- for _, token := range tokens {
- var cond string
- var args []interface{}
- if token == "" {
- continue
- } else if len(token) > 30 && strings.HasPrefix(token, "v2/") && token[30] == '/' {
- fields := strings.Split(token, "/")
- cond = `aca.uuid=$1 and aca.api_token=$2`
- args = []interface{}{fields[1], fields[2]}
- } else {
- // Bare token or OIDC access token
- mac := hmac.New(sha256.New, []byte(cluster.SystemRootToken))
- io.WriteString(mac, token)
- hmac := fmt.Sprintf("%x", mac.Sum(nil))
- cond = `aca.api_token in ($1, $2)`
- args = []interface{}{token, hmac}
- }
- var scopesJSON []byte
- err = tx.QueryRowContext(ctx, `
+
+ var cond string
+ var args []interface{}
+ if len(token) > 30 && strings.HasPrefix(token, "v2/") && token[30] == '/' {
+ fields := strings.Split(token, "/")
+ cond = `aca.uuid=$1 and aca.api_token=$2`
+ args = []interface{}{fields[1], fields[2]}
+ } else {
+ // Bare token or OIDC access token
+ mac := hmac.New(sha256.New, []byte(cluster.SystemRootToken))
+ io.WriteString(mac, token)
+ hmac := fmt.Sprintf("%x", mac.Sum(nil))
+ cond = `aca.api_token in ($1, $2)`
+ args = []interface{}{token, hmac}
+ }
+ var scopesJSON []byte
+ err = tx.QueryRowContext(ctx, `