feat(token): support to access tokens auth

Author: danielebriggi

.gitignore

@@ -6,3 +6,4 @@ cli/.vscode
 pkg/
 bin
 .env
+.cache

.golangci.yml

@@ -0,0 +1,10 @@
+version: "2"
+linters:
+  exclusions:
+    # Disable ST1006 (receiver name style) to allow existing receiver names in server.go
+    rules:
+    - path: server.go
+      linters:
+      - staticcheck
+      - stylecheck
+      text: ST1006

.pre-commit-config.yaml

@@ -3,7 +3,7 @@
 # Run formatter and more before git commit.
 repos:
 -   repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0
+    rev: v6.0.0
     hooks:
       - id: trailing-whitespace
       - id: end-of-file-fixer
@@ -28,7 +28,7 @@ repos:
         - -w
         require_serial: true
 -   repo: https://github.com/golangci/golangci-lint
-    rev: v1.59.1
+    rev: v2.7.2
     hooks:
     -   id: golangci-lint
         exclude: ^pkg/

connection.go

@@ -49,10 +49,11 @@ type SQCloudConfig struct {
 	TlsInsecureSkipVerify bool          // Accept invalid TLS certificates (no_verify_certificate)
 	Pem                   string
 	ApiKey                string
-	NoBlob                bool // flag to tell the server to not send BLOB columns
-	MaxData               int  // value to tell the server to not send columns with more than max_data bytes
-	MaxRows               int  // value to control rowset chunks based on the number of rows
-	MaxRowset             int  // value to control the maximum allowed size for a rowset
+	Token                 string // Access Token for authentication
+	NoBlob                bool   // flag to tell the server to not send BLOB columns
+	MaxData               int    // value to tell the server to not send columns with more than max_data bytes
+	MaxRows               int    // value to control rowset chunks based on the number of rows
+	MaxRowset             int    // value to control the maximum allowed size for a rowset
 }
 
 type SQCloud struct {
@@ -131,6 +132,7 @@ func ParseConnectionString(ConnectionString string) (config *SQCloudConfig, err
 		config.MaxRows = 0
 		config.MaxRowset = 0
 		config.ApiKey = ""
+		config.Token = ""
 
 		sPort := strings.TrimSpace(u.Port())
 		if len(sPort) > 0 {
@@ -195,6 +197,8 @@ func ParseConnectionString(ConnectionString string) (config *SQCloudConfig, err
 				config.Secure, config.TlsInsecureSkipVerify, config.Pem = ParseTlsString(lastLiteral)
 			case "apikey":
 				config.ApiKey = lastLiteral
+			case "token":
+				config.Token = lastLiteral
 			case "noblob":
 				if b, err := parseBool(lastLiteral, config.NoBlob); err == nil {
 					config.NoBlob = b
@@ -434,12 +438,14 @@ func connectionCommands(config SQCloudConfig) (string, []interface{}) {
 	}
 
 	if config.ApiKey != "" {
-		c, a := authWithKeyCommand(config.ApiKey)
+		c, a := authWithApiKeyCommand(config.ApiKey)
 		buffer += c
 		args = append(args, a...)
-	}
-
-	if config.Username != "" && config.Password != "" {
+	} else if config.Token != "" {
+		c, a := authWithTokenCommand(config.Token)
+		buffer += c
+		args = append(args, a...)
+	} else if config.Username != "" && config.Password != "" {
 		c, a := authCommand(config.Username, config.Password, config.PasswordHashed)
 		buffer += c
 		args = append(args, a...)

connection_internal_test.go

@@ -0,0 +1,37 @@
+package sqlitecloud
+
+import (
+	"reflect"
+	"strings"
+	"testing"
+)
+
+func TestConnectionCommandsAuthPreference(t *testing.T) {
+	tests := []struct {
+		name     string
+		config   SQCloudConfig
+		wantCmd  string
+		wantArgs []interface{}
+	}{
+		{"api key wins", SQCloudConfig{ApiKey: "k", Token: "t", Username: "u", Password: "p"}, "AUTH APIKEY ?;", []interface{}{"k"}},
+		{"token next", SQCloudConfig{Token: "t", Username: "u", Password: "p"}, "AUTH TOKEN ?;", []interface{}{"t"}},
+		{"user/pass fallback", SQCloudConfig{Username: "u", Password: "p"}, "AUTH USER ? PASSWORD ?;", []interface{}{"u", "p"}},
+		{"hashed password", SQCloudConfig{Username: "u", Password: "hash", PasswordHashed: true}, "AUTH USER ? HASH ?;", []interface{}{"u", "hash"}},
+		{"no credentials", SQCloudConfig{}, "", []interface{}{}},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			gotBuf, gotArgs := connectionCommands(tt.config)
+			if tt.wantCmd == "" && gotBuf != "" {
+				t.Fatalf("expected no auth command, got %q", gotBuf)
+			}
+			if tt.wantCmd != "" && !strings.Contains(gotBuf, tt.wantCmd) {
+				t.Fatalf("expected %q in buffer, got %q", tt.wantCmd, gotBuf)
+			}
+			if !reflect.DeepEqual(gotArgs, tt.wantArgs) {
+				t.Fatalf("args mismatch: want %v got %v", tt.wantArgs, gotArgs)
+			}
+		})
+	}
+}

go.mod

@@ -1,6 +1,6 @@
 module github.com/sqlitecloud/sqlitecloud-go
 
-go 1.18
+go 1.24.0
 
 require (
 	github.com/pierrec/lz4 v2.6.1+incompatible
@@ -10,5 +10,6 @@ require (
 
 require (
 	github.com/frankban/quicktest v1.14.3 // indirect
-	golang.org/x/sys v0.7.0 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
 )

go.sum

@@ -1,8 +1,9 @@
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps=
-github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
@@ -16,11 +17,10 @@ github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBO
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/xo/dburl v0.13.1 h1:EV+BCdo539sc/mBrny0VxaEGLM0b1U0mJA9RpP80ux0=
 github.com/xo/dburl v0.13.1/go.mod h1:B7/G9FGungw6ighV8xJNwWYQPMfn3gsi2sn5SE8Bzco=
-golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
-golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=

server.go

@@ -260,13 +260,21 @@ func (this *SQCloud) Auth(Username string, Password string) error {
 	return this.ExecuteArray(authCommand(Username, Password, false))
 }
 
-func authWithKeyCommand(Key string) (string, []interface{}) {
+func authWithApiKeyCommand(Key string) (string, []interface{}) {
 	return "AUTH APIKEY ?;", []interface{}{Key}
 }
 
+func authWithTokenCommand(Token string) (string, []interface{}) {
+	return "AUTH TOKEN ?;", []interface{}{Token}
+}
+
 // Auth - INTERNAL SERVER COMMAND: Authenticates User with the given API KEY.
 func (this *SQCloud) AuthWithKey(Key string) error {
-	return this.ExecuteArray(authWithKeyCommand(Key))
+	return this.ExecuteArray(authWithApiKeyCommand(Key))
+}
+
+func (this *SQCloud) AuthWithToken(Token string) error {
+	return this.ExecuteArray(authWithTokenCommand(Token))
 }
 
 // Database funcitons

test/unit/connection_test.go

@@ -68,6 +68,32 @@ func TestParseConnectionStringWithAPIKey(t *testing.T) {
 	assert.Truef(t, reflect.DeepEqual(expectedConfig, config), "Expected: %+v\nGot: %+v", expectedConfig, config)
 }
 
+func TestParseConnectionStringWithToken(t *testing.T) {
+	connectionString := "sqlitecloud://host.com:8860/dbname?token=123|tok123&compress=true"
+	expectedConfig := &sqlitecloud.SQCloudConfig{
+		Host:                  "host.com",
+		Port:                  8860,
+		Username:              "",
+		Password:              "",
+		Database:              "dbname",
+		Timeout:               0,
+		Compression:           true,
+		CompressMode:          sqlitecloud.CompressModeLZ4,
+		Secure:                true,
+		TlsInsecureSkipVerify: false,
+		Pem:                   "",
+		Token:                 "123|tok123",
+		NoBlob:                false,
+		MaxData:               0,
+		MaxRows:               0,
+		MaxRowset:             0,
+	}
+
+	config, err := sqlitecloud.ParseConnectionString(connectionString)
+	assert.NoError(t, err)
+	assert.Truef(t, reflect.DeepEqual(expectedConfig, config), "Expected: %+v\nGot: %+v", expectedConfig, config)
+}
+
 func TestParseConnectionStringWithCredentials(t *testing.T) {
 	connectionString := "sqlitecloud://user:pass@host.com:8860"
 	config, err := sqlitecloud.ParseConnectionString(connectionString)
@@ -187,6 +213,12 @@ func TestParseConnectionStringWithParameters(t *testing.T) {
 			value:         "abc123",
 			expectedValue: "abc123",
 		},
+		{
+			param:         "token",
+			configParam:   "Token",
+			value:         "123|tok123",
+			expectedValue: "123|tok123",
+		},
 	}
 
 	for _, tt := range tests {