implement reset nkode

core/aws_ses.go

@@ -0,0 +1,61 @@
+package core
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/service/ses"
+	"github.com/aws/aws-sdk-go-v2/service/ses/types"
+)
+
+func ResetUserEmail(userEmail Email, customerId CustomerId) error {
+	// Load AWS configuration
+	cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion("us-east-1"))
+	if err != nil {
+		return errors.New(fmt.Sprintf("unable to load SDK config, %v", err))
+	}
+
+	nkodeResetJwt, err := ResetNKodeToken(userEmail, customerId)
+	if err != nil {
+		return errors.New(fmt.Sprintf("unable to load SDK config, %v", err))
+	}
+	// Create an SES client
+	sesClient := ses.NewFromConfig(cfg)
+
+	// Define sender and recipient
+	sender := "mail@nkode.tech"
+
+	// Define email subject and body
+	subject := "nKode Reset"
+	htmlBody := fmt.Sprintf("<h1>Hello!</h1><p>Click the link to reset your nKode.</p><a href=\"http://%s?token=%s\">Reset nKode</a>", FrontendHost, nkodeResetJwt)
+
+	// Construct the email message
+	input := &ses.SendEmailInput{
+		Destination: &types.Destination{
+			ToAddresses: []string{string(userEmail)},
+		},
+		Message: &types.Message{
+			Body: &types.Body{
+				Html: &types.Content{
+					Data: aws.String(htmlBody),
+				},
+			},
+			Subject: &types.Content{
+				Data: aws.String(subject),
+			},
+		},
+		Source: aws.String(sender),
+	}
+
+	// Send the email
+	resp, err := sesClient.SendEmail(context.TODO(), input)
+	if err != nil {
+		return errors.New(fmt.Sprintf("failed to send email, %v", err))
+	}
+
+	// Output the message ID of the sent email
+	fmt.Printf("Email sent successfully, Message ID: %s\n", *resp.MessageId)
+	return nil
+}

core/config.go

@@ -0,0 +1,6 @@
+package core
+
+const (
+	BackendHost  = "localhost:8080"
+	FrontendHost = "localhost:8090"
+)

core/in_memory_db.go

@@ -66,6 +66,10 @@ func (db *InMemoryDb) WriteNewUser(user User) error {
 	return nil
 }
 
+func (db *InMemoryDb) UpdateUserNKode(user User) error {
+	return errors.ErrUnsupported
+}
+
 func (db *InMemoryDb) UpdateUserInterface(userId UserId, ui UserInterface) error {
 	user, exists := db.Users[userId]
 	if !exists {

core/jwt_claims.go

@@ -7,49 +7,57 @@ import (
 	"time"
 )
 
-type JwtTokens struct {
+type AuthenticationTokens struct {
 	AccessToken  string `json:"access_token"`
 	RefreshToken string `json:"refresh_token"`
 }
 
+type ResetNKodeClaims struct {
+	Reset bool `json:"reset"`
+	jwt.RegisteredClaims
+}
+
 const (
 	accessTokenExp     = 5 * time.Minute
 	refreshTokenExp    = 30 * 24 * time.Hour
+	resetNKodeTokenExp = 5 * time.Minute
 )
 
 var secret = []byte("your-secret-key")
 
-func NewJwtTokens(username string) (JwtTokens, error) {
+func NewAuthenticationTokens(username string, customerId CustomerId) (AuthenticationTokens, error) {
-	accessClaims := NewAccessClaim(username)
+	accessClaims := NewAccessClaim(username, customerId)
 
 	refreshClaims := jwt.RegisteredClaims{
 		Subject:   username,
+		Issuer:    CustomerIdToString(customerId),
 		ExpiresAt: jwt.NewNumericDate(time.Now().Add(refreshTokenExp)),
 	}
 
 	accessJwt, err := EncodeAndSignClaims(accessClaims)
 	if err != nil {
-		return JwtTokens{}, err
+		return AuthenticationTokens{}, err
 	}
 	refreshJwt, err := EncodeAndSignClaims(refreshClaims)
 
 	if err != nil {
-		return JwtTokens{}, err
+		return AuthenticationTokens{}, err
 	}
-	return JwtTokens{
+	return AuthenticationTokens{
 		AccessToken:  accessJwt,
 		RefreshToken: refreshJwt,
 	}, nil
 }
 
-func NewAccessClaim(username string) jwt.RegisteredClaims {
+func NewAccessClaim(username string, customerId CustomerId) jwt.RegisteredClaims {
 	return jwt.RegisteredClaims{
 		Subject:   username,
+		Issuer:    CustomerIdToString(customerId),
 		ExpiresAt: jwt.NewNumericDate(time.Now().Add(accessTokenExp)),
 	}
 }
 
-func EncodeAndSignClaims(claims jwt.RegisteredClaims) (string, error) {
+func EncodeAndSignClaims(claims jwt.Claims) (string, error) {
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 	return token.SignedString(secret)
 }
@@ -91,3 +99,29 @@ func ClaimExpired(claims jwt.RegisteredClaims) error {
 	}
 	return errors.New("claim expired")
 }
+
+func ResetNKodeToken(userEmail Email, customerId CustomerId) (string, error) {
+	resetClaims := ResetNKodeClaims{
+		true,
+		jwt.RegisteredClaims{
+			Subject:   string(userEmail),
+			Issuer:    CustomerIdToString(customerId),
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(resetNKodeTokenExp)),
+		},
+	}
+	return EncodeAndSignClaims(resetClaims)
+}
+
+func ParseRestNKodeToken(resetNKodeToken string) (*ResetNKodeClaims, error) {
+	token, err := jwt.ParseWithClaims(resetNKodeToken, &ResetNKodeClaims{}, func(token *jwt.Token) (interface{}, error) {
+		return secret, nil
+	})
+	if err != nil {
+		return nil, fmt.Errorf("error parsing refresh token: %w", err)
+	}
+	claims, ok := token.Claims.(*ResetNKodeClaims)
+	if !ok {
+		return nil, errors.New("unable to parse claims")
+	}
+	return claims, nil
+}

core/jwt_claims_test.go

@@ -0,0 +1,28 @@
+package core
+
+import (
+	"github.com/google/uuid"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestJwtClaims(t *testing.T) {
+	email := "testing@example.com"
+	customerId := CustomerId(uuid.New())
+	authTokens, err := NewAuthenticationTokens(email, customerId)
+	assert.NoError(t, err)
+	accessToken, err := ParseAccessToken(authTokens.AccessToken)
+	assert.NoError(t, err)
+	assert.Equal(t, accessToken.Subject, email)
+	assert.NoError(t, ClaimExpired(*accessToken))
+	refreshToken, err := ParseRefreshToken(authTokens.RefreshToken)
+	assert.NoError(t, err)
+	assert.Equal(t, refreshToken.Subject, email)
+	assert.NoError(t, ClaimExpired(*refreshToken))
+	resetNKode, err := ResetNKodeToken(Email(email), customerId)
+	assert.NoError(t, err)
+	resetToken, err := ParseRestNKodeToken(resetNKode)
+	assert.NoError(t, err)
+	assert.True(t, resetToken.Reset)
+	assert.Equal(t, resetToken.Subject, email)
+}

core/nkode_api.go

@@ -34,12 +34,12 @@ func (n *NKodeAPI) CreateNewCustomer(nkodePolicy NKodePolicy, id *CustomerId) (*
 	return &newCustomer.Id, nil
 }
 
-func (n *NKodeAPI) GenerateSignupInterface(userEmail Email, customerId CustomerId, kp KeypadDimension) (*GenerateSignupInterfaceResp, error) {
+func (n *NKodeAPI) GenerateSignupResetInterface(userEmail Email, customerId CustomerId, kp KeypadDimension, reset bool) (*GenerateSignupResetInterfaceResp, error) {
 	svgIdxInterface, err := n.Db.RandomSvgIdxInterface(kp)
 	if err != nil {
 		return nil, err
 	}
-	signupSession, err := NewSignupSession(userEmail, kp, customerId, svgIdxInterface)
+	signupSession, err := NewSignupResetSession(userEmail, kp, customerId, svgIdxInterface, reset)
 	if err != nil {
 		return nil, err
 	}
@@ -48,7 +48,7 @@ func (n *NKodeAPI) GenerateSignupInterface(userEmail Email, customerId CustomerI
 	if err != nil {
 		return nil, err
 	}
-	resp := GenerateSignupInterfaceResp{
+	resp := GenerateSignupResetInterfaceResp{
 		UserIdxInterface: signupSession.SetIdxInterface,
 		SvgInterface:     svgInterface,
 		SessionId:        uuid.UUID(signupSession.Id).String(),
@@ -95,7 +95,11 @@ func (n *NKodeAPI) ConfirmNKode(customerId CustomerId, sessionId SessionId, keyS
 	if err != nil {
 		return err
 	}
+	if session.Reset {
+		err = n.Db.UpdateUserNKode(*user)
+	} else {
 		err = n.Db.WriteNewUser(*user)
+	}
 	delete(n.SignupSessions, session.Id)
 	return err
 }
@@ -105,6 +109,9 @@ func (n *NKodeAPI) GetLoginInterface(userEmail Email, customerId CustomerId) (*G
 	if err != nil {
 		return nil, err
 	}
+	if user == nil {
+		return nil, errors.New(fmt.Sprintf("user %s for customer %s dne", userEmail, customerId))
+	}
 	err = user.Interface.PartialInterfaceShuffle()
 	if err != nil {
 		return nil, err
@@ -126,14 +133,17 @@ func (n *NKodeAPI) GetLoginInterface(userEmail Email, customerId CustomerId) (*G
 	return &resp, nil
 }
 
-func (n *NKodeAPI) Login(customerId CustomerId, userEmail Email, keySelection KeySelection) (*JwtTokens, error) {
+func (n *NKodeAPI) Login(customerId CustomerId, userEmail Email, keySelection KeySelection) (*AuthenticationTokens, error) {
 	customer, err := n.Db.GetCustomer(customerId)
 	if err != nil {
 		return nil, err
 	}
 	user, err := n.Db.GetUser(userEmail, customerId)
 	if err != nil {
-		return nil, errors.New(fmt.Sprintf("user dne %s", userEmail))
+		return nil, err
+	}
+	if user == nil {
+		return nil, errors.New(fmt.Sprintf("user %s for customer %s dne", userEmail, customerId))
 	}
 	passcode, err := ValidKeyEntry(*user, *customer, keySelection)
 	if err != nil {
@@ -146,7 +156,7 @@ func (n *NKodeAPI) Login(customerId CustomerId, userEmail Email, keySelection Ke
 			return nil, err
 		}
 	}
-	jwtToken, err := NewJwtTokens(string(user.Email))
+	jwtToken, err := NewAuthenticationTokens(string(user.Email), customerId)
 	if err != nil {
 		return nil, err
 	}
@@ -174,6 +184,9 @@ func (n *NKodeAPI) RefreshToken(userEmail Email, customerId CustomerId, refreshT
 	if err != nil {
 		return "", err
 	}
+	if user == nil {
+		return "", errors.New(fmt.Sprintf("user %s for customer %s dne", userEmail, customerId))
+	}
 	if user.RefreshToken != refreshToken {
 		return "", errors.New("refresh token is invalid")
 	}
@@ -184,6 +197,17 @@ func (n *NKodeAPI) RefreshToken(userEmail Email, customerId CustomerId, refreshT
 	if err = ClaimExpired(*refreshClaims); err != nil {
 		return "", err
 	}
-	newAccessClaims := NewAccessClaim(string(userEmail))
+	newAccessClaims := NewAccessClaim(string(userEmail), customerId)
 	return EncodeAndSignClaims(newAccessClaims)
 }
+
+func (n *NKodeAPI) ResetNKode(userEmail Email, customerId CustomerId) error {
+	user, err := n.Db.GetUser(userEmail, customerId)
+	if err != nil {
+		return fmt.Errorf("error getting user in rest nkode %v", err)
+	}
+	if user == nil {
+		return nil
+	}
+	return ResetUserEmail(userEmail, customerId)
+}

core/nkode_api_test.go

@@ -7,21 +7,21 @@ import (
 )
 
 func TestNKodeAPI(t *testing.T) {
-	db1 := NewInMemoryDb()
+	//db1 := NewInMemoryDb()
-	testNKodeAPI(t, &db1)
+	//testNKodeAPI(t, &db1)
 
-	//dbFile := "../../test.db"
+	dbFile := "../test.db"
 
-	//db2 := NewSqliteDB(dbFile)
+	db2 := NewSqliteDB(dbFile)
-	//defer db2.CloseDb()
+	defer db2.CloseDb()
-	//testNKodeAPI(t, db2)
+	testNKodeAPI(t, db2)
 
-	//	if _, err := os.Stat(dbFile); err == nil {
+	//if _, err := os.Stat(dbFile); err == nil {
 	//	err = os.Remove(dbFile)
 	//	assert.NoError(t, err)
-	//	} else {
+	//} else {
 	//	assert.NoError(t, err)
-	//	}
+	//}
 }
 
 func testNKodeAPI(t *testing.T, db DbAccessor) {
@@ -35,7 +35,7 @@ func testNKodeAPI(t *testing.T, db DbAccessor) {
 		nkodeApi := NewNKodeAPI(db)
 		customerId, err := nkodeApi.CreateNewCustomer(nkodePolicy, nil)
 		assert.NoError(t, err)
-		signupResponse, err := nkodeApi.GenerateSignupInterface(userEmail, *customerId, keypadSize)
+		signupResponse, err := nkodeApi.GenerateSignupResetInterface(userEmail, *customerId, keypadSize, false)
 		assert.NoError(t, err)
 		setInterface := signupResponse.UserIdxInterface
 		sessionIdStr := signupResponse.SessionId
@@ -69,5 +69,31 @@ func testNKodeAPI(t *testing.T, db DbAccessor) {
 		_, err = nkodeApi.Login(*customerId, userEmail, loginKeySelection)
 		assert.NoError(t, err)
 
+		/// Reset nKode
+		attrsPerKey = 6
+		keypadSize = KeypadDimension{AttrsPerKey: attrsPerKey, NumbOfKeys: numbOfKeys}
+		resetResponse, err := nkodeApi.GenerateSignupResetInterface(userEmail, *customerId, keypadSize, true)
+		assert.NoError(t, err)
+		setInterface = resetResponse.UserIdxInterface
+		sessionIdStr = resetResponse.SessionId
+		sessionId, err = SessionIdFromString(sessionIdStr)
+		assert.NoError(t, err)
+		keypadSize = KeypadDimension{AttrsPerKey: numbOfKeys, NumbOfKeys: numbOfKeys}
+		userPasscode = setInterface[:passcodeLen+1]
+		setKeySelect, err = SelectKeyByAttrIdx(setInterface, userPasscode, keypadSize)
+		assert.NoError(t, err)
+		confirmInterface, err = nkodeApi.SetNKode(*customerId, sessionId, setKeySelect)
+		assert.NoError(t, err)
+		confirmKeySelect, err = SelectKeyByAttrIdx(confirmInterface, userPasscode, keypadSize)
+		err = nkodeApi.ConfirmNKode(*customerId, sessionId, confirmKeySelect)
+		assert.NoError(t, err)
+
+		keypadSize = KeypadDimension{AttrsPerKey: attrsPerKey, NumbOfKeys: numbOfKeys}
+		loginInterface2, err := nkodeApi.GetLoginInterface(userEmail, *customerId)
+		assert.NoError(t, err)
+		loginKeySelection, err = SelectKeyByAttrIdx(loginInterface2.UserIdxInterface, userPasscode, keypadSize)
+		assert.NoError(t, err)
+		_, err = nkodeApi.Login(*customerId, userEmail, loginKeySelection)
+		assert.NoError(t, err)
 	}
 }

core/nkode_handler.go

@@ -6,6 +6,7 @@ import (
 	"github.com/google/uuid"
 	"log"
 	"net/http"
+	"strings"
 )
 
 type NKodeHandler struct {
@@ -14,7 +15,7 @@ type NKodeHandler struct {
 
 const (
 	CreateNewCustomer            = "/create-new-customer"
-	GenerateSignupInterface = "/generate-signup-interface"
+	GenerateSignupResetInterface = "/generate-signup-reset-interface"
 	SetNKode                     = "/set-nkode"
 	ConfirmNKode                 = "/confirm-nkode"
 	GetLoginInterface            = "/get-login-interface"
@@ -22,14 +23,15 @@ const (
 	RenewAttributes              = "/renew-attributes"
 	RandomSvgInterface           = "/random-svg-interface"
 	RefreshToken                 = "/refresh-token"
+	ResetNKode                   = "/reset-nkode"
 )
 
 func (h *NKodeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	switch r.URL.Path {
 	case CreateNewCustomer:
 		h.CreateNewCustomerHandler(w, r)
-	case GenerateSignupInterface:
+	case GenerateSignupResetInterface:
-		h.GenerateSignupInterfaceHandler(w, r)
+		h.GenerateSignupResetInterfaceHandler(w, r)
 	case SetNKode:
 		h.SetNKodeHandler(w, r)
 	case ConfirmNKode:
@@ -44,6 +46,8 @@ func (h *NKodeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		h.RandomSvgInterfaceHandler(w, r)
 	case RefreshToken:
 		h.RefreshTokenHandler(w, r)
+	case ResetNKode:
+		h.ResetNKode(w, r)
 	default:
 		w.WriteHeader(http.StatusNotFound)
 		_, err := w.Write([]byte("404 not found"))
@@ -88,23 +92,22 @@ func (h *NKodeHandler) CreateNewCustomerHandler(w http.ResponseWriter, r *http.R
 	w.WriteHeader(http.StatusOK)
 }
 
-func (h *NKodeHandler) GenerateSignupInterfaceHandler(w http.ResponseWriter, r *http.Request) {
+func (h *NKodeHandler) GenerateSignupResetInterfaceHandler(w http.ResponseWriter, r *http.Request) {
 	if r.Method != http.MethodPost {
 		methodNotAllowed(w)
 		return
 	}
-	log.Print("signup interface")
 
-	var signupPost GenerateSignupInterfacePost
+	var signupResetPost GenerateSignupRestInterfacePost
-	err := decodeJson(w, r, &signupPost)
+	err := decodeJson(w, r, &signupResetPost)
 	if err != nil {
 		internalServerErrorHandler(w)
 		log.Println(err)
 		return
 	}
 	kp := KeypadDimension{
-		AttrsPerKey: signupPost.AttrsPerKey,
+		AttrsPerKey: signupResetPost.AttrsPerKey,
-		NumbOfKeys:  signupPost.NumbOfKeys,
+		NumbOfKeys:  signupResetPost.NumbOfKeys,
 	}
 	err = kp.IsValidKeypadDimension()
 	if err != nil {
@@ -112,14 +115,19 @@ func (h *NKodeHandler) GenerateSignupInterfaceHandler(w http.ResponseWriter, r *
 		log.Println(err)
 		return
 	}
-	customerId, err := uuid.Parse(signupPost.CustomerId)
+	customerId, err := uuid.Parse(signupResetPost.CustomerId)
 	if err != nil {
 		internalServerErrorHandler(w)
 		log.Println(err)
 		return
 	}
-	userEmail, err := ParseEmail(signupPost.UserEmail)
+	userEmail, err := ParseEmail(signupResetPost.UserEmail)
-	resp, err := h.Api.GenerateSignupInterface(userEmail, CustomerId(customerId), kp)
+	if err != nil {
+		internalServerErrorHandler(w)
+		log.Println(err)
+		return
+	}
+	resp, err := h.Api.GenerateSignupResetInterface(userEmail, CustomerId(customerId), kp, signupResetPost.Reset)
 	if err != nil {
 		internalServerErrorHandler(w)
 		log.Println(err)
@@ -370,30 +378,29 @@ func (h *NKodeHandler) RandomSvgInterfaceHandler(w http.ResponseWriter, r *http.
 }
 
 func (h *NKodeHandler) RefreshTokenHandler(w http.ResponseWriter, r *http.Request) {
-	if r.Method != http.MethodPost {
+	if r.Method != http.MethodGet {
 		methodNotAllowed(w)
 	}
-	var refreshTokenPost RefreshTokenPost
+	refreshToken, err := getBearerToken(r)
-	err := decodeJson(w, r, &refreshTokenPost)
-
 	if err != nil {
 		internalServerErrorHandler(w)
 		log.Println(err)
 		return
 	}
-	customerId, err := uuid.Parse(refreshTokenPost.CustomerId)
+	refreshClaims, err := ParseRefreshToken(refreshToken)
+	customerId, err := uuid.Parse(refreshClaims.Issuer)
 	if err != nil {
 		internalServerErrorHandler(w)
 		log.Println(err)
 		return
 	}
-	userEmail, err := ParseEmail(refreshTokenPost.UserEmail)
+	userEmail, err := ParseEmail(refreshClaims.Subject)
 	if err != nil {
 		internalServerErrorHandler(w)
 		log.Println(err)
 		return
 	}
-	accessToken, err := h.Api.RefreshToken(userEmail, CustomerId(customerId), refreshTokenPost.RefreshToken)
+	accessToken, err := h.Api.RefreshToken(userEmail, CustomerId(customerId), refreshToken)
 
 	if err != nil {
 		internalServerErrorHandler(w)
@@ -417,6 +424,38 @@ func (h *NKodeHandler) RefreshTokenHandler(w http.ResponseWriter, r *http.Reques
 	w.WriteHeader(http.StatusOK)
 }
 
+func (h *NKodeHandler) ResetNKode(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		methodNotAllowed(w)
+	}
+	var resetNKodePost ResetNKodePost
+	err := decodeJson(w, r, &resetNKodePost)
+	if err != nil {
+		internalServerErrorHandler(w)
+		log.Println("error decoding reset nkode post: ", err)
+		return
+	}
+	customerId, err := uuid.Parse(resetNKodePost.CustomerId)
+	if err != nil {
+		internalServerErrorHandler(w)
+		log.Println(err)
+		return
+	}
+	userEmail, err := ParseEmail(resetNKodePost.UserEmail)
+	if err != nil {
+		internalServerErrorHandler(w)
+		log.Println(err)
+		return
+	}
+	err = h.Api.ResetNKode(userEmail, CustomerId(customerId))
+	if err != nil {
+		internalServerErrorHandler(w)
+		log.Println(err)
+		return
+	}
+	w.WriteHeader(http.StatusOK)
+}
+
 func decodeJson(w http.ResponseWriter, r *http.Request, post any) error {
 	if r.Body == nil {
 		invalidJson(w)
@@ -449,3 +488,13 @@ func invalidJson(w http.ResponseWriter) {
 	w.WriteHeader(http.StatusBadRequest)
 	w.Write([]byte("invalid json"))
 }
+
+func getBearerToken(r *http.Request) (string, error) {
+	authHeader := r.Header.Get("Authorization")
+	// Check if the Authorization header is present and starts with "Bearer "
+	if authHeader == "" || !strings.HasPrefix(authHeader, "Bearer ") {
+		return "", errors.New("authorization header missing or invalid")
+	}
+	token := strings.TrimPrefix(authHeader, "Bearer ")
+	return token, nil
+}

core/sqlite_db.go

@@ -95,9 +95,57 @@ VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)
 	return nil
 }
 
+func (d *SqliteDB) UpdateUserNKode(u User) error {
+	tx, err := d.db.Begin()
+	if err != nil {
+		return err
+	}
+	defer func() {
+		if err != nil {
+			err = tx.Rollback()
+			if err != nil {
+				log.Fatal(fmt.Sprintf("Write new user won't roll back %+v", err))
+			}
+		}
+	}()
+	updateUser := `
+UPDATE user 
+SET renew = ?, refresh_token = ?, code = ?, mask = ?, attributes_per_key = ?, number_of_keys = ?, alpha_key = ?, set_key = ?, pass_key = ?, mask_key = ?, salt = ?, max_nkode_len = ?, idx_interface = ?, svg_id_interface = ? 
+WHERE username = ? AND customer_id = ?
+`
+	var renew int
+	if u.Renew {
+		renew = 1
+	} else {
+		renew = 0
+	}
+	_, err = tx.Exec(updateUser, renew, u.RefreshToken, u.EncipheredPasscode.Code, u.EncipheredPasscode.Mask, u.Kp.AttrsPerKey, u.Kp.NumbOfKeys, util.Uint64ArrToByteArr(u.CipherKeys.AlphaKey), util.Uint64ArrToByteArr(u.CipherKeys.SetKey), util.Uint64ArrToByteArr(u.CipherKeys.PassKey), util.Uint64ArrToByteArr(u.CipherKeys.MaskKey), u.CipherKeys.Salt, u.CipherKeys.MaxNKodeLen, util.IntArrToByteArr(u.Interface.IdxInterface), util.IntArrToByteArr(u.Interface.SvgId), string(u.Email), uuid.UUID(u.CustomerId))
+
+	if err != nil {
+		return err
+	}
+	err = tx.Commit()
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 func (d *SqliteDB) GetCustomer(id CustomerId) (*Customer, error) {
+	tx, err := d.db.Begin()
+	if err != nil {
+		return nil, err
+	}
+	defer func() {
+		if err != nil {
+			err = tx.Rollback()
+			if err != nil {
+				log.Fatal(fmt.Sprintf("Write new user won't roll back %+v", err))
+			}
+		}
+	}()
 	selectCustomer := `SELECT max_nkode_len, min_nkode_len, distinct_sets, distinct_attributes, lock_out, expiration, attribute_values, set_values FROM customer WHERE id = ?`
-	rows, err := d.db.Query(selectCustomer, uuid.UUID(id))
+	rows, err := tx.Query(selectCustomer, uuid.UUID(id))
 
 	if !rows.Next() {
 		return nil, errors.New(fmt.Sprintf("no new row for customer %s with err %s", id, rows.Err()))
@@ -131,18 +179,26 @@ func (d *SqliteDB) GetCustomer(id CustomerId) (*Customer, error) {
 		},
 		Attributes: NewCustomerAttributesFromBytes(attributeValues, setValues),
 	}
-
+	err = tx.Commit()
+	if err != nil {
+		return nil, fmt.Errorf("read customer won't commit %w", err)
+	}
 	return &customer, nil
 }
 
 func (d *SqliteDB) GetUser(username Email, customerId CustomerId) (*User, error) {
+	tx, err := d.db.Begin()
+	if err != nil {
+		return nil, err
+	}
+	defer tx.Commit()
 	userSelect := `
 SELECT id, renew, refresh_token, code, mask, attributes_per_key, number_of_keys, alpha_key, set_key, pass_key, mask_key, salt, max_nkode_len, idx_interface, svg_id_interface FROM user 
 WHERE user.username = ? AND user.customer_id = ?
 `
-	rows, err := d.db.Query(userSelect, string(username), uuid.UUID(customerId).String())
+	rows, err := tx.Query(userSelect, string(username), uuid.UUID(customerId).String())
 	if !rows.Next() {
-		return nil, errors.New(fmt.Sprintf("no new rows for user %s of customer %s", string(username), uuid.UUID(customerId).String()))
+		return nil, nil
 	}
 	var id string
 	var renewVal int
@@ -246,7 +302,11 @@ UPDATE customer SET attribute_values = ?, set_values = ? WHERE id = ?;
 	userQuery := `
 SELECT id, alpha_key, set_key, attributes_per_key, number_of_keys FROM user WHERE customer_id = ?
 `
-	rows, err := d.db.Query(userQuery, uuid.UUID(id).String())
+	tx, err := d.db.Begin()
+	if err != nil {
+		return err
+	}
+	rows, err := tx.Query(userQuery, uuid.UUID(id).String())
 	for rows.Next() {
 		var userId string
 		var alphaBytes []byte
@@ -283,8 +343,20 @@ SELECT id, alpha_key, set_key, attributes_per_key, number_of_keys FROM user WHER
 	renewExec += `
 COMMIT;
 `
+	err = tx.Commit()
+	if err != nil {
+		return err
+	}
 
+	tx, err = d.db.Begin()
+	if err != nil {
+		return err
+	}
 	_, err = d.db.Exec(renewExec, renewArgs...)
+	err = tx.Commit()
+	if err != nil {
+		return err
+	}
 	return err
 }
 
@@ -317,10 +389,15 @@ func (d *SqliteDB) GetSvgStringInterface(idxs SvgIdInterface) ([]string, error)
 }
 
 func (d *SqliteDB) getSvgsById(ids []int) ([]string, error) {
+	tx, err := d.db.Begin()
+	if err != nil {
+		return nil, err
+	}
+	defer tx.Commit()
 	selectId := "SELECT svg FROM svg_icon where id = ?"
 	svgs := make([]string, len(ids))
 	for idx, id := range ids {
-		rows, err := d.db.Query(selectId, id)
+		rows, err := tx.Query(selectId, id)
 		if err != nil {
 			return nil, err
 		}
@@ -336,7 +413,12 @@ func (d *SqliteDB) getSvgsById(ids []int) ([]string, error) {
 }
 
 func (d *SqliteDB) getRandomIds(count int) ([]int, error) {
-	rows, err := d.db.Query("SELECT COUNT(*) as count FROM svg_icon;")
+	tx, err := d.db.Begin()
+	if err != nil {
+		return nil, err
+	}
+	defer tx.Commit()
+	rows, err := tx.Query("SELECT COUNT(*) as count FROM svg_icon;")
 	if err != nil {
 		return nil, err
 	}

core/test_helper.go

@@ -10,8 +10,11 @@ func SelectKeyByAttrIdx(interfaceUser []int, passcodeIdxs []int, keypadSize Keyp
 	selectedKeys := make([]int, len(passcodeIdxs))
 	for idx := range passcodeIdxs {
 		attrIdx := util.IndexOf[int](interfaceUser, passcodeIdxs[idx])
+		if attrIdx == -1 {
+			return nil, errors.New(fmt.Sprintf("index: %d out of range 0-%d", passcodeIdxs[idx], keypadSize.TotalAttrs()-1))
+		}
 		keyNumb := attrIdx / keypadSize.AttrsPerKey
-		if keyNumb < 0 || keyNumb >= keypadSize.NumbOfKeys {
+		if keyNumb >= keypadSize.NumbOfKeys {
 			return nil, errors.New(fmt.Sprintf("index key number: %d out of range 0-%d", keyNumb, keypadSize.NumbOfKeys-1))
 		}
 		selectedKeys[idx] = keyNumb

core/type.go

@@ -21,11 +21,12 @@ type NewCustomerPost struct {
 	NKodePolicy NKodePolicy `json:"nkode_policy"`
 }
 
-type GenerateSignupInterfacePost struct {
+type GenerateSignupRestInterfacePost struct {
 	CustomerId  string `json:"customer_id"`
 	AttrsPerKey int    `json:"attrs_per_key"`
 	NumbOfKeys  int    `json:"numb_of_keys"`
 	UserEmail   string `json:"email"`
+	Reset       bool   `json:"reset"`
 }
 
 type SetNKodePost struct {
@@ -56,16 +57,20 @@ type RenewAttributesPost struct {
 }
 
 type RefreshTokenPost struct {
-	UserEmail    string `json:"username"`
+	UserEmail  string `json:"email"`
+	CustomerId string `json:"customer_id"`
+}
+
+type ResetNKodePost struct {
+	UserEmail  string `json:"email"`
 	CustomerId string `json:"customer_id"`
-	RefreshToken string `json:"refresh_token"`
 }
 
 type CreateNewCustomerResp struct {
 	CustomerId string `json:"customer_id"`
 }
 
-type GenerateSignupInterfaceResp struct {
+type GenerateSignupResetInterfaceResp struct {
 	SessionId        string       `json:"session_id"`
 	UserIdxInterface IdxInterface `json:"user_interface"`
 	SvgInterface     []string     `json:"svg_interface"`
@@ -80,6 +85,12 @@ type GetLoginInterfaceResp struct {
 
 type KeySelection []int
 type CustomerId uuid.UUID
+
+func CustomerIdToString(customerId CustomerId) string {
+	customerUuid := uuid.UUID(customerId)
+	return customerUuid.String()
+}
+
 type SessionId uuid.UUID
 type UserId uuid.UUID
 
@@ -116,6 +127,7 @@ type DbAccessor interface {
 	GetUser(Email, CustomerId) (*User, error)
 	WriteNewCustomer(Customer) error
 	WriteNewUser(User) error
+	UpdateUserNKode(User) error
 	UpdateUserInterface(UserId, UserInterface) error
 	UpdateUserRefreshToken(UserId, string) error
 	Renew(CustomerId) error

core/user_signup_session.go

@@ -18,10 +18,11 @@ type UserSignSession struct {
 	ConfirmIdxInterface IdxInterface
 	SetKeySelection     KeySelection
 	UserEmail           Email
+	Reset               bool
 	Expire              int
 }
 
-func NewSignupSession(userEmail Email, kp KeypadDimension, customerId CustomerId, svgInterface SvgIdInterface) (*UserSignSession, error) {
+func NewSignupResetSession(userEmail Email, kp KeypadDimension, customerId CustomerId, svgInterface SvgIdInterface, reset bool) (*UserSignSession, error) {
 	loginInterface, err := NewUserInterface(&kp, svgInterface)
 	if err != nil {
 		return nil, err
@@ -39,6 +40,7 @@ func NewSignupSession(userEmail Email, kp KeypadDimension, customerId CustomerId
 		SetKeySelection:     nil,
 		UserEmail:           userEmail,
 		Kp:                  kp,
+		Reset:               reset,
 	}
 
 	return &session, nil

go.mod

@@ -13,8 +13,24 @@ require (
 )
 
 require (
+	github.com/aws/aws-sdk-go v1.55.5 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.31.0 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.27.37 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.35 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ses v1.27.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.23.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.31.1 // indirect
+	github.com/aws/smithy-go v1.21.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -1,13 +1,48 @@
+github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU=
+github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
+github.com/aws/aws-sdk-go-v2 v1.31.0 h1:3V05LbxTSItI5kUqNwhJrrrY1BAXxXt0sN0l72QmG5U=
+github.com/aws/aws-sdk-go-v2 v1.31.0/go.mod h1:ztolYtaEUtdpf9Wftr31CJfLVjOnD/CVRkKOOYgF8hA=
+github.com/aws/aws-sdk-go-v2/config v1.27.37 h1:xaoIwzHVuRWRHFI0jhgEdEGc8xE1l91KaeRDsWEIncU=
+github.com/aws/aws-sdk-go-v2/config v1.27.37/go.mod h1:S2e3ax9/8KnMSyRVNd3sWTKs+1clJ2f1U6nE0lpvQRg=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.35 h1:7QknrZhYySEB1lEXJxGAmuD5sWwys5ZXNr4m5oEz0IE=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.35/go.mod h1:8Vy4kk7at4aPSmibr7K+nLTzG6qUQAUO4tW49fzUV4E=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 h1:C/d03NAmh8C4BZXhuRNboF/DqhBkBCeDiJDcaqIT5pA=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14/go.mod h1:7I0Ju7p9mCIdlrfS+JCgqcYD0VXz/N4yozsox+0o078=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18 h1:kYQ3H1u0ANr9KEKlGs/jTLrBFPo8P8NaH/w7A01NeeM=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18/go.mod h1:r506HmK5JDUh9+Mw4CfGJGSSoqIiLCndAuqXuhbv67Y=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18 h1:Z7IdFUONvTcvS7YuhtVxN99v2cCoHRXOS4mTr0B/pUc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18/go.mod h1:DkKMmksZVVyat+Y+r1dEOgJEfUeA7UngIHWeKsi0yNc=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5 h1:QFASJGfT8wMXtuP3D5CRmMjARHv9ZmzFUMJznHDOY3w=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5/go.mod h1:QdZ3OmoIjSX+8D1OPAzPxDfjXASbBMDsz9qvtyIhtik=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20 h1:Xbwbmk44URTiHNx6PNo0ujDE6ERlsCKJD3u1zfnzAPg=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20/go.mod h1:oAfOFzUB14ltPZj1rWwRc3d/6OgD76R8KlvU3EqM9Fg=
+github.com/aws/aws-sdk-go-v2/service/ses v1.27.1 h1:I+53TmxXi/Z6QRbgGlsWKUlin7x0K7si50MdMoutIwg=
+github.com/aws/aws-sdk-go-v2/service/ses v1.27.1/go.mod h1:WJjeWePq/vToxtM4fKbGHiXvInPARrWn8XJ0NOu4KtY=
+github.com/aws/aws-sdk-go-v2/service/sso v1.23.1 h1:2jrVsMHqdLD1+PA4BA6Nh1eZp0Gsy3mFSB5MxDvcJtU=
+github.com/aws/aws-sdk-go-v2/service/sso v1.23.1/go.mod h1:XRlMvmad0ZNL+75C5FYdMvbbLkd6qiqz6foR1nA1PXY=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.1 h1:0L7yGCg3Hb3YQqnSgBTZM5wepougtL1aEccdcdYhHME=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.1/go.mod h1:FnvDM4sfa+isJ3kDXIzAB9GAwVSzFzSy97uZ3IsHo4E=
+github.com/aws/aws-sdk-go-v2/service/sts v1.31.1 h1:8K0UNOkZiK9Uh3HIF6Bx0rcNCftqGCeKmOaR7Gp5BSo=
+github.com/aws/aws-sdk-go-v2/service/sts v1.31.1/go.mod h1:yMWe0F+XG0DkRZK5ODZhG7BEFYhLXi2dqGsv6tX0cgI=
+github.com/aws/smithy-go v1.21.0 h1:H7L8dtDRk0P1Qm6y0ji7MCYMQObJ5R9CRpyPhRUkLYA=
+github.com/aws/smithy-go v1.21.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
 github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
 github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
@@ -16,5 +51,6 @@ golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWB
 golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

main.go

@@ -16,7 +16,7 @@ func main() {
 	handler := core.NKodeHandler{Api: nkodeApi}
 	mux := http.NewServeMux()
 	mux.Handle(core.CreateNewCustomer, &handler)
-	mux.Handle(core.GenerateSignupInterface, &handler)
+	mux.Handle(core.GenerateSignupResetInterface, &handler)
 	mux.Handle(core.SetNKode, &handler)
 	mux.Handle(core.ConfirmNKode, &handler)
 	mux.Handle(core.GetLoginInterface, &handler)
@@ -24,6 +24,7 @@ func main() {
 	mux.Handle(core.RenewAttributes, &handler)
 	mux.Handle(core.RandomSvgInterface, &handler)
 	mux.Handle(core.RefreshToken, &handler)
+	mux.Handle(core.ResetNKode, &handler)
 	fmt.Println("Running on localhost:8080...")
 	log.Fatal(http.ListenAndServe("localhost:8080", corsMiddleware(mux)))
 }

main_test.go

@@ -3,6 +3,7 @@ package main
 import (
 	"bytes"
 	"encoding/json"
+	"fmt"
 	"github.com/stretchr/testify/assert"
 	"go-nkode/core"
 	"io"
@@ -23,14 +24,15 @@ func TestApi(t *testing.T) {
 	testApiPost(t, base+core.CreateNewCustomer, newCustomerBody, &customerResp)
 
 	username := "test_username@example.com"
-	signupInterfaceBody := core.GenerateSignupInterfacePost{
+	signupInterfaceBody := core.GenerateSignupRestInterfacePost{
 		CustomerId:  customerResp.CustomerId,
 		AttrsPerKey: kp.AttrsPerKey,
 		NumbOfKeys:  kp.NumbOfKeys,
 		UserEmail:   username,
+		Reset:       false,
 	}
-	var signupInterfaceResp core.GenerateSignupInterfaceResp
+	var signupInterfaceResp core.GenerateSignupResetInterfaceResp
-	testApiPost(t, base+core.GenerateSignupInterface, signupInterfaceBody, &signupInterfaceResp)
+	testApiPost(t, base+core.GenerateSignupResetInterface, signupInterfaceBody, &signupInterfaceResp)
 	assert.Len(t, signupInterfaceResp.SvgInterface, kp.TotalAttrs())
 	passcodeLen := 4
 	setInterface := signupInterfaceResp.UserIdxInterface
@@ -71,7 +73,7 @@ func TestApi(t *testing.T) {
 		UserEmail:    username,
 		KeySelection: loginKeySelection,
 	}
-	var jwtTokens core.JwtTokens
+	var jwtTokens core.AuthenticationTokens
 	testApiPost(t, base+core.Login, loginBody, &jwtTokens)
 	refreshClaims, err := core.ParseRefreshToken(jwtTokens.RefreshToken)
 	assert.Equal(t, refreshClaims.Subject, username)
@@ -91,17 +93,12 @@ func TestApi(t *testing.T) {
 	testApiPost(t, base+core.Login, loginBody, &jwtTokens)
 
 	var randomSvgInterfaceResp core.RandomSvgInterfaceResp
-	testApiGet(t, base+core.RandomSvgInterface, &randomSvgInterfaceResp)
+	testApiGet(t, base+core.RandomSvgInterface, &randomSvgInterfaceResp, "")
 	assert.Equal(t, core.KeypadMax.TotalAttrs(), len(randomSvgInterfaceResp.Svgs))
 
-	refreshBody := core.RefreshTokenPost{
-		UserEmail:    username,
-		CustomerId:   customerResp.CustomerId,
-		RefreshToken: jwtTokens.RefreshToken,
-	}
-
 	var refreshTokenResp core.RefreshTokenResp
-	testApiPost(t, base+core.RefreshToken, refreshBody, &refreshTokenResp)
+
+	testApiGet(t, base+core.RefreshToken, &refreshTokenResp, jwtTokens.RefreshToken)
 	accessClaims, err = core.ParseAccessToken(refreshTokenResp.AccessToken)
 	assert.NoError(t, err)
 	assert.Equal(t, accessClaims.Subject, username)
@@ -131,8 +128,26 @@ func testApiPost(t *testing.T, endpointStr string, postBody any, respBody any) {
 	}
 }
 
-func testApiGet(t *testing.T, endpointStr string, respBody any) {
+func testApiGet(t *testing.T, endpointStr string, respBody any, bearerToken string) {
-	resp, err := http.Get(endpointStr)
+	req, err := http.NewRequest("GET", endpointStr, nil)
+	if err != nil {
+		fmt.Println("Error creating request:", err)
+		return
+	}
+
+	// Add the Bearer token to the Authorization header
+	if bearerToken != "" {
+		req.Header.Set("Authorization", "Bearer "+bearerToken)
+	}
+	// Make the HTTP request
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		fmt.Println("Error making request:", err)
+		return
+	}
+	defer resp.Body.Close()
+
 	assert.NoError(t, err)
 	assert.Equal(t, resp.StatusCode, http.StatusOK)
 	if respBody != nil {

sqlite-init/sqlite_init.go

@@ -144,7 +144,9 @@ func MakeTables(dbPath string) {
 	defer db.Close()
 	createTable := `
 PRAGMA journal_mode=WAL;
-PRAGMA foreign_keys = ON;
+--PRAGMA busy_timeout = 5000;         -- Wait up to 5 seconds
+--PRAGMA synchronous = NORMAL;        -- Reduce sync frequency for less locking
+--PRAGMA cache_size = -16000;         -- Increase cache size (16MB)PRAGMA foreign_keys = ON;
 
 CREATE TABLE IF NOT EXISTS customer (
     id TEXT NOT NULL PRIMARY KEY,