From 11f4f36a689b6447c9898a2840418e581cb3eb11 Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Tue, 28 Oct 2025 14:10:48 -0400
Subject: Use PKCS8 PEM, not raw SEC1 bytes, to store VAPID keys.

The `web-push` crate's VAPID signing support requires a private key. The `p256` crate is more than capable of generating one, but the easiest way to get a key from a `p256::ecdsa::SigningKey` to a `web_push::PartialVapidSignature` is via PKCS #8 PEM, not via the bytes. Since we'll need it in that form anyways, store it that way, so that we don't have to decode it using `p256`, re-encode to PEM, then decode to `PartialVapidSignature`.

The migration in this commit invalidates existing VAPID keys. We could include support for re-encoding them on read, but there's little point: this code is still in flux anyways, and only development deployments exist. By the time this is final, the schema will have settled.
---
 ...0f6acfdfbf9898a1a407e8a562a181542834d05eb0.json | 32 ++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 .sqlx/query-be295f56960d083d1f4c760f6acfdfbf9898a1a407e8a562a181542834d05eb0.json

(limited to '.sqlx/query-be295f56960d083d1f4c760f6acfdfbf9898a1a407e8a562a181542834d05eb0.json')

diff --git a/.sqlx/query-be295f56960d083d1f4c760f6acfdfbf9898a1a407e8a562a181542834d05eb0.json b/.sqlx/query-be295f56960d083d1f4c760f6acfdfbf9898a1a407e8a562a181542834d05eb0.json
new file mode 100644
index 0000000..ccec274
--- /dev/null
+++ b/.sqlx/query-be295f56960d083d1f4c760f6acfdfbf9898a1a407e8a562a181542834d05eb0.json
@@ -0,0 +1,32 @@
+{
+  "db_name": "SQLite",
+  "query": "\n                select\n                    key.changed_at as \"changed_at: DateTime\",\n                    key.changed_sequence as \"changed_sequence: Sequence\",\n                    signing.key\n                from vapid_key as key\n                join vapid_signing_key as signing\n            ",
+  "describe": {
+    "columns": [
+      {
+        "name": "changed_at: DateTime",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "changed_sequence: Sequence",
+        "ordinal": 1,
+        "type_info": "Integer"
+      },
+      {
+        "name": "key",
+        "ordinal": 2,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 0
+    },
+    "nullable": [
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "be295f56960d083d1f4c760f6acfdfbf9898a1a407e8a562a181542834d05eb0"
+}
-- 
cgit v1.2.3