refactor(db): use new store interface

[scottmckendry]

lays the groundwork for adding more storage drivers in the future (postgres, redis) with slightly lower effort and easier maintainability in the future.

moves sqlite specific queries, migrations and generated go code into subdirs.

Summary by CodeRabbit

• New Features

  • Configurable database driver (defaults to SQLite); pluggable storage with SQLite and in-memory backends.
  • Migration assets scoped to the SQLite migration set.

• Chores

  • CI now enforces generated repository code is up to date.
  • Dev compose updated to enable HTTPS/TLS for local Traefik.
  • Updated Go tooling and changed code-generation entrypoint.

• Tests

  • Added comprehensive in-memory repository tests; controller and middleware tests switched to use the in-memory store.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: dbcdb0b8-e71f-4962-9495-da4ebc99624a

📥 Commits

Reviewing files that changed from the base of the PR and between 2250411 and 6d6b532.

📒 Files selected for processing (2)

• internal/repository/memory/memory_test.go
• internal/repository/memory/oidc_queries.go

🚧 Files skipped from review as they are similar to previous changes (2)

• internal/repository/memory/memory_test.go
• internal/repository/memory/oidc_queries.go

---

📝 Walkthrough

Walkthrough

Adds a repository.Store abstraction and ErrNotFound, moves sqlc-generated sqlite code to internal/repository/sqlite with a sqlite Store adapter, adds an in-memory Store and tests, refactors services/bootstrap to use Store, narrows embedded migrations to migrations/sqlite, and adds codegen/CI tooling.

Changes

Persistence Abstraction & Full Integration

Layer / File(s)	Summary
Store Interface, Parameters, and Data Models internal/repository/store.go, internal/repository/models.go, internal/assets/assets.go, internal/model/config.go	repository.Store interface and ErrNotFound added; explicit Create/Update parameter structs added; migration embed narrowed to migrations/sqlite/*.sql; DatabaseConfig gains Driver defaulting to sqlite.
SQLite Backend: sqlc Output & Store Adapter internal/repository/sqlite/...	sqlc output moved to internal/repository/sqlite package sqlite; generated models/queries present and a sqlite Store adapter maps sql.ErrNoRows→repository.ErrNotFound and delegates CRUD.
In-Memory Backend: Store, OIDC, Session, and Tests internal/repository/memory/*, internal/repository/memory/memory_test.go	Thread-safe in-memory Store with maps and RWMutex, destructive reads for OIDC codes, uniqueness checks, session CRUD and expiry deletion; comprehensive unit tests added.
Service Layer Refactoring: Auth and OIDC Services internal/service/auth_service.go, internal/service/oidc_service.go	Services now accept repository.Store and use repository.ErrNotFound via errors.Is for missing-record handling; database/sql import removed where unused.
Bootstrap Wiring: SetupStore and SQLite migrations internal/bootstrap/app_bootstrap.go, internal/bootstrap/db_bootstrap.go	SetupStore() selects memory or sqlite by Database.Driver; setupSQLite opens DB, runs migrations from migrations/sqlite/*.sql, returns a repository.Store, and app wiring uses the returned store; DB closed only if non-nil.
Test Migration: Controllers & Middleware to In-Memory Store internal/controller/*_test.go, internal/middleware/context_middleware_test.go	Controller and middleware tests replaced DB bootstrap with memory.New(); DB cleanup removed; session seeding updated to store.CreateSession().
Build Configuration: Codegen, Makefile, CI, and Dependencies sqlc.yml, internal/repository/sqlite/generate.go, Makefile, .github/workflows/ci.yml, go.mod	sqlc sqlite inputs/output updated to sql/sqlite → internal/repository/sqlite; //go:generate added; Makefile generate runs go generate ./internal/repository/...; CI step checks codegen up-to-date (sqlc generate + go generate) and fails if generated files differ or are untracked; go.mod gains generator deps.
Docker Compose Configuration: HTTPS and TLS Support docker-compose.dev.yml	Traefik configured with websecure entrypoint, 443:443 exposed, and frontend router TLS enabled.

🎯 4 (Complex) | ⏱️ ~60 minutes

Sequence Diagram

sequenceDiagram
  participant BootstrapApp
  participant Service
  participant Store
  participant SQLiteQueries
  BootstrapApp->>Store: SetupStore() selects memory or sqlite
  alt sqlite
    BootstrapApp->>SQLiteQueries: open DB, run migrations (migrations/sqlite/*.sql)
    SQLiteQueries-->>Store: return *Queries wrapped by sqlite.NewStore
  end
  BootstrapApp->>Service: inject repository.Store
  Service->>Store: CRUD calls (GetSession/CreateOidcToken/DeleteExpired*)
  Store-->>Service: results / repository.ErrNotFound
  Service->>Service: map ErrNotFound -> service errors or ignore for deletions

Loading

Possibly related PRs

• tinyauthapp/tinyauth#326: Related change to embedded migration file layout; narrowing embed path here impacts those migration assets.
• tinyauthapp/tinyauth#541: Related bootstrap/persistence refactor affecting session queries and migrations.
• tinyauthapp/tinyauth#605: Related OIDC/service refactor from concrete sqlc Queries to repository abstraction.

Suggested labels

size:XXL

Suggested reviewers

• Rycochet
• steveiliop56

"I hop with joy across the store,
sqlite and memory, who could ask for more?
Services speak to one gentle face,
Tests run faster, no DB to chase.
This rabbit leaves a tiny paw-print trace."

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 35.71% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'refactor(db): use new store interface' accurately summarizes the main objective of the changeset, which is to introduce and adopt a new store interface across the codebase.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch store-refactor

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

internal/bootstrap/db_bootstrap.go (1)

19-69: ⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Preserve DB cleanup when hiding the concrete SQLite store.

SetupStore / NewSQLiteStore now return only repository.Store, so callers can no longer close the underlying *sql.DB. The controller tests used to db.Close(), but after this refactor those handles stay open until process exit, which can leak file descriptors and leave temp SQLite files locked on some platforms. setupSQLite also leaks the opened DB on migration/setup error paths. Please return a closer alongside the store, or wrap the store in a type that also exposes Close() and use it in the tests/startup cleanup path.

🧹 Nitpick comments (1)

internal/repository/models.go (1)

8-19: 🏗️ Heavy lift

Define canonical repository models instead of aliasing SQLite types.

Aliasing repository.* directly to sqlite.* keeps the abstraction coupled to one backend. If you want multi-driver support to stay clean, define canonical types in repository and map in each driver implementation.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/repository/models.go` around lines 8 - 19, The current file defines
repository models as direct aliases to sqlite types (e.g., Session, OidcCode,
OidcToken, OidcUserinfo and param types like CreateSessionParams,
UpdateSessionParams, CreateOidcCodeParams, etc.), which couples the repository
API to one driver; replace these type aliases with canonical repository types
(structs/interfaces) in internal/repository/models.go and remove the "type X =
sqlite.X" lines, then implement conversion helpers in the sqlite driver (e.g.,
functions to convert between repository.Session <-> sqlite.Session and
repository.CreateSessionParams <-> sqlite.CreateSessionParams) so other drivers
can map their native types to the repository canonical types without depending
on sqlite symbols.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@internal/controller/proxy_controller_test.go`:
- Around line 395-396: The Store returned by NewSQLiteStore leaks the underlying
*sql.DB because setupSQLite opens the DB but neither Store nor sqlite.Queries
expose a Close; update the API so tests can close the DB: either add Close()
error to the Store interface and implement Close on sqlite.Queries to call the
underlying *sql.DB.Close(), or change setupSQLite/NewSQLiteStore to return the
*sql.DB alongside the Store so callers (tests like proxy_controller_test,
oidc_controller_test, user_controller_test, well_known_controller_test) can
explicitly defer db.Close(); update all call sites and implementations (Store
interface, sqlite.Queries, setupSQLite, NewSQLiteStore) consistently.

---

Nitpick comments:
In `@internal/repository/models.go`:
- Around line 8-19: The current file defines repository models as direct aliases
to sqlite types (e.g., Session, OidcCode, OidcToken, OidcUserinfo and param
types like CreateSessionParams, UpdateSessionParams, CreateOidcCodeParams,
etc.), which couples the repository API to one driver; replace these type
aliases with canonical repository types (structs/interfaces) in
internal/repository/models.go and remove the "type X = sqlite.X" lines, then
implement conversion helpers in the sqlite driver (e.g., functions to convert
between repository.Session <-> sqlite.Session and repository.CreateSessionParams
<-> sqlite.CreateSessionParams) so other drivers can map their native types to
the repository canonical types without depending on sqlite symbols.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: c386e1b5-70c0-4440-93d8-eec72b28f642

📥 Commits

Reviewing files that changed from the base of the PR and between 956d2f5 and 1d0a462.

📒 Files selected for processing (40)

• internal/assets/assets.go
• internal/assets/migrations/sqlite/000001_init_sqlite.down.sql
• internal/assets/migrations/sqlite/000001_init_sqlite.up.sql
• internal/assets/migrations/sqlite/000002_oauth_name.down.sql
• internal/assets/migrations/sqlite/000002_oauth_name.up.sql
• internal/assets/migrations/sqlite/000003_oauth_sub.down.sql
• internal/assets/migrations/sqlite/000003_oauth_sub.up.sql
• internal/assets/migrations/sqlite/000004_created_at.down.sql
• internal/assets/migrations/sqlite/000004_created_at.up.sql
• internal/assets/migrations/sqlite/000005_oidc_session.down.sql
• internal/assets/migrations/sqlite/000005_oidc_session.up.sql
• internal/assets/migrations/sqlite/000006_oidc_nonce.down.sql
• internal/assets/migrations/sqlite/000006_oidc_nonce.up.sql
• internal/assets/migrations/sqlite/000007_oidc_pkce.down.sql
• internal/assets/migrations/sqlite/000007_oidc_pkce.up.sql
• internal/assets/migrations/sqlite/000008_oidc_code_reuse.down.sql
• internal/assets/migrations/sqlite/000008_oidc_code_reuse.up.sql
• internal/assets/migrations/sqlite/000009_oidc_userinfo_profile.down.sql
• internal/assets/migrations/sqlite/000009_oidc_userinfo_profile.up.sql
• internal/bootstrap/app_bootstrap.go
• internal/bootstrap/db_bootstrap.go
• internal/bootstrap/service_bootstrap.go
• internal/config/config.go
• internal/controller/oidc_controller_test.go
• internal/controller/proxy_controller_test.go
• internal/controller/user_controller_test.go
• internal/controller/well_known_controller_test.go
• internal/repository/models.go
• internal/repository/sqlite/db.go
• internal/repository/sqlite/models.go
• internal/repository/sqlite/oidc_queries.sql.go
• internal/repository/sqlite/session_queries.sql.go
• internal/repository/store.go
• internal/service/auth_service.go
• internal/service/oidc_service.go
• sql/sqlite/oidc_queries.sql
• sql/sqlite/oidc_schemas.sql
• sql/sqlite/session_queries.sql
• sql/sqlite/session_schemas.sql
• sqlc.yml

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

internal/bootstrap/db_bootstrap.go (1)

37-69: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Close the SQLite handle on every failure after sql.Open.

If iofs.New, sqlite3.WithInstance, or migrate.NewWithInstance fails, the opened *sql.DB is never closed. That leaks a live connection/file handle on startup failures and in test helpers.

♻️ Proposed fix

 func (app *BootstrapApp) setupSQLite(databasePath string) (repository.Store, error) {
 	dir := filepath.Dir(databasePath)
@@
 	db, err := sql.Open("sqlite", databasePath)
 	if err != nil {
 		return nil, fmt.Errorf("failed to open database: %w", err)
 	}
+	closeOnError := true
+	defer func() {
+		if closeOnError {
+			_ = db.Close()
+		}
+	}()
@@
 	if err != nil {
 		return nil, fmt.Errorf("failed to migrate database: %w", err)
 	}
 
+	closeOnError = false
 	return sqlite.NewStore(sqlite.New(db)), nil
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/bootstrap/db_bootstrap.go` around lines 37 - 69, After sql.Open
succeeds, ensure the opened *sql.DB is closed on any subsequent failure to avoid
leaking handles: either add a deferred close that only runs when the function
will return an error (e.g., capture the returned err via a named return or a
closure checking a local err variable) or explicitly call db.Close() before
every early return after calls to iofs.New, sqlite3.WithInstance,
migrate.NewWithInstance, and migrator.Up; update the error return paths around
iofs.New, sqlite3.WithInstance, migrate.NewWithInstance, and migrator.Up so they
close db before returning, while leaving the final successful return
(sqlite.NewStore/sqlite.New) untouched.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/ci.yml:
- Around line 29-32: The CI step "Check store codegen is up to date" currently
runs "go generate ./internal/repository/..." then "git diff --exit-code --
internal/repository/" which misses brand-new untracked files; after running go
generate, run "git add -N internal/repository || true" (or "git add -N
./internal/repository || true") to stage intent for new files so they show up in
diffs, then run "git diff --exit-code -- internal/repository/" as before; update
the step commands in the "Check store codegen is up to date" job to include that
git add -N command between the generate and diff commands.

---

Outside diff comments:
In `@internal/bootstrap/db_bootstrap.go`:
- Around line 37-69: After sql.Open succeeds, ensure the opened *sql.DB is
closed on any subsequent failure to avoid leaking handles: either add a deferred
close that only runs when the function will return an error (e.g., capture the
returned err via a named return or a closure checking a local err variable) or
explicitly call db.Close() before every early return after calls to iofs.New,
sqlite3.WithInstance, migrate.NewWithInstance, and migrator.Up; update the error
return paths around iofs.New, sqlite3.WithInstance, migrate.NewWithInstance, and
migrator.Up so they close db before returning, while leaving the final
successful return (sqlite.NewStore/sqlite.New) untouched.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 2a1c97b5-1768-4f54-8215-b27651cd4eb8

📥 Commits

Reviewing files that changed from the base of the PR and between 1d0a462 and 14c1027.

⛔ Files ignored due to path filters (1)

• cmd/gen/sqlc-wrapper/main.go is excluded by !**/gen/**

📒 Files selected for processing (6)

• .github/workflows/ci.yml
• go.mod
• internal/bootstrap/db_bootstrap.go
• internal/repository/models.go
• internal/repository/sqlite/generate.go
• internal/repository/sqlite/store.go

✅ Files skipped from review due to trivial changes (2)

• internal/repository/sqlite/generate.go
• internal/repository/sqlite/store.go

[scottmckendry]

The code gen added in the most recent commit was largely written by an LLM. I have vetted to the best of my ability, but this is a new concept to me - hence this disclaimer.

that out of the way, the generate code satisfies the store interface and correctly wraps all of the sqlc-generated code.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

internal/bootstrap/db_bootstrap.go (1)

38-68: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Close the opened DB on sqlite bootstrap failures.

After Line 38 opens the DB, failures on Lines 48–67 return early without db.Close(). Repeated failed startups can leak file descriptors/locks.

🔧 Suggested patch

 func (app *BootstrapApp) setupSQLite(databasePath string) (repository.Store, error) {
@@
 	db, err := sql.Open("sqlite", databasePath)
 
 	if err != nil {
 		return nil, fmt.Errorf("failed to open database: %w", err)
 	}
+	closeOnErr := func(err error) (repository.Store, error) {
+		_ = db.Close()
+		return nil, err
+	}
@@
 	migrations, err := iofs.New(assets.Migrations, "migrations/sqlite")
 
 	if err != nil {
-		return nil, fmt.Errorf("failed to create migrations: %w", err)
+		return closeOnErr(fmt.Errorf("failed to create migrations: %w", err))
 	}
@@
 	target, err := sqlite3.WithInstance(db, &sqlite3.Config{})
 
 	if err != nil {
-		return nil, fmt.Errorf("failed to create sqlite3 instance: %w", err)
+		return closeOnErr(fmt.Errorf("failed to create sqlite3 instance: %w", err))
 	}
@@
 	migrator, err := migrate.NewWithInstance("iofs", migrations, "sqlite3", target)
 
 	if err != nil {
-		return nil, fmt.Errorf("failed to create migrator: %w", err)
+		return closeOnErr(fmt.Errorf("failed to create migrator: %w", err))
 	}
@@
 	if err := migrator.Up(); err != nil && err != migrate.ErrNoChange {
-		return nil, fmt.Errorf("failed to migrate database: %w", err)
+		return closeOnErr(fmt.Errorf("failed to migrate database: %w", err))
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/bootstrap/db_bootstrap.go` around lines 38 - 68, The DB opened by
sql.Open is never closed on subsequent error paths (iofs.New,
sqlite3.WithInstance, migrate.NewWithInstance, migrator.Up), leaking file
descriptors; ensure the DB is closed before every early return after opening
(either call db.Close() immediately before each error return or add a defer that
closes db only on error using a named return or an "opened" flag and clear it on
success), referencing the db variable and the failing expressions iofs.New,
sqlite3.WithInstance, migrate.NewWithInstance, and migrator.Up so all those
error branches are covered.

🧹 Nitpick comments (1)

internal/repository/memory/oidc_queries.go (1)

13-17: 🏗️ Heavy lift

Normalize unique-conflict errors via a shared repository sentinel.

Returning hardcoded SQL-style strings here couples service behavior to backend-specific text. Consider adding a shared repository.ErrConflict (or equivalent) and returning wrapped sentinel errors from all drivers.

♻️ Directional patch (memory side)

-			return repository.OidcCode{}, fmt.Errorf("UNIQUE constraint failed: oidc_codes.sub")
+			return repository.OidcCode{}, fmt.Errorf("%w: oidc_codes.sub", repository.ErrConflict)
@@
-			return repository.OidcToken{}, fmt.Errorf("UNIQUE constraint failed: oidc_tokens.sub")
+			return repository.OidcToken{}, fmt.Errorf("%w: oidc_tokens.sub", repository.ErrConflict)

And define/map the same sentinel in internal/repository/store.go + sqlite wrapper so behavior stays backend-agnostic.

Also applies to: 106-110

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/repository/memory/oidc_queries.go` around lines 13 - 17, Replace the
hardcoded SQL-style UNIQUE error string returned from the in-memory OIDC code
check (the loop over s.oidcCodes in oidc_queries.go that currently returns
fmt.Errorf("UNIQUE constraint failed: oidc_codes.sub")) with the shared
repository sentinel error (e.g., repository.ErrConflict) wrapped or returned
directly; update the Create/Insert OIDC methods that reference s.oidcCodes /
repository.OidcCode to use this sentinel for uniqueness conflicts. Also add or
map the same repository.ErrConflict sentinel in the store abstraction
(internal/repository/store.go) and ensure the sqlite driver wrapper maps its
DB-specific UNIQUE errors to repository.ErrConflict so all backends return the
same sentinel.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@internal/controller/oidc_controller_test.go`:
- Around line 850-853: The test currently creates a shared store via
memory.New() and a shared OIDC service via service.NewOIDCService(...) with
oidcService.Init() before running multiple t.Run subtests, which can cause state
bleed; move the creation and initialization of the memory store and oidcService
into each subtest (or a per-subtest setup helper) so each t.Run gets its own
memory.New() and service.NewOIDCService(...)+oidcService.Init() instance,
ensuring codes/tokens/sessions are isolated and tests are order-independent.

---

Outside diff comments:
In `@internal/bootstrap/db_bootstrap.go`:
- Around line 38-68: The DB opened by sql.Open is never closed on subsequent
error paths (iofs.New, sqlite3.WithInstance, migrate.NewWithInstance,
migrator.Up), leaking file descriptors; ensure the DB is closed before every
early return after opening (either call db.Close() immediately before each error
return or add a defer that closes db only on error using a named return or an
"opened" flag and clear it on success), referencing the db variable and the
failing expressions iofs.New, sqlite3.WithInstance, migrate.NewWithInstance, and
migrator.Up so all those error branches are covered.

---

Nitpick comments:
In `@internal/repository/memory/oidc_queries.go`:
- Around line 13-17: Replace the hardcoded SQL-style UNIQUE error string
returned from the in-memory OIDC code check (the loop over s.oidcCodes in
oidc_queries.go that currently returns fmt.Errorf("UNIQUE constraint failed:
oidc_codes.sub")) with the shared repository sentinel error (e.g.,
repository.ErrConflict) wrapped or returned directly; update the Create/Insert
OIDC methods that reference s.oidcCodes / repository.OidcCode to use this
sentinel for uniqueness conflicts. Also add or map the same
repository.ErrConflict sentinel in the store abstraction
(internal/repository/store.go) and ensure the sqlite driver wrapper maps its
DB-specific UNIQUE errors to repository.ErrConflict so all backends return the
same sentinel.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 421b1e3a-4a34-4570-b12f-b189f5afaa46

📥 Commits

Reviewing files that changed from the base of the PR and between 0244f39 and 04b8e98.

⛔ Files ignored due to path filters (1)

• cmd/gen/sqlc-wrapper/main.go is excluded by !**/gen/**

📒 Files selected for processing (13)

• internal/bootstrap/db_bootstrap.go
• internal/config/config.go
• internal/controller/oidc_controller_test.go
• internal/controller/proxy_controller_test.go
• internal/controller/user_controller_test.go
• internal/controller/well_known_controller_test.go
• internal/repository/memory/oidc_queries.go
• internal/repository/memory/session_queries.go
• internal/repository/memory/store.go
• internal/repository/sqlite/store.go
• internal/repository/store.go
• internal/service/auth_service.go
• internal/service/oidc_service.go

✅ Files skipped from review due to trivial changes (1)

• internal/config/config.go

🚧 Files skipped from review as they are similar to previous changes (2)

• internal/service/auth_service.go
• internal/repository/sqlite/store.go

[codecov]

Codecov Report

❌ Patch coverage is 33.49593% with 409 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
gen/sqlc-wrapper/sqlc_wrapper.go	0.00%	260 Missing ⚠️
internal/repository/sqlite/store.go	0.00%	114 Missing ⚠️
internal/bootstrap/db_bootstrap.go	0.00%	19 Missing ⚠️
internal/service/oidc_service.go	0.00%	9 Missing ⚠️
internal/bootstrap/app_bootstrap.go	0.00%	4 Missing ⚠️
internal/model/config.go	0.00%	2 Missing ⚠️
internal/service/auth_service.go	0.00%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!

[scottmckendry]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

internal/middleware/context_middleware_test.go (1)

273-313: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Avoid sharing one in-memory store across all subtests.

Using a single memory.New() instance for the whole suite allows session data to leak across test cases, which can make tests order-dependent over time.

Suggested isolation pattern

- store := memory.New()
-
- ldap := service.NewLdapService(service.LdapServiceConfig{})
- err := ldap.Init()
- require.NoError(t, err)
-
- broker := service.NewOAuthBrokerService(oauthBrokerCfgs)
- err = broker.Init()
- require.NoError(t, err)
-
- authService := service.NewAuthService(authServiceCfg, ldap, store, broker)
- err = authService.Init()
- require.NoError(t, err)
-
- contextMiddleware := middleware.NewContextMiddleware(middlewareCfg, authService, broker)
- err = contextMiddleware.Init()
- require.NoError(t, err)
-
 for _, test := range tests {
-	authService.ClearRateLimitsTestingOnly()
 	t.Run(test.description, func(t *testing.T) {
+		store := memory.New()
+		ldap := service.NewLdapService(service.LdapServiceConfig{})
+		require.NoError(t, ldap.Init())
+		broker := service.NewOAuthBrokerService(oauthBrokerCfgs)
+		require.NoError(t, broker.Init())
+		authService := service.NewAuthService(authServiceCfg, ldap, store, broker)
+		require.NoError(t, authService.Init())
+		contextMiddleware := middleware.NewContextMiddleware(middlewareCfg, authService, broker)
+		require.NoError(t, contextMiddleware.Init())
+		authService.ClearRateLimitsTestingOnly()
+
 		gin.SetMode(gin.TestMode)
 		...
 		test.run(t, runArgs{do: do, queries: store})
 	})
 }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/middleware/context_middleware_test.go` around lines 273 - 313, Tests
currently share a single in-memory store (memory.New()) across all subtests
which allows session data to leak; to fix, create a fresh store per subtest and
re-initialize the services that depend on it: move the memory.New() call into
the t.Run loop and recreate the auth service and context middleware there (use
service.NewAuthService(...) and middleware.NewContextMiddleware(...), then call
Init() and require.NoError for each), while keeping reusable services like
ldap/broker outside if desired; ensure authService.ClearRateLimitsTestingOnly()
still operates on the per-test instance.

🧹 Nitpick comments (1)

internal/service/auth_service.go (1)

423-425: ⚡ Quick win

Preserve the not-found sentinel when remapping the error.

Returning errors.New("session not found") drops type information and prevents upstream errors.Is(..., repository.ErrNotFound) checks.

Proposed adjustment

 	if err != nil {
 		if errors.Is(err, repository.ErrNotFound) {
-			return nil, errors.New("session not found")
+			return nil, fmt.Errorf("session not found: %w", repository.ErrNotFound)
 		}
 		return nil, err
 	}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/service/auth_service.go` around lines 423 - 425, The current
remapping returns a new error via errors.New("session not found") which drops
the sentinel; instead wrap the original not-found error so upstream
errors.Is(..., repository.ErrNotFound) still matches. Replace the return in the
errors.Is(err, repository.ErrNotFound) branch to return a wrapped error that
includes context and the original error (use fmt.Errorf with %w or
errors.Wrap-style wrapping) so repository.ErrNotFound is preserved when checking
later.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@internal/middleware/context_middleware_test.go`:
- Around line 273-313: Tests currently share a single in-memory store
(memory.New()) across all subtests which allows session data to leak; to fix,
create a fresh store per subtest and re-initialize the services that depend on
it: move the memory.New() call into the t.Run loop and recreate the auth service
and context middleware there (use service.NewAuthService(...) and
middleware.NewContextMiddleware(...), then call Init() and require.NoError for
each), while keeping reusable services like ldap/broker outside if desired;
ensure authService.ClearRateLimitsTestingOnly() still operates on the per-test
instance.

---

Nitpick comments:
In `@internal/service/auth_service.go`:
- Around line 423-425: The current remapping returns a new error via
errors.New("session not found") which drops the sentinel; instead wrap the
original not-found error so upstream errors.Is(..., repository.ErrNotFound)
still matches. Replace the return in the errors.Is(err, repository.ErrNotFound)
branch to return a wrapped error that includes context and the original error
(use fmt.Errorf with %w or errors.Wrap-style wrapping) so repository.ErrNotFound
is preserved when checking later.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 8d40c9d4-416c-4970-aef0-32255fea7eaa

📥 Commits

Reviewing files that changed from the base of the PR and between 0244f39 and db911a4.

⛔ Files ignored due to path filters (2)

• cmd/gen/sqlc-wrapper/sqlc_wrapper.go is excluded by !**/gen/**
• cmd/gen/sqlc-wrapper/store.tmpl is excluded by !**/gen/**

📒 Files selected for processing (49)

• .github/workflows/ci.yml
• Makefile
• go.mod
• internal/assets/assets.go
• internal/assets/migrations/sqlite/000001_init_sqlite.down.sql
• internal/assets/migrations/sqlite/000001_init_sqlite.up.sql
• internal/assets/migrations/sqlite/000002_oauth_name.down.sql
• internal/assets/migrations/sqlite/000002_oauth_name.up.sql
• internal/assets/migrations/sqlite/000003_oauth_sub.down.sql
• internal/assets/migrations/sqlite/000003_oauth_sub.up.sql
• internal/assets/migrations/sqlite/000004_created_at.down.sql
• internal/assets/migrations/sqlite/000004_created_at.up.sql
• internal/assets/migrations/sqlite/000005_oidc_session.down.sql
• internal/assets/migrations/sqlite/000005_oidc_session.up.sql
• internal/assets/migrations/sqlite/000006_oidc_nonce.down.sql
• internal/assets/migrations/sqlite/000006_oidc_nonce.up.sql
• internal/assets/migrations/sqlite/000007_oidc_pkce.down.sql
• internal/assets/migrations/sqlite/000007_oidc_pkce.up.sql
• internal/assets/migrations/sqlite/000008_oidc_code_reuse.down.sql
• internal/assets/migrations/sqlite/000008_oidc_code_reuse.up.sql
• internal/assets/migrations/sqlite/000009_oidc_userinfo_profile.down.sql
• internal/assets/migrations/sqlite/000009_oidc_userinfo_profile.up.sql
• internal/bootstrap/app_bootstrap.go
• internal/bootstrap/db_bootstrap.go
• internal/bootstrap/service_bootstrap.go
• internal/controller/oidc_controller_test.go
• internal/controller/proxy_controller_test.go
• internal/controller/user_controller_test.go
• internal/controller/well_known_controller_test.go
• internal/middleware/context_middleware_test.go
• internal/model/config.go
• internal/repository/memory/oidc_queries.go
• internal/repository/memory/session_queries.go
• internal/repository/memory/store.go
• internal/repository/models.go
• internal/repository/sqlite/db.go
• internal/repository/sqlite/generate.go
• internal/repository/sqlite/models.go
• internal/repository/sqlite/oidc_queries.sql.go
• internal/repository/sqlite/session_queries.sql.go
• internal/repository/sqlite/store.go
• internal/repository/store.go
• internal/service/auth_service.go
• internal/service/oidc_service.go
• sql/sqlite/oidc_queries.sql
• sql/sqlite/oidc_schemas.sql
• sql/sqlite/session_queries.sql
• sql/sqlite/session_schemas.sql
• sqlc.yml

✅ Files skipped from review due to trivial changes (3)

• internal/repository/sqlite/generate.go
• sqlc.yml
• internal/repository/sqlite/models.go

🚧 Files skipped from review as they are similar to previous changes (20)

• internal/repository/sqlite/db.go
• internal/repository/sqlite/oidc_queries.sql.go
• internal/assets/assets.go
• internal/repository/sqlite/session_queries.sql.go
• internal/bootstrap/db_bootstrap.go
• go.mod
• .github/workflows/ci.yml
• internal/repository/memory/session_queries.go
• internal/repository/memory/store.go
• internal/bootstrap/service_bootstrap.go
• internal/controller/well_known_controller_test.go
• internal/repository/store.go
• internal/service/oidc_service.go
• internal/repository/sqlite/store.go
• internal/controller/proxy_controller_test.go
• internal/controller/user_controller_test.go
• internal/bootstrap/app_bootstrap.go
• internal/controller/oidc_controller_test.go
• internal/repository/memory/oidc_queries.go
• internal/repository/models.go

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

internal/bootstrap/app_bootstrap.go (1)

173-177: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Nil pointer dereference when using in-memory store.

The defer unconditionally calls app.db.Close() on line 176, but app.db will be nil when the in-memory driver is selected via SetupStore(). This will cause a runtime panic during cleanup.

🛡️ Proposed fix to guard the Close call

 defer func() {
 	app.cancel()
 	app.wg.Wait()
-	app.db.Close()
+	if app.db != nil {
+		app.db.Close()
+	}
 }()

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/bootstrap/app_bootstrap.go` around lines 173 - 177, The deferred
cleanup unconditionally calls app.db.Close(), which panics when SetupStore
selected the in-memory driver and app.db is nil; change the defer to guard the
Close call (check that app.db != nil before calling app.db.Close()) so the
cleanup sequence via app.cancel(), app.wg.Wait(), and conditional app.db.Close()
runs safely when the in-memory store is used.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@internal/bootstrap/app_bootstrap.go`:
- Around line 173-177: The deferred cleanup unconditionally calls
app.db.Close(), which panics when SetupStore selected the in-memory driver and
app.db is nil; change the defer to guard the Close call (check that app.db !=
nil before calling app.db.Close()) so the cleanup sequence via app.cancel(),
app.wg.Wait(), and conditional app.db.Close() runs safely when the in-memory
store is used.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: ff832682-3b4e-4481-8567-db4250b6c779

📥 Commits

Reviewing files that changed from the base of the PR and between db911a4 and 2c03874.

⛔ Files ignored due to path filters (2)

• gen/sqlc-wrapper/sqlc_wrapper.go is excluded by !**/gen/**
• gen/sqlc-wrapper/store.tmpl is excluded by !**/gen/**

📒 Files selected for processing (50)

• .github/workflows/ci.yml
• Makefile
• docker-compose.dev.yml
• go.mod
• internal/assets/assets.go
• internal/assets/migrations/sqlite/000001_init_sqlite.down.sql
• internal/assets/migrations/sqlite/000001_init_sqlite.up.sql
• internal/assets/migrations/sqlite/000002_oauth_name.down.sql
• internal/assets/migrations/sqlite/000002_oauth_name.up.sql
• internal/assets/migrations/sqlite/000003_oauth_sub.down.sql
• internal/assets/migrations/sqlite/000003_oauth_sub.up.sql
• internal/assets/migrations/sqlite/000004_created_at.down.sql
• internal/assets/migrations/sqlite/000004_created_at.up.sql
• internal/assets/migrations/sqlite/000005_oidc_session.down.sql
• internal/assets/migrations/sqlite/000005_oidc_session.up.sql
• internal/assets/migrations/sqlite/000006_oidc_nonce.down.sql
• internal/assets/migrations/sqlite/000006_oidc_nonce.up.sql
• internal/assets/migrations/sqlite/000007_oidc_pkce.down.sql
• internal/assets/migrations/sqlite/000007_oidc_pkce.up.sql
• internal/assets/migrations/sqlite/000008_oidc_code_reuse.down.sql
• internal/assets/migrations/sqlite/000008_oidc_code_reuse.up.sql
• internal/assets/migrations/sqlite/000009_oidc_userinfo_profile.down.sql
• internal/assets/migrations/sqlite/000009_oidc_userinfo_profile.up.sql
• internal/bootstrap/app_bootstrap.go
• internal/bootstrap/db_bootstrap.go
• internal/controller/oidc_controller_test.go
• internal/controller/proxy_controller_test.go
• internal/controller/user_controller_test.go
• internal/controller/well_known_controller_test.go
• internal/middleware/context_middleware_test.go
• internal/model/config.go
• internal/repository/memory/memory_test.go
• internal/repository/memory/oidc_queries.go
• internal/repository/memory/session_queries.go
• internal/repository/memory/store.go
• internal/repository/models.go
• internal/repository/sqlite/db.go
• internal/repository/sqlite/generate.go
• internal/repository/sqlite/models.go
• internal/repository/sqlite/oidc_queries.sql.go
• internal/repository/sqlite/session_queries.sql.go
• internal/repository/sqlite/store.go
• internal/repository/store.go
• internal/service/auth_service.go
• internal/service/oidc_service.go
• sql/sqlite/oidc_queries.sql
• sql/sqlite/oidc_schemas.sql
• sql/sqlite/session_queries.sql
• sql/sqlite/session_schemas.sql
• sqlc.yml

✅ Files skipped from review due to trivial changes (4)

• docker-compose.dev.yml
• internal/repository/sqlite/generate.go
• internal/repository/sqlite/models.go
• internal/repository/sqlite/store.go

🚧 Files skipped from review as they are similar to previous changes (19)

• .github/workflows/ci.yml
• internal/repository/sqlite/oidc_queries.sql.go
• go.mod
• internal/repository/memory/store.go
• internal/assets/assets.go
• internal/middleware/context_middleware_test.go
• Makefile
• sqlc.yml
• internal/bootstrap/db_bootstrap.go
• internal/controller/oidc_controller_test.go
• internal/repository/memory/session_queries.go
• internal/model/config.go
• internal/repository/sqlite/session_queries.sql.go
• internal/repository/models.go
• internal/controller/user_controller_test.go
• internal/repository/store.go
• internal/service/auth_service.go
• internal/service/oidc_service.go
• internal/repository/memory/oidc_queries.go

[steveiliop56]

Why would the db be nil here? This defer is defined after the db is initialized.

[scottmckendry]

it's nil if it's a memory driver - this may panic without the check. Something coderabbit picked up in one of it's earlier comments

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

internal/repository/memory/memory_test.go (1)

175-182: 🏗️ Heavy lift

Avoid asserting SQLite-specific unique-constraint message text in Store contract tests.

These assertions couple the memory Store behavior to SQLite error phrasing, which will make Postgres/Redis backends harder to support consistently. Prefer asserting a driver-agnostic sentinel/type (or a repository-level conflict error) instead of message text.

Also applies to: 243-250

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/repository/memory/memory_test.go` around lines 175 - 182, The test
TestCreateOidcCode_UniqueSubConstraint couples behavior to SQLite error text;
update it to assert a driver-agnostic conflict sentinel instead of message
matching: after calling memory.New() and s.CreateOidcCode(ctx,
repository.CreateOidcCodeParams{...}) assert that the returned error from the
second CreateOidcCode is errors.Is(err, repository.ErrConflict) (or compare
against the repository-level conflict error/type your store contract defines)
rather than matching the SQLite string; apply the same change to the other
similar test block referenced (the one around the second occurrence).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@internal/repository/memory/memory_test.go`:
- Around line 365-392: The test TestDeleteExpiredOidcTokens expects tokens to be
removed when either expiry field is stale, but the SQLite implementation of
DeleteExpiredOidcTokens currently requires both token_expires_at AND
refresh_token_expires_at to be stale; update the DELETE query (and any
corresponding SELECT/RETURNING logic) in the DeleteExpiredOidcTokens function of
the SQLite repository implementation to use OR between conditions
(token_expires_at <= ? OR refresh_token_expires_at <= ?) so it deletes and
returns tokens when either expiry is past the provided thresholds; ensure
parameter order matches repository.DeleteExpiredOidcTokensParams and that
returned deleted entries still map to the
repository.CreateOidcTokenParams/returned token shape.

---

Nitpick comments:
In `@internal/repository/memory/memory_test.go`:
- Around line 175-182: The test TestCreateOidcCode_UniqueSubConstraint couples
behavior to SQLite error text; update it to assert a driver-agnostic conflict
sentinel instead of message matching: after calling memory.New() and
s.CreateOidcCode(ctx, repository.CreateOidcCodeParams{...}) assert that the
returned error from the second CreateOidcCode is errors.Is(err,
repository.ErrConflict) (or compare against the repository-level conflict
error/type your store contract defines) rather than matching the SQLite string;
apply the same change to the other similar test block referenced (the one around
the second occurrence).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: fab5be32-95ca-42fc-8cc9-60baba0a775e

📥 Commits

Reviewing files that changed from the base of the PR and between d29bff1 and ac1ff0a.

⛔ Files ignored due to path filters (2)

• gen/sqlc-wrapper/sqlc_wrapper.go is excluded by !**/gen/**
• gen/sqlc-wrapper/store.tmpl is excluded by !**/gen/**

📒 Files selected for processing (50)

• .github/workflows/ci.yml
• Makefile
• docker-compose.dev.yml
• go.mod
• internal/assets/assets.go
• internal/assets/migrations/sqlite/000001_init_sqlite.down.sql
• internal/assets/migrations/sqlite/000001_init_sqlite.up.sql
• internal/assets/migrations/sqlite/000002_oauth_name.down.sql
• internal/assets/migrations/sqlite/000002_oauth_name.up.sql
• internal/assets/migrations/sqlite/000003_oauth_sub.down.sql
• internal/assets/migrations/sqlite/000003_oauth_sub.up.sql
• internal/assets/migrations/sqlite/000004_created_at.down.sql
• internal/assets/migrations/sqlite/000004_created_at.up.sql
• internal/assets/migrations/sqlite/000005_oidc_session.down.sql
• internal/assets/migrations/sqlite/000005_oidc_session.up.sql
• internal/assets/migrations/sqlite/000006_oidc_nonce.down.sql
• internal/assets/migrations/sqlite/000006_oidc_nonce.up.sql
• internal/assets/migrations/sqlite/000007_oidc_pkce.down.sql
• internal/assets/migrations/sqlite/000007_oidc_pkce.up.sql
• internal/assets/migrations/sqlite/000008_oidc_code_reuse.down.sql
• internal/assets/migrations/sqlite/000008_oidc_code_reuse.up.sql
• internal/assets/migrations/sqlite/000009_oidc_userinfo_profile.down.sql
• internal/assets/migrations/sqlite/000009_oidc_userinfo_profile.up.sql
• internal/bootstrap/app_bootstrap.go
• internal/bootstrap/db_bootstrap.go
• internal/controller/oidc_controller_test.go
• internal/controller/proxy_controller_test.go
• internal/controller/user_controller_test.go
• internal/controller/well_known_controller_test.go
• internal/middleware/context_middleware_test.go
• internal/model/config.go
• internal/repository/memory/memory_test.go
• internal/repository/memory/oidc_queries.go
• internal/repository/memory/session_queries.go
• internal/repository/memory/store.go
• internal/repository/models.go
• internal/repository/sqlite/db.go
• internal/repository/sqlite/generate.go
• internal/repository/sqlite/models.go
• internal/repository/sqlite/oidc_queries.sql.go
• internal/repository/sqlite/session_queries.sql.go
• internal/repository/sqlite/store.go
• internal/repository/store.go
• internal/service/auth_service.go
• internal/service/oidc_service.go
• sql/sqlite/oidc_queries.sql
• sql/sqlite/oidc_schemas.sql
• sql/sqlite/session_queries.sql
• sql/sqlite/session_schemas.sql
• sqlc.yml

✅ Files skipped from review due to trivial changes (3)

• internal/repository/sqlite/db.go
• internal/repository/sqlite/generate.go
• internal/repository/sqlite/models.go

🚧 Files skipped from review as they are similar to previous changes (21)

• internal/repository/memory/store.go
• internal/repository/sqlite/session_queries.sql.go
• internal/assets/assets.go
• docker-compose.dev.yml
• go.mod
• internal/model/config.go
• sqlc.yml
• .github/workflows/ci.yml
• internal/service/auth_service.go
• internal/repository/memory/session_queries.go
• Makefile
• internal/bootstrap/app_bootstrap.go
• internal/repository/store.go
• internal/controller/oidc_controller_test.go
• internal/controller/user_controller_test.go
• internal/bootstrap/db_bootstrap.go
• internal/repository/models.go
• internal/service/oidc_service.go
• internal/middleware/context_middleware_test.go
• internal/repository/sqlite/store.go
• internal/repository/memory/oidc_queries.go