Update token caching, token service dependencies (#2396)

* no ui caching for tokens

* token handler

* remove query store dependencies

* remove machine comment

Author: breardon2011

taco/cmd/token_service/main.go

@@ -11,12 +11,16 @@ import (
 	"time"
 
 	"github.com/diggerhq/digger/opentaco/internal/query"
-	"github.com/diggerhq/digger/opentaco/internal/queryfactory"
-	"github.com/diggerhq/digger/opentaco/internal/repositories"
+	"github.com/diggerhq/digger/opentaco/internal/query/types"
 	"github.com/diggerhq/digger/opentaco/internal/token_service"
 	"github.com/kelseyhightower/envconfig"
 	"github.com/labstack/echo/v4"
 	echomiddleware "github.com/labstack/echo/v4/middleware"
+	"gorm.io/driver/mysql"
+	"gorm.io/driver/postgres"
+	"gorm.io/driver/sqlite"
+	"gorm.io/gorm"
+	"gorm.io/gorm/logger"
 )
 
 // change this random number to bump version of token service: 1
@@ -33,22 +37,37 @@ func main() {
 		log.Fatalf("Failed to process configuration: %v", err)
 	}
 
-	// --- Initialize Stores ---
-
-	// Create the database query store using the dedicated factory.
-	queryStore, err := queryfactory.NewQueryStore(queryCfg)
+	log.Printf("Connecting to database backend: %s", queryCfg.Backend)
+
+	// Connect directly to database without using QueryStore
+	var db *gorm.DB
+	switch queryCfg.Backend {
+	case "postgres":
+		db, err = connectPostgres(queryCfg.Postgres)
+	case "mysql":
+		db, err = connectMySQL(queryCfg.MySQL)
+	case "sqlite", "":
+		db, err = connectSQLite(queryCfg.SQLite)
+	default:
+		log.Fatalf("Unsupported database backend: %s", queryCfg.Backend)
+	}
+	
 	if err != nil {
-		log.Fatalf("Failed to initialize query backend: %v", err)
+		log.Fatalf("Failed to connect to database: %v", err)
 	}
-	defer queryStore.Close()
-
-	log.Printf("Query backend initialized: %s", queryCfg.Backend)
+	
+	// Ensure proper cleanup
+	sqlDB, err := db.DB()
+	if err != nil {
+		log.Fatalf("Failed to get underlying sql.DB: %v", err)
+	}
+	defer sqlDB.Close()
 
-	// Get the underlying *gorm.DB from the query store
-	db := repositories.GetDBFromQueryStore(queryStore)
-	if db == nil {
-		log.Fatalf("Query store does not provide GetDB method")
+	// Auto-migrate Token table only (token service doesn't need users, orgs, units, etc.)
+	if err := db.AutoMigrate(&types.Token{}); err != nil {
+		log.Fatalf("Failed to migrate Token table: %v", err)
 	}
+	log.Println("Token table migrated successfully")
 
 	// Create token repository
 	tokenRepo := token_service.NewTokenRepository(db)
@@ -95,3 +114,72 @@ func main() {
 	log.Println("Server shutdown complete")
 }
 
+// Database connection helpers (direct connections without QueryStore overhead)
+
+func connectPostgres(cfg query.PostgresConfig) (*gorm.DB, error) {
+	dsn := fmt.Sprintf("host=%s user=%s password=%s dbname=%s port=%d sslmode=%s",
+		cfg.Host, cfg.User, cfg.Password, cfg.DBName, cfg.Port, cfg.SSLMode)
+	
+	db, err := gorm.Open(postgres.Open(dsn), &gorm.Config{
+		Logger: logger.Default.LogMode(logger.Silent),
+		PrepareStmt: true,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to connect to postgres: %w", err)
+	}
+	
+	// Configure connection pool
+	sqlDB, _ := db.DB()
+	sqlDB.SetMaxOpenConns(cfg.MaxOpenConns)
+	sqlDB.SetMaxIdleConns(cfg.MaxIdleConns)
+	sqlDB.SetConnMaxLifetime(cfg.ConnMaxLifetime)
+	sqlDB.SetConnMaxIdleTime(cfg.ConnMaxIdleTime)
+	
+	return db, nil
+}
+
+func connectMySQL(cfg query.MySQLConfig) (*gorm.DB, error) {
+	dsn := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8mb4&parseTime=True&loc=Local",
+		cfg.User, cfg.Password, cfg.Host, cfg.Port, cfg.DBName)
+	
+	db, err := gorm.Open(mysql.Open(dsn), &gorm.Config{
+		Logger: logger.Default.LogMode(logger.Silent),
+		PrepareStmt: true,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to connect to mysql: %w", err)
+	}
+	
+	// Configure connection pool
+	sqlDB, _ := db.DB()
+	sqlDB.SetMaxOpenConns(cfg.MaxOpenConns)
+	sqlDB.SetMaxIdleConns(cfg.MaxIdleConns)
+	sqlDB.SetConnMaxLifetime(cfg.ConnMaxLifetime)
+	sqlDB.SetConnMaxIdleTime(cfg.ConnMaxIdleTime)
+	
+	return db, nil
+}
+
+func connectSQLite(cfg query.SQLiteConfig) (*gorm.DB, error) {
+	dsn := fmt.Sprintf("%s?cache=%s&_busy_timeout=%d&_journal_mode=%s&_foreign_keys=%s",
+		cfg.Path, cfg.Cache, int(cfg.BusyTimeout.Milliseconds()), 
+		cfg.PragmaJournalMode, cfg.PragmaForeignKeys)
+	
+	db, err := gorm.Open(sqlite.Open(dsn), &gorm.Config{
+		Logger: logger.Default.LogMode(logger.Silent),
+		PrepareStmt: true,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to connect to sqlite: %w", err)
+	}
+	
+	// Configure connection pool for SQLite
+	sqlDB, _ := db.DB()
+	sqlDB.SetMaxOpenConns(cfg.MaxOpenConns)
+	sqlDB.SetMaxIdleConns(cfg.MaxIdleConns)
+	sqlDB.SetConnMaxLifetime(cfg.ConnMaxLifetime)
+	sqlDB.SetConnMaxIdleTime(cfg.ConnMaxIdleTime)
+	
+	return db, nil
+}
+

taco/internal/token_service/handler.go

@@ -76,6 +76,11 @@ func (h *Handler) CreateToken(c echo.Context) error {
 		return c.JSON(http.StatusInternalServerError, map[string]string{"error": "Failed to create token"})
 	}
 
+	// Prevent caching of token creation responses
+	c.Response().Header().Set("Cache-Control", "no-store, no-cache, must-revalidate, private")
+	c.Response().Header().Set("Pragma", "no-cache")
+	c.Response().Header().Set("Expires", "0")
+
 	return c.JSON(http.StatusCreated, toTokenResponse(token))
 }
 
@@ -95,6 +100,11 @@ func (h *Handler) ListTokens(c echo.Context) error {
 		responses[i] = toTokenResponseHidden(token) // Hide token hash
 	}
 
+	// Prevent caching of token list responses
+	c.Response().Header().Set("Cache-Control", "no-store, no-cache, must-revalidate, private")
+	c.Response().Header().Set("Pragma", "no-cache")
+	c.Response().Header().Set("Expires", "0")
+
 	return c.JSON(http.StatusOK, responses)
 }
 
@@ -110,6 +120,11 @@ func (h *Handler) DeleteToken(c echo.Context) error {
 		return c.JSON(http.StatusInternalServerError, map[string]string{"error": err.Error()})
 	}
 
+	// Prevent caching of delete responses
+	c.Response().Header().Set("Cache-Control", "no-store, no-cache, must-revalidate, private")
+	c.Response().Header().Set("Pragma", "no-cache")
+	c.Response().Header().Set("Expires", "0")
+
 	return c.JSON(http.StatusOK, map[string]string{"message": "Token deleted successfully"})
 }
 

ui/server-start.js

@@ -147,9 +147,22 @@ const server = createServer(async (req, res) => {
     });
 
     // Enable HTML caching with must-revalidate for versioned builds
+    // BUT: Disable caching for sensitive pages (settings, tokens)
     const contentType = response.headers.get('content-type') || '';
     if (contentType.includes('text/html')) {
-      res.setHeader('Cache-Control', 'public, max-age=60, must-revalidate');
+      const url = new URL(req.url, `http://${req.headers.host}`);
+      const isSensitivePage = url.pathname.includes('/settings') || 
+                              url.pathname.includes('/tokens');
+      
+      if (isSensitivePage) {
+        // No caching for sensitive pages
+        res.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate, private');
+        res.setHeader('Pragma', 'no-cache');
+        res.setHeader('Expires', '0');
+      } else {
+        // Cache non-sensitive pages
+        res.setHeader('Cache-Control', 'public, max-age=60, must-revalidate');
+      }
     }
 
     // Check if client accepts gzip and response is compressible

ui/src/api/tokens.ts

@@ -6,7 +6,11 @@ export const getTokens = async (organizationId: string, userId: string) => {
         method: 'GET',
         headers: {
             'Content-Type': 'application/json',
+            'Cache-Control': 'no-cache',
+            'Pragma': 'no-cache',
         },
+        // Disable browser caching for token requests
+        cache: 'no-store',
     })
     if (!response.ok) {
         throw new Error(`Failed to get tokens: ${response.statusText}`);

ui/src/routes/_authenticated/_dashboard/dashboard/settings.tokens.tsx

@@ -18,7 +18,10 @@ export const Route = createFileRoute(
     const { user, organisationId } = context;
     const tokens = await getTokensFn({data: {organizationId: organisationId, userId: user?.id || ''}})
     return { tokens, user, organisationId }
-  }
+  },
+  // Disable caching for token data - always fetch fresh
+  staleTime: 0,
+  gcTime: 0,
 })
 
 function RouteComponent() {