment).
+Server config is loaded via viper from `config.yaml` (defaults in `internal/config/load.go`).

-```
+```yaml
 server:
    host: 0.0.0.0
    port: 10086
+
+database:
+    driver: sqlite3
+    sqlite:
+        path: data/mygo.db
+
+storage:
+    driver: local
+    local:
+        path: data/files
+
+jwt:
+    secret: changeme-in-production
+    access_ttl: 15m
+    refresh_ttl: 168h
 ```
+
+Environment variables use `MYGO_` prefix with underscore separators: `MYGO_SERVER_PORT=8080`, `MYGO_JWT_SECRET=...`
--- a/docs/roadmap.md
+++ b/docs/roadmap.md
@@ -4,7 +4,7 @@

 | Feature | Status | Notes |
 |---------|--------|-------|
-| CLI config management | ✅ | |
+| CLI config management | ✅ | Viper YAML + env + flags, typed Duration config |
 | JWT authentication | ✅ | access + refresh tokens, refresh token in DB, app passkey support |
 | Web API foundation | ✅ | WebApp composition, Gin router, graceful shutdown, `GET /api/v1/version` |
 | File upload/download/manage APIs | 🛠 WIP | REST API via Gin |
@@ -15,7 +15,7 @@

 Package-level implementation order (each task includes unit tests):

-1. `internal/config` — Viper loader, config struct
+1. `internal/config` — Viper loader, config struct ✅
 2. `internal/app` — runtime dependency container ✅
 3. `internal/model` — domain types, error codes ✅
 4. `internal/api` — error response helpers ✅
@@ -24,7 +24,7 @@ Package-level implementation order (each task includes unit tests):
 7. `internal/repository` — interfaces + GORM/SQLite impl ✅
 8. `internal/service` — auth, file, admin services ✅ (auth done)
 9. `internal/middleware` — logger, cors, auth ✅ (auth done)
-10. `internal/handler` — auth, file, admin handlers ✅ (auth done)
+10. `internal/handler` — auth, account, file, admin handlers 🛠 (auth + account done)
 11. `internal/server` — Gin router, route registration, graceful shutdown ✅
 12. `cmd/serve.go`, `cmd/config.go`, `cmd/status.go` ✅ (serve done)
 13. Integration tests