chore: remove unused store methods

Remove 121 lines of unused store methods: - CSRFTokenStore: Stop, ExtendCSRFToken - SessionStore: Stop, ExtendSession, GetSession - RecoveryTokenStore: Stop, save, GetActiveTokenCount, ValidateRecoveryToken These methods were part of a standard store pattern but never wired up to the application lifecycle. The constant-time validation variant is used instead of the timing-vulnerable ValidateRecoveryToken.
2026-05-14 08:20:11 +00:00 · 2025-11-27 08:31:50 +00:00 · 2025-11-27 08:31:50 +00:00 · c8e76a52b7
commit c8e76a52b7
parent 72b2444a6c
3 changed files with 0 additions and 121 deletions
--- a/internal/api/csrf_store.go
+++ b/internal/api/csrf_store.go
@ -99,15 +99,6 @@ func (c *CSRFTokenStore) backgroundWorker() {
 	}
 }

-// Stop gracefully stops the CSRF store
-func (c *CSRFTokenStore) Stop() {
-	c.stopOnce.Do(func() {
-		c.saveTicker.Stop()
-		close(c.stopChan) // Close instead of send to signal all readers
-		c.save()
-	})
-}
-
 // GenerateCSRFToken creates a new CSRF token for a session
 func (c *CSRFTokenStore) GenerateCSRFToken(sessionID string) string {
 	tokenBytes := make([]byte, 32)
@ -150,18 +141,6 @@ func (c *CSRFTokenStore) ValidateCSRFToken(sessionID, token string) bool {
 	return subtle.ConstantTimeCompare([]byte(csrfToken.Hash), []byte(csrfTokenHash(token))) == 1
 }

-// ExtendCSRFToken extends the expiration of a CSRF token
-func (c *CSRFTokenStore) ExtendCSRFToken(sessionID string) {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-
-	key := csrfSessionKey(sessionID)
-	if csrfToken, exists := c.tokens[key]; exists {
-		csrfToken.Expires = time.Now().Add(4 * time.Hour)
-		c.saveUnsafe()
-	}
-}
-
 // DeleteCSRFToken removes a CSRF token
 func (c *CSRFTokenStore) DeleteCSRFToken(sessionID string) {
 	c.mu.Lock()
--- a/internal/api/recovery_tokens.go
+++ b/internal/api/recovery_tokens.go
@ -90,46 +90,6 @@ func (r *RecoveryTokenStore) GenerateRecoveryToken(duration time.Duration) (stri
 	return tokenStr, nil
 }

-// ValidateRecoveryToken checks if a recovery token is valid
-func (r *RecoveryTokenStore) ValidateRecoveryToken(tokenStr string, ip string) bool {
-	r.mu.Lock()
-	defer r.mu.Unlock()
-
-	token, exists := r.tokens[tokenStr]
-	if !exists {
-		log.Warn().Str("ip", ip).Msg("Invalid recovery token attempted")
-		return false
-	}
-
-	// Check if expired
-	if time.Now().After(token.ExpiresAt) {
-		log.Warn().Str("token", tokenStr[:8]+"...").Msg("Expired recovery token attempted")
-		return false
-	}
-
-	// Check if already used
-	if token.Used {
-		log.Warn().
-			Str("token", tokenStr[:8]+"...").
-			Time("used_at", token.UsedAt).
-			Msg("Already used recovery token attempted")
-		return false
-	}
-
-	// Mark as used
-	token.Used = true
-	token.UsedAt = time.Now()
-	token.IP = ip
-	r.saveUnsafe()
-
-	log.Info().
-		Str("token", tokenStr[:8]+"...").
-		Str("ip", ip).
-		Msg("Recovery token successfully used")
-
-	return true
-}
-
 // ValidateRecoveryTokenConstantTime validates token with constant-time comparison
 func (r *RecoveryTokenStore) ValidateRecoveryTokenConstantTime(providedToken string, ip string) bool {
 	// Use constant-time comparison to prevent timing attacks
@ -195,11 +155,6 @@ func (r *RecoveryTokenStore) cleanupRoutine() {
 	}
 }

-// Stop stops the cleanup routine
-func (r *RecoveryTokenStore) Stop() {
-	close(r.stopCleanup)
-}
-
 // cleanup removes expired and used tokens
 func (r *RecoveryTokenStore) cleanup() {
 	r.mu.Lock()
@ -222,13 +177,6 @@ func (r *RecoveryTokenStore) cleanup() {
 	}
 }

-// save persists tokens to disk
-func (r *RecoveryTokenStore) save() {
-	r.mu.RLock()
-	defer r.mu.RUnlock()
-	r.saveUnsafe()
-}
-
 // saveUnsafe saves without locking (caller must hold lock)
 func (r *RecoveryTokenStore) saveUnsafe() {
 	tokensFile := filepath.Join(r.dataPath, "recovery_tokens.json")
@ -291,18 +239,3 @@ func (r *RecoveryTokenStore) load() {

 	log.Info().Int("loaded", loaded).Int("total", len(tokens)).Msg("Recovery tokens loaded from disk")
 }
-
-// GetActiveTokenCount returns the number of active (unused, unexpired) tokens
-func (r *RecoveryTokenStore) GetActiveTokenCount() int {
-	r.mu.RLock()
-	defer r.mu.RUnlock()
-
-	count := 0
-	now := time.Now()
-	for _, token := range r.tokens {
-		if !token.Used && now.Before(token.ExpiresAt) {
-			count++
-		}
-	}
-	return count
-}
--- a/internal/api/session_store.go
+++ b/internal/api/session_store.go
@ -77,15 +77,6 @@ func (s *SessionStore) backgroundWorker() {
 	}
 }

-// Stop gracefully stops the session store
-func (s *SessionStore) Stop() {
-	s.stopOnce.Do(func() {
-		s.saveTicker.Stop()
-		close(s.stopChan) // Use close instead of send to signal all readers
-		s.save()
-	})
-}
-
 // CreateSession creates a new session
 func (s *SessionStore) CreateSession(token string, duration time.Duration, userAgent, ip string) {
 	s.mu.Lock()
@ -142,17 +133,6 @@ func (s *SessionStore) ValidateAndExtendSession(token string) bool {
 	return true
 }

-// ExtendSession extends the expiration of a session
-func (s *SessionStore) ExtendSession(token string, duration time.Duration) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-
-	if session, exists := s.sessions[sessionHash(token)]; exists {
-		session.ExpiresAt = time.Now().Add(duration)
-		s.saveUnsafe()
-	}
-}
-
 // DeleteSession removes a session
 func (s *SessionStore) DeleteSession(token string) {
 	s.mu.Lock()
@ -162,19 +142,6 @@ func (s *SessionStore) DeleteSession(token string) {
 	s.saveUnsafe()
 }

-// GetSession returns session data if it exists and is valid
-func (s *SessionStore) GetSession(token string) *SessionData {
-	s.mu.RLock()
-	defer s.mu.RUnlock()
-
-	session, exists := s.sessions[sessionHash(token)]
-	if !exists || time.Now().After(session.ExpiresAt) {
-		return nil
-	}
-
-	return session
-}
-
 // cleanup removes expired sessions
 func (s *SessionStore) cleanup() {
 	s.mu.Lock()