From b8392a5fe824eff46f912a58885546e7b0f37e6f Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Tue, 1 Oct 2024 22:30:04 -0400
Subject: Track event sequences globally, not per channel.

Per-channel event sequences were a cute idea, but it made reasoning about event resumption much, much harder (case in point: recovering the order of events in a partially-ordered collection is quadratic, since it's basically graph sort). The minor overhead of a global sequence number is likely tolerable, and this simplifies both the API and the internals.
---
 src/repo/channel.rs | 53 +++++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 41 insertions(+), 12 deletions(-)

(limited to 'src/repo/channel.rs')

diff --git a/src/repo/channel.rs b/src/repo/channel.rs
index 3c7468f..efc2ced 100644
--- a/src/repo/channel.rs
+++ b/src/repo/channel.rs
@@ -2,9 +2,10 @@ use std::fmt;
 
 use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
 
+use super::sequence::Sequence;
 use crate::{
     clock::DateTime,
-    events::types::{self, Sequence},
+    events::types::{self},
     id::Id as BaseId,
 };
 
@@ -26,6 +27,8 @@ pub struct Channel {
     pub name: String,
     #[serde(skip)]
     pub created_at: DateTime,
+    #[serde(skip)]
+    pub created_sequence: Sequence,
 }
 
 impl<'c> Channels<'c> {
@@ -33,25 +36,25 @@ impl<'c> Channels<'c> {
         &mut self,
         name: &str,
         created_at: &DateTime,
+        created_sequence: Sequence,
     ) -> Result<Channel, sqlx::Error> {
         let id = Id::generate();
-        let sequence = Sequence::default();
-
         let channel = sqlx::query_as!(
             Channel,
             r#"
                 insert
-                into channel (id, name, created_at, last_sequence)
+                into channel (id, name, created_at, created_sequence)
                 values ($1, $2, $3, $4)
                 returning
                     id as "id: Id",
                     name,
-                    created_at as "created_at: DateTime"
+                    created_at as "created_at: DateTime",
+                    created_sequence as "created_sequence: Sequence"
             "#,
             id,
             name,
             created_at,
-            sequence,
+            created_sequence,
         )
         .fetch_one(&mut *self.0)
         .await?;
@@ -66,7 +69,8 @@ impl<'c> Channels<'c> {
                 select
                     id as "id: Id",
                     name,
-                    created_at as "created_at: DateTime"
+                    created_at as "created_at: DateTime",
+                    created_sequence as "created_sequence: Sequence"
                 from channel
                 where id = $1
             "#,
@@ -85,7 +89,8 @@ impl<'c> Channels<'c> {
                 select
                     id as "id: Id",
                     name,
-                    created_at as "created_at: DateTime"
+                    created_at as "created_at: DateTime",
+                    created_sequence as "created_sequence: Sequence"
                 from channel
                 order by channel.name
             "#,
@@ -96,11 +101,34 @@ impl<'c> Channels<'c> {
         Ok(channels)
     }
 
-    pub async fn delete_expired(
+    pub async fn replay(
+        &mut self,
+        resume_at: Option<Sequence>,
+    ) -> Result<Vec<Channel>, sqlx::Error> {
+        let channels = sqlx::query_as!(
+            Channel,
+            r#"
+                select
+                    id as "id: Id",
+                    name,
+                    created_at as "created_at: DateTime",
+                    created_sequence as "created_sequence: Sequence"
+                from channel
+                where coalesce(created_sequence > $1, true)
+            "#,
+            resume_at,
+        )
+        .fetch_all(&mut *self.0)
+        .await?;
+
+        Ok(channels)
+    }
+
+    pub async fn delete(
         &mut self,
         channel: &Channel,
-        sequence: Sequence,
         deleted_at: &DateTime,
+        deleted_sequence: Sequence,
     ) -> Result<types::ChannelEvent, sqlx::Error> {
         let channel = channel.id.clone();
         sqlx::query_scalar!(
@@ -115,7 +143,7 @@ impl<'c> Channels<'c> {
         .await?;
 
         Ok(types::ChannelEvent {
-            sequence,
+            sequence: deleted_sequence,
             at: *deleted_at,
             data: types::DeletedEvent { channel }.into(),
         })
@@ -128,7 +156,8 @@ impl<'c> Channels<'c> {
                 select
                     channel.id as "id: Id",
                     channel.name,
-                    channel.created_at as "created_at: DateTime"
+                    channel.created_at as "created_at: DateTime",
+                    channel.created_sequence as "created_sequence: Sequence"
                 from channel
                     left join message
                 where created_at < $1
-- 
cgit v1.2.3


From d171a258ad2119e39cb715f8800031fff16967dc Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Tue, 1 Oct 2024 22:43:18 -0400
Subject: Provide a resume point to bridge clients from state snapshots to the
 event sequence.

---
 ...a13fa4f719d82d465e4525557698914a661d39cdb4.json | 20 +++++++
 ...8a7a66fa8f9e3ddcf6d041be8d834db58f66a5aa88.json | 38 ------------
 ...8143f6b5d16dbeb19ad13ac36dcb40851f0af238e8.json | 38 ++++++++++++
 docs/api.md                                        | 13 ++++-
 src/channel/app.rs                                 |  6 +-
 src/channel/routes.rs                              | 15 ++++-
 src/channel/routes/test/list.rs                    |  7 ++-
 src/channel/routes/test/on_create.rs               |  2 +-
 src/events/routes.rs                               | 11 +++-
 src/events/routes/test.rs                          | 67 +++++++++++++++-------
 src/login/app.rs                                   |  9 +++
 src/login/routes.rs                                |  9 ++-
 src/login/routes/test/boot.rs                      |  7 ++-
 src/repo/channel.rs                                |  7 ++-
 src/repo/sequence.rs                               | 52 ++++++++++++-----
 15 files changed, 211 insertions(+), 90 deletions(-)
 create mode 100644 .sqlx/query-566ee1b8e4e66e78b28675a13fa4f719d82d465e4525557698914a661d39cdb4.json
 delete mode 100644 .sqlx/query-7f6b9c7d4ef3f540d594318a7a66fa8f9e3ddcf6d041be8d834db58f66a5aa88.json
 create mode 100644 .sqlx/query-cda3a4a974eb986ebe26838143f6b5d16dbeb19ad13ac36dcb40851f0af238e8.json

(limited to 'src/repo/channel.rs')

diff --git a/.sqlx/query-566ee1b8e4e66e78b28675a13fa4f719d82d465e4525557698914a661d39cdb4.json b/.sqlx/query-566ee1b8e4e66e78b28675a13fa4f719d82d465e4525557698914a661d39cdb4.json
new file mode 100644
index 0000000..8d2fc72
--- /dev/null
+++ b/.sqlx/query-566ee1b8e4e66e78b28675a13fa4f719d82d465e4525557698914a661d39cdb4.json
@@ -0,0 +1,20 @@
+{
+  "db_name": "SQLite",
+  "query": "\n                select last_value as \"last_value: Sequence\"\n                from event_sequence\n            ",
+  "describe": {
+    "columns": [
+      {
+        "name": "last_value: Sequence",
+        "ordinal": 0,
+        "type_info": "Integer"
+      }
+    ],
+    "parameters": {
+      "Right": 0
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "566ee1b8e4e66e78b28675a13fa4f719d82d465e4525557698914a661d39cdb4"
+}
diff --git a/.sqlx/query-7f6b9c7d4ef3f540d594318a7a66fa8f9e3ddcf6d041be8d834db58f66a5aa88.json b/.sqlx/query-7f6b9c7d4ef3f540d594318a7a66fa8f9e3ddcf6d041be8d834db58f66a5aa88.json
deleted file mode 100644
index 3cc33cf..0000000
--- a/.sqlx/query-7f6b9c7d4ef3f540d594318a7a66fa8f9e3ddcf6d041be8d834db58f66a5aa88.json
+++ /dev/null
@@ -1,38 +0,0 @@
-{
-  "db_name": "SQLite",
-  "query": "\n                select\n                    id as \"id: Id\",\n                    name,\n                    created_at as \"created_at: DateTime\",\n                    created_sequence as \"created_sequence: Sequence\"\n                from channel\n                order by channel.name\n            ",
-  "describe": {
-    "columns": [
-      {
-        "name": "id: Id",
-        "ordinal": 0,
-        "type_info": "Text"
-      },
-      {
-        "name": "name",
-        "ordinal": 1,
-        "type_info": "Text"
-      },
-      {
-        "name": "created_at: DateTime",
-        "ordinal": 2,
-        "type_info": "Text"
-      },
-      {
-        "name": "created_sequence: Sequence",
-        "ordinal": 3,
-        "type_info": "Integer"
-      }
-    ],
-    "parameters": {
-      "Right": 0
-    },
-    "nullable": [
-      false,
-      false,
-      false,
-      false
-    ]
-  },
-  "hash": "7f6b9c7d4ef3f540d594318a7a66fa8f9e3ddcf6d041be8d834db58f66a5aa88"
-}
diff --git a/.sqlx/query-cda3a4a974eb986ebe26838143f6b5d16dbeb19ad13ac36dcb40851f0af238e8.json b/.sqlx/query-cda3a4a974eb986ebe26838143f6b5d16dbeb19ad13ac36dcb40851f0af238e8.json
new file mode 100644
index 0000000..bce6a88
--- /dev/null
+++ b/.sqlx/query-cda3a4a974eb986ebe26838143f6b5d16dbeb19ad13ac36dcb40851f0af238e8.json
@@ -0,0 +1,38 @@
+{
+  "db_name": "SQLite",
+  "query": "\n                select\n                    id as \"id: Id\",\n                    name,\n                    created_at as \"created_at: DateTime\",\n                    created_sequence as \"created_sequence: Sequence\"\n                from channel\n                where coalesce(created_sequence <= $1, true)\n                order by channel.name\n            ",
+  "describe": {
+    "columns": [
+      {
+        "name": "id: Id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "name",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "created_at: DateTime",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "created_sequence: Sequence",
+        "ordinal": 3,
+        "type_info": "Integer"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "cda3a4a974eb986ebe26838143f6b5d16dbeb19ad13ac36dcb40851f0af238e8"
+}
diff --git a/docs/api.md b/docs/api.md
index e18c6d5..5adf28d 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -23,7 +23,8 @@ Returns information needed to boot the client. Also the recommended way to check
     "login": {
         "name": "example username",
         "id": "L1234abcd",
-    }
+    },
+    "resume_point": "1312",
 }
 ```
 
@@ -80,6 +81,10 @@ Channels are the containers for conversations. The API supports listing channels
 
 Lists channels.
 
+#### Query parameters
+
+This endpoint accepts an optional `resume_point` query parameter. If provided, the value must be the value obtained from the `/api/boot` method. This parameter will restrict the returned list to channels as they existed at a fixed point in time, with any later changes only appearing in the event stream.
+
 #### On success
 
 Responds with a list of channel objects, one per channel:
@@ -152,9 +157,13 @@ Subscribes to events. This endpoint returns an `application/event-stream` respon
 
 The returned stream may terminate, to limit the number of outstanding messages held by the server. Clients can and should repeat the request, using the `Last-Event-Id` header to resume from where they left off. Events will be replayed from that point, and the stream will resume.
 
+#### Query parameters
+
+This endpoint accepts an optional `resume_point` query parameter. If provided, the value must be the value obtained from the `/api/boot` method. This parameter start the returned stream immediately after the `resume_point`.
+
 #### Request headers
 
-This endpoint accepts an optional `Last-Event-Id` header for resuming an interrupted stream. If this header is provided, it must be set to the `id` field sent with the last event the client has processed. When `Last-Event-Id` is sent, the response will resume immediately after the corresponding event. If this header is omitted, then the stream will start from the beginning.
+This endpoint accepts an optional `Last-Event-Id` header for resuming an interrupted stream. If this header is provided, it must be set to the `id` field sent with the last event the client has processed. When `Last-Event-Id` is sent, the response will resume immediately after the corresponding event. This header takes precedence over the `resume_point` query parameter; if neither is provided, then event playback starts at the beginning of time (_you have been warned_).
 
 If you're using a browser's `EventSource` API, this is handled for you automatically.
 
diff --git a/src/channel/app.rs b/src/channel/app.rs
index 88f4170..d89e733 100644
--- a/src/channel/app.rs
+++ b/src/channel/app.rs
@@ -6,7 +6,7 @@ use crate::{
     events::{broadcaster::Broadcaster, types::ChannelEvent},
     repo::{
         channel::{Channel, Provider as _},
-        sequence::Provider as _,
+        sequence::{Provider as _, Sequence},
     },
 };
 
@@ -36,9 +36,9 @@ impl<'a> Channels<'a> {
         Ok(channel)
     }
 
-    pub async fn all(&self) -> Result<Vec<Channel>, InternalError> {
+    pub async fn all(&self, resume_point: Option<Sequence>) -> Result<Vec<Channel>, InternalError> {
         let mut tx = self.db.begin().await?;
-        let channels = tx.channels().all().await?;
+        let channels = tx.channels().all(resume_point).await?;
         tx.commit().await?;
 
         Ok(channels)
diff --git a/src/channel/routes.rs b/src/channel/routes.rs
index 1f8db5a..067d213 100644
--- a/src/channel/routes.rs
+++ b/src/channel/routes.rs
@@ -5,6 +5,7 @@ use axum::{
     routing::{get, post},
     Router,
 };
+use axum_extra::extract::Query;
 
 use super::app;
 use crate::{
@@ -15,6 +16,7 @@ use crate::{
     repo::{
         channel::{self, Channel},
         login::Login,
+        sequence::Sequence,
     },
 };
 
@@ -28,8 +30,17 @@ pub fn router() -> Router<App> {
         .route("/api/channels/:channel", post(on_send))
 }
 
-async fn list(State(app): State<App>, _: Login) -> Result<Channels, Internal> {
-    let channels = app.channels().all().await?;
+#[derive(Default, serde::Deserialize)]
+struct ListQuery {
+    resume_point: Option<Sequence>,
+}
+
+async fn list(
+    State(app): State<App>,
+    _: Login,
+    Query(query): Query<ListQuery>,
+) -> Result<Channels, Internal> {
+    let channels = app.channels().all(query.resume_point).await?;
     let response = Channels(channels);
 
     Ok(response)
diff --git a/src/channel/routes/test/list.rs b/src/channel/routes/test/list.rs
index bc94024..f15a53c 100644
--- a/src/channel/routes/test/list.rs
+++ b/src/channel/routes/test/list.rs
@@ -1,4 +1,5 @@
 use axum::extract::State;
+use axum_extra::extract::Query;
 
 use crate::{channel::routes, test::fixtures};
 
@@ -11,7 +12,7 @@ async fn empty_list() {
 
     // Call the endpoint
 
-    let routes::Channels(channels) = routes::list(State(app), viewer)
+    let routes::Channels(channels) = routes::list(State(app), viewer, Query::default())
         .await
         .expect("always succeeds");
 
@@ -30,7 +31,7 @@ async fn one_channel() {
 
     // Call the endpoint
 
-    let routes::Channels(channels) = routes::list(State(app), viewer)
+    let routes::Channels(channels) = routes::list(State(app), viewer, Query::default())
         .await
         .expect("always succeeds");
 
@@ -52,7 +53,7 @@ async fn multiple_channels() {
 
     // Call the endpoint
 
-    let routes::Channels(response_channels) = routes::list(State(app), viewer)
+    let routes::Channels(response_channels) = routes::list(State(app), viewer, Query::default())
         .await
         .expect("always succeeds");
 
diff --git a/src/channel/routes/test/on_create.rs b/src/channel/routes/test/on_create.rs
index 5deb88a..72980ac 100644
--- a/src/channel/routes/test/on_create.rs
+++ b/src/channel/routes/test/on_create.rs
@@ -33,7 +33,7 @@ async fn new_channel() {
 
     // Verify the semantics
 
-    let channels = app.channels().all().await.expect("always succeeds");
+    let channels = app.channels().all(None).await.expect("always succeeds");
     assert!(channels.contains(&response_channel));
 
     let mut events = app
diff --git a/src/events/routes.rs b/src/events/routes.rs
index e3a959f..d81c7fb 100644
--- a/src/events/routes.rs
+++ b/src/events/routes.rs
@@ -7,6 +7,7 @@ use axum::{
     routing::get,
     Router,
 };
+use axum_extra::extract::Query;
 use futures::stream::{Stream, StreamExt as _};
 
 use super::{extract::LastEventId, types};
@@ -24,12 +25,20 @@ pub fn router() -> Router<App> {
     Router::new().route("/api/events", get(events))
 }
 
+#[derive(Default, serde::Deserialize)]
+struct EventsQuery {
+    resume_point: Option<Sequence>,
+}
+
 async fn events(
     State(app): State<App>,
     identity: Identity,
     last_event_id: Option<LastEventId<Sequence>>,
+    Query(query): Query<EventsQuery>,
 ) -> Result<Events<impl Stream<Item = types::ChannelEvent> + std::fmt::Debug>, EventsError> {
-    let resume_at = last_event_id.map(LastEventId::into_inner);
+    let resume_at = last_event_id
+        .map(LastEventId::into_inner)
+        .or(query.resume_point);
 
     let stream = app.events().subscribe(resume_at).await?;
     let stream = app.logins().limit_stream(identity.token, stream).await?;
diff --git a/src/events/routes/test.rs b/src/events/routes/test.rs
index 1cfca4f..11f01b8 100644
--- a/src/events/routes/test.rs
+++ b/src/events/routes/test.rs
@@ -1,4 +1,5 @@
 use axum::extract::State;
+use axum_extra::extract::Query;
 use futures::{
     future,
     stream::{self, StreamExt as _},
@@ -22,7 +23,7 @@ async fn includes_historical_message() {
 
     let subscriber_creds = fixtures::login::create_with_password(&app).await;
     let subscriber = fixtures::identity::identity(&app, &subscriber_creds, &fixtures::now()).await;
-    let routes::Events(events) = routes::events(State(app), subscriber, None)
+    let routes::Events(events) = routes::events(State(app), subscriber, None, Query::default())
         .await
         .expect("subscribe never fails");
 
@@ -49,9 +50,10 @@ async fn includes_live_message() {
 
     let subscriber_creds = fixtures::login::create_with_password(&app).await;
     let subscriber = fixtures::identity::identity(&app, &subscriber_creds, &fixtures::now()).await;
-    let routes::Events(events) = routes::events(State(app.clone()), subscriber, None)
-        .await
-        .expect("subscribe never fails");
+    let routes::Events(events) =
+        routes::events(State(app.clone()), subscriber, None, Query::default())
+            .await
+            .expect("subscribe never fails");
 
     // Verify the semantics
 
@@ -94,7 +96,7 @@ async fn includes_multiple_channels() {
 
     let subscriber_creds = fixtures::login::create_with_password(&app).await;
     let subscriber = fixtures::identity::identity(&app, &subscriber_creds, &fixtures::now()).await;
-    let routes::Events(events) = routes::events(State(app), subscriber, None)
+    let routes::Events(events) = routes::events(State(app), subscriber, None, Query::default())
         .await
         .expect("subscribe never fails");
 
@@ -130,7 +132,7 @@ async fn sequential_messages() {
 
     let subscriber_creds = fixtures::login::create_with_password(&app).await;
     let subscriber = fixtures::identity::identity(&app, &subscriber_creds, &fixtures::now()).await;
-    let routes::Events(events) = routes::events(State(app), subscriber, None)
+    let routes::Events(events) = routes::events(State(app), subscriber, None, Query::default())
         .await
         .expect("subscribe never fails");
 
@@ -172,9 +174,14 @@ async fn resumes_from() {
 
     let resume_at = {
         // First subscription
-        let routes::Events(events) = routes::events(State(app.clone()), subscriber.clone(), None)
-            .await
-            .expect("subscribe never fails");
+        let routes::Events(events) = routes::events(
+            State(app.clone()),
+            subscriber.clone(),
+            None,
+            Query::default(),
+        )
+        .await
+        .expect("subscribe never fails");
 
         let event = events
             .filter(fixtures::filter::messages())
@@ -189,9 +196,14 @@ async fn resumes_from() {
     };
 
     // Resume after disconnect
-    let routes::Events(resumed) = routes::events(State(app), subscriber, Some(resume_at.into()))
-        .await
-        .expect("subscribe never fails");
+    let routes::Events(resumed) = routes::events(
+        State(app),
+        subscriber,
+        Some(resume_at.into()),
+        Query::default(),
+    )
+    .await
+    .expect("subscribe never fails");
 
     // Verify the structure of the response.
 
@@ -242,9 +254,14 @@ async fn serial_resume() {
         ];
 
         // First subscription
-        let routes::Events(events) = routes::events(State(app.clone()), subscriber.clone(), None)
-            .await
-            .expect("subscribe never fails");
+        let routes::Events(events) = routes::events(
+            State(app.clone()),
+            subscriber.clone(),
+            None,
+            Query::default(),
+        )
+        .await
+        .expect("subscribe never fails");
 
         let events = events
             .filter(fixtures::filter::messages())
@@ -277,6 +294,7 @@ async fn serial_resume() {
             State(app.clone()),
             subscriber.clone(),
             Some(resume_at.into()),
+            Query::default(),
         )
         .await
         .expect("subscribe never fails");
@@ -312,6 +330,7 @@ async fn serial_resume() {
             State(app.clone()),
             subscriber.clone(),
             Some(resume_at.into()),
+            Query::default(),
         )
         .await
         .expect("subscribe never fails");
@@ -345,9 +364,10 @@ async fn terminates_on_token_expiry() {
     let subscriber =
         fixtures::identity::identity(&app, &subscriber_creds, &fixtures::ancient()).await;
 
-    let routes::Events(events) = routes::events(State(app.clone()), subscriber, None)
-        .await
-        .expect("subscribe never fails");
+    let routes::Events(events) =
+        routes::events(State(app.clone()), subscriber, None, Query::default())
+            .await
+            .expect("subscribe never fails");
 
     // Verify the resulting stream's behaviour
 
@@ -387,9 +407,14 @@ async fn terminates_on_logout() {
     let subscriber =
         fixtures::identity::from_token(&app, &subscriber_token, &fixtures::now()).await;
 
-    let routes::Events(events) = routes::events(State(app.clone()), subscriber.clone(), None)
-        .await
-        .expect("subscribe never fails");
+    let routes::Events(events) = routes::events(
+        State(app.clone()),
+        subscriber.clone(),
+        None,
+        Query::default(),
+    )
+    .await
+    .expect("subscribe never fails");
 
     // Verify the resulting stream's behaviour
 
diff --git a/src/login/app.rs b/src/login/app.rs
index 95f0a07..f1dffb9 100644
--- a/src/login/app.rs
+++ b/src/login/app.rs
@@ -13,6 +13,7 @@ use crate::{
     repo::{
         error::NotFound as _,
         login::{Login, Provider as _},
+        sequence::{Provider as _, Sequence},
         token::{self, Provider as _},
     },
 };
@@ -27,6 +28,14 @@ impl<'a> Logins<'a> {
         Self { db, logins }
     }
 
+    pub async fn boot_point(&self) -> Result<Sequence, sqlx::Error> {
+        let mut tx = self.db.begin().await?;
+        let sequence = tx.sequence().current().await?;
+        tx.commit().await?;
+
+        Ok(sequence)
+    }
+
     pub async fn login(
         &self,
         name: &str,
diff --git a/src/login/routes.rs b/src/login/routes.rs
index d7cb9b1..ef75871 100644
--- a/src/login/routes.rs
+++ b/src/login/routes.rs
@@ -26,13 +26,18 @@ pub fn router() -> Router<App> {
         .route("/api/auth/logout", post(on_logout))
 }
 
-async fn boot(login: Login) -> Boot {
-    Boot { login }
+async fn boot(State(app): State<App>, login: Login) -> Result<Boot, Internal> {
+    let resume_point = app.logins().boot_point().await?;
+    Ok(Boot {
+        login,
+        resume_point: resume_point.to_string(),
+    })
 }
 
 #[derive(serde::Serialize)]
 struct Boot {
     login: Login,
+    resume_point: String,
 }
 
 impl IntoResponse for Boot {
diff --git a/src/login/routes/test/boot.rs b/src/login/routes/test/boot.rs
index dee554f..9655354 100644
--- a/src/login/routes/test/boot.rs
+++ b/src/login/routes/test/boot.rs
@@ -1,9 +1,14 @@
+use axum::extract::State;
+
 use crate::{login::routes, test::fixtures};
 
 #[tokio::test]
 async fn returns_identity() {
+    let app = fixtures::scratch_app().await;
     let login = fixtures::login::fictitious();
-    let response = routes::boot(login.clone()).await;
+    let response = routes::boot(State(app), login.clone())
+        .await
+        .expect("boot always succeeds");
 
     assert_eq!(login, response.login);
 }
diff --git a/src/repo/channel.rs b/src/repo/channel.rs
index efc2ced..ad42710 100644
--- a/src/repo/channel.rs
+++ b/src/repo/channel.rs
@@ -82,7 +82,10 @@ impl<'c> Channels<'c> {
         Ok(channel)
     }
 
-    pub async fn all(&mut self) -> Result<Vec<Channel>, sqlx::Error> {
+    pub async fn all(
+        &mut self,
+        resume_point: Option<Sequence>,
+    ) -> Result<Vec<Channel>, sqlx::Error> {
         let channels = sqlx::query_as!(
             Channel,
             r#"
@@ -92,8 +95,10 @@ impl<'c> Channels<'c> {
                     created_at as "created_at: DateTime",
                     created_sequence as "created_sequence: Sequence"
                 from channel
+                where coalesce(created_sequence <= $1, true)
                 order by channel.name
             "#,
+            resume_point,
         )
         .fetch_all(&mut *self.0)
         .await?;
diff --git a/src/repo/sequence.rs b/src/repo/sequence.rs
index 8fe9dab..c47b41c 100644
--- a/src/repo/sequence.rs
+++ b/src/repo/sequence.rs
@@ -1,3 +1,5 @@
+use std::fmt;
+
 use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
 
 pub trait Provider {
@@ -10,6 +12,37 @@ impl<'c> Provider for Transaction<'c, Sqlite> {
     }
 }
 
+pub struct Sequences<'t>(&'t mut SqliteConnection);
+
+impl<'c> Sequences<'c> {
+    pub async fn next(&mut self) -> Result<Sequence, sqlx::Error> {
+        let next = sqlx::query_scalar!(
+            r#"
+                update event_sequence
+                set last_value = last_value + 1
+                returning last_value as "next_value: Sequence"
+            "#,
+        )
+        .fetch_one(&mut *self.0)
+        .await?;
+
+        Ok(next)
+    }
+
+    pub async fn current(&mut self) -> Result<Sequence, sqlx::Error> {
+        let next = sqlx::query_scalar!(
+            r#"
+                select last_value as "last_value: Sequence"
+                from event_sequence
+            "#,
+        )
+        .fetch_one(&mut *self.0)
+        .await?;
+
+        Ok(next)
+    }
+}
+
 #[derive(
     Clone,
     Copy,
@@ -26,20 +59,9 @@ impl<'c> Provider for Transaction<'c, Sqlite> {
 #[sqlx(transparent)]
 pub struct Sequence(i64);
 
-pub struct Sequences<'t>(&'t mut SqliteConnection);
-
-impl<'c> Sequences<'c> {
-    pub async fn next(&mut self) -> Result<Sequence, sqlx::Error> {
-        let next = sqlx::query_scalar!(
-            r#"
-                update event_sequence
-                set last_value = last_value + 1
-                returning last_value as "next_value: Sequence"
-            "#,
-        )
-        .fetch_one(&mut *self.0)
-        .await?;
-
-        Ok(next)
+impl fmt::Display for Sequence {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        let Self(value) = self;
+        value.fmt(f)
     }
 }
-- 
cgit v1.2.3


From f878f0b5eaa44e8ee8d67cbfd706926ff2119113 Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Tue, 1 Oct 2024 23:57:22 -0400
Subject: Organize IDs into top-level namespaces.

(This is part of a larger reorganization.)
---
 src/channel/id.rs                  | 38 +++++++++++++++++++++++++++++++++++++
 src/channel/mod.rs                 |  3 +++
 src/channel/routes.rs              |  7 ++-----
 src/channel/routes/test/on_send.rs |  2 +-
 src/events/app.rs                  |  3 ++-
 src/events/repo/message.rs         | 11 ++++-------
 src/events/types.rs                | 11 ++++-------
 src/lib.rs                         |  1 +
 src/login/app.rs                   |  6 ++++--
 src/login/extract.rs               |  4 ++--
 src/login/id.rs                    | 24 +++++++++++++++++++++++
 src/login/mod.rs                   |  7 +++++--
 src/login/repo/auth.rs             |  5 +----
 src/login/token/id.rs              | 27 ++++++++++++++++++++++++++
 src/login/token/mod.rs             |  3 +++
 src/login/types.rs                 |  2 +-
 src/message/id.rs                  | 27 ++++++++++++++++++++++++++
 src/message/mod.rs                 |  3 +++
 src/repo/channel.rs                | 39 +-------------------------------------
 src/repo/login/mod.rs              |  2 +-
 src/repo/login/store.rs            | 25 +-----------------------
 src/repo/message.rs                | 28 +--------------------------
 src/repo/token.rs                  | 33 +++++---------------------------
 23 files changed, 161 insertions(+), 150 deletions(-)
 create mode 100644 src/channel/id.rs
 create mode 100644 src/login/id.rs
 create mode 100644 src/login/token/id.rs
 create mode 100644 src/login/token/mod.rs
 create mode 100644 src/message/id.rs
 create mode 100644 src/message/mod.rs

(limited to 'src/repo/channel.rs')

diff --git a/src/channel/id.rs b/src/channel/id.rs
new file mode 100644
index 0000000..22a2700
--- /dev/null
+++ b/src/channel/id.rs
@@ -0,0 +1,38 @@
+use std::fmt;
+
+use crate::id::Id as BaseId;
+
+// Stable identifier for a [Channel]. Prefixed with `C`.
+#[derive(
+    Clone,
+    Debug,
+    Eq,
+    Hash,
+    Ord,
+    PartialEq,
+    PartialOrd,
+    sqlx::Type,
+    serde::Deserialize,
+    serde::Serialize,
+)]
+#[sqlx(transparent)]
+#[serde(transparent)]
+pub struct Id(BaseId);
+
+impl From<BaseId> for Id {
+    fn from(id: BaseId) -> Self {
+        Self(id)
+    }
+}
+
+impl Id {
+    pub fn generate() -> Self {
+        BaseId::generate("C")
+    }
+}
+
+impl fmt::Display for Id {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        self.0.fmt(f)
+    }
+}
diff --git a/src/channel/mod.rs b/src/channel/mod.rs
index 9f79dbb..3115e98 100644
--- a/src/channel/mod.rs
+++ b/src/channel/mod.rs
@@ -1,4 +1,7 @@
 pub mod app;
+mod id;
 mod routes;
 
 pub use self::routes::router;
+
+pub use self::id::Id;
diff --git a/src/channel/routes.rs b/src/channel/routes.rs
index 067d213..72d6195 100644
--- a/src/channel/routes.rs
+++ b/src/channel/routes.rs
@@ -10,14 +10,11 @@ use axum_extra::extract::Query;
 use super::app;
 use crate::{
     app::App,
+    channel,
     clock::RequestedAt,
     error::Internal,
     events::app::EventsError,
-    repo::{
-        channel::{self, Channel},
-        login::Login,
-        sequence::Sequence,
-    },
+    repo::{channel::Channel, login::Login, sequence::Sequence},
 };
 
 #[cfg(test)]
diff --git a/src/channel/routes/test/on_send.rs b/src/channel/routes/test/on_send.rs
index d37ed21..987784d 100644
--- a/src/channel/routes/test/on_send.rs
+++ b/src/channel/routes/test/on_send.rs
@@ -2,9 +2,9 @@ use axum::extract::{Json, Path, State};
 use futures::stream::StreamExt;
 
 use crate::{
+    channel,
     channel::routes,
     events::{app, types},
-    repo::channel,
     test::fixtures::{self, future::Immediately as _},
 };
 
diff --git a/src/events/app.rs b/src/events/app.rs
index c15f11e..1fa2f70 100644
--- a/src/events/app.rs
+++ b/src/events/app.rs
@@ -12,9 +12,10 @@ use super::{
     types::{self, ChannelEvent},
 };
 use crate::{
+    channel,
     clock::DateTime,
     repo::{
-        channel::{self, Provider as _},
+        channel::Provider as _,
         error::NotFound as _,
         login::Login,
         sequence::{Provider as _, Sequence},
diff --git a/src/events/repo/message.rs b/src/events/repo/message.rs
index 3237553..00c24b1 100644
--- a/src/events/repo/message.rs
+++ b/src/events/repo/message.rs
@@ -1,14 +1,11 @@
 use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
 
 use crate::{
+    channel,
     clock::DateTime,
     events::types,
-    repo::{
-        channel::{self, Channel},
-        login::{self, Login},
-        message::{self, Message},
-        sequence::Sequence,
-    },
+    login, message,
+    repo::{channel::Channel, login::Login, message::Message, sequence::Sequence},
 };
 
 pub trait Provider {
@@ -172,7 +169,7 @@ impl<'c> Events<'c> {
                     created_at: row.channel_created_at,
                     created_sequence: row.channel_created_sequence,
                 },
-                sender: login::Login {
+                sender: Login {
                     id: row.sender_id,
                     name: row.sender_name,
                 },
diff --git a/src/events/types.rs b/src/events/types.rs
index aca3af4..762b6e5 100644
--- a/src/events/types.rs
+++ b/src/events/types.rs
@@ -1,11 +1,8 @@
 use crate::{
+    channel,
     clock::DateTime,
-    repo::{
-        channel::{self, Channel},
-        login::Login,
-        message,
-        sequence::Sequence,
-    },
+    message,
+    repo::{channel::Channel, login::Login, message::Message, sequence::Sequence},
 };
 
 #[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
@@ -66,7 +63,7 @@ impl From<CreatedEvent> for ChannelEventData {
 pub struct MessageEvent {
     pub channel: Channel,
     pub sender: Login,
-    pub message: message::Message,
+    pub message: Message,
 }
 
 impl From<MessageEvent> for ChannelEventData {
diff --git a/src/lib.rs b/src/lib.rs
index 271118b..2300071 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -12,6 +12,7 @@ mod events;
 mod expire;
 mod id;
 mod login;
+mod message;
 mod password;
 mod repo;
 #[cfg(test)]
diff --git a/src/login/app.rs b/src/login/app.rs
index f1dffb9..8ea0a91 100644
--- a/src/login/app.rs
+++ b/src/login/app.rs
@@ -6,7 +6,9 @@ use futures::{
 };
 use sqlx::sqlite::SqlitePool;
 
-use super::{broadcaster::Broadcaster, extract::IdentitySecret, repo::auth::Provider as _, types};
+use super::{
+    broadcaster::Broadcaster, extract::IdentitySecret, repo::auth::Provider as _, token, types,
+};
 use crate::{
     clock::DateTime,
     password::Password,
@@ -14,7 +16,7 @@ use crate::{
         error::NotFound as _,
         login::{Login, Provider as _},
         sequence::{Provider as _, Sequence},
-        token::{self, Provider as _},
+        token::Provider as _,
     },
 };
 
diff --git a/src/login/extract.rs b/src/login/extract.rs
index bfdbe8d..39dd9e4 100644
--- a/src/login/extract.rs
+++ b/src/login/extract.rs
@@ -11,8 +11,8 @@ use crate::{
     app::App,
     clock::RequestedAt,
     error::{Internal, Unauthorized},
-    login::app::ValidateError,
-    repo::{login::Login, token},
+    login::{app::ValidateError, token},
+    repo::login::Login,
 };
 
 // The usage pattern here - receive the extractor as an argument, return it in
diff --git a/src/login/id.rs b/src/login/id.rs
new file mode 100644
index 0000000..c46d697
--- /dev/null
+++ b/src/login/id.rs
@@ -0,0 +1,24 @@
+use crate::id::Id as BaseId;
+
+// Stable identifier for a [Login]. Prefixed with `L`.
+#[derive(Clone, Debug, Eq, PartialEq, sqlx::Type, serde::Serialize)]
+#[sqlx(transparent)]
+pub struct Id(BaseId);
+
+impl From<BaseId> for Id {
+    fn from(id: BaseId) -> Self {
+        Self(id)
+    }
+}
+
+impl Id {
+    pub fn generate() -> Self {
+        BaseId::generate("L")
+    }
+}
+
+impl std::fmt::Display for Id {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        self.0.fmt(f)
+    }
+}
diff --git a/src/login/mod.rs b/src/login/mod.rs
index 6ae82ac..0430f4b 100644
--- a/src/login/mod.rs
+++ b/src/login/mod.rs
@@ -1,8 +1,11 @@
-pub use self::routes::router;
-
 pub mod app;
 pub mod broadcaster;
 pub mod extract;
+mod id;
 mod repo;
 mod routes;
+pub mod token;
 pub mod types;
+
+pub use self::id::Id;
+pub use self::routes::router;
diff --git a/src/login/repo/auth.rs b/src/login/repo/auth.rs
index 3033c8f..9816c5c 100644
--- a/src/login/repo/auth.rs
+++ b/src/login/repo/auth.rs
@@ -1,9 +1,6 @@
 use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
 
-use crate::{
-    password::StoredHash,
-    repo::login::{self, Login},
-};
+use crate::{login, password::StoredHash, repo::login::Login};
 
 pub trait Provider {
     fn auth(&mut self) -> Auth;
diff --git a/src/login/token/id.rs b/src/login/token/id.rs
new file mode 100644
index 0000000..9ef063c
--- /dev/null
+++ b/src/login/token/id.rs
@@ -0,0 +1,27 @@
+use std::fmt;
+
+use crate::id::Id as BaseId;
+
+// Stable identifier for a token. Prefixed with `T`.
+#[derive(Clone, Debug, Eq, Hash, PartialEq, sqlx::Type, serde::Deserialize, serde::Serialize)]
+#[sqlx(transparent)]
+#[serde(transparent)]
+pub struct Id(BaseId);
+
+impl From<BaseId> for Id {
+    fn from(id: BaseId) -> Self {
+        Self(id)
+    }
+}
+
+impl Id {
+    pub fn generate() -> Self {
+        BaseId::generate("T")
+    }
+}
+
+impl fmt::Display for Id {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        self.0.fmt(f)
+    }
+}
diff --git a/src/login/token/mod.rs b/src/login/token/mod.rs
new file mode 100644
index 0000000..d563a88
--- /dev/null
+++ b/src/login/token/mod.rs
@@ -0,0 +1,3 @@
+mod id;
+
+pub use self::id::Id;
diff --git a/src/login/types.rs b/src/login/types.rs
index 7c7cbf9..a210977 100644
--- a/src/login/types.rs
+++ b/src/login/types.rs
@@ -1,4 +1,4 @@
-use crate::repo::token;
+use crate::login::token;
 
 #[derive(Clone, Debug)]
 pub struct TokenRevoked {
diff --git a/src/message/id.rs b/src/message/id.rs
new file mode 100644
index 0000000..385b103
--- /dev/null
+++ b/src/message/id.rs
@@ -0,0 +1,27 @@
+use std::fmt;
+
+use crate::id::Id as BaseId;
+
+// Stable identifier for a [Message]. Prefixed with `M`.
+#[derive(Clone, Debug, Eq, Hash, PartialEq, sqlx::Type, serde::Deserialize, serde::Serialize)]
+#[sqlx(transparent)]
+#[serde(transparent)]
+pub struct Id(BaseId);
+
+impl From<BaseId> for Id {
+    fn from(id: BaseId) -> Self {
+        Self(id)
+    }
+}
+
+impl Id {
+    pub fn generate() -> Self {
+        BaseId::generate("M")
+    }
+}
+
+impl fmt::Display for Id {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        self.0.fmt(f)
+    }
+}
diff --git a/src/message/mod.rs b/src/message/mod.rs
new file mode 100644
index 0000000..d563a88
--- /dev/null
+++ b/src/message/mod.rs
@@ -0,0 +1,3 @@
+mod id;
+
+pub use self::id::Id;
diff --git a/src/repo/channel.rs b/src/repo/channel.rs
index ad42710..9f1d930 100644
--- a/src/repo/channel.rs
+++ b/src/repo/channel.rs
@@ -1,12 +1,10 @@
-use std::fmt;
-
 use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
 
 use super::sequence::Sequence;
 use crate::{
+    channel::Id,
     clock::DateTime,
     events::types::{self},
-    id::Id as BaseId,
 };
 
 pub trait Provider {
@@ -176,38 +174,3 @@ impl<'c> Channels<'c> {
         Ok(channels)
     }
 }
-
-// Stable identifier for a [Channel]. Prefixed with `C`.
-#[derive(
-    Clone,
-    Debug,
-    Eq,
-    Hash,
-    Ord,
-    PartialEq,
-    PartialOrd,
-    sqlx::Type,
-    serde::Deserialize,
-    serde::Serialize,
-)]
-#[sqlx(transparent)]
-#[serde(transparent)]
-pub struct Id(BaseId);
-
-impl From<BaseId> for Id {
-    fn from(id: BaseId) -> Self {
-        Self(id)
-    }
-}
-
-impl Id {
-    pub fn generate() -> Self {
-        BaseId::generate("C")
-    }
-}
-
-impl fmt::Display for Id {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        self.0.fmt(f)
-    }
-}
diff --git a/src/repo/login/mod.rs b/src/repo/login/mod.rs
index a1b4c6f..4ff7a96 100644
--- a/src/repo/login/mod.rs
+++ b/src/repo/login/mod.rs
@@ -1,4 +1,4 @@
 mod extract;
 mod store;
 
-pub use self::store::{Id, Login, Provider};
+pub use self::store::{Login, Provider};
diff --git a/src/repo/login/store.rs b/src/repo/login/store.rs
index b485941..47d1a7c 100644
--- a/src/repo/login/store.rs
+++ b/src/repo/login/store.rs
@@ -1,6 +1,6 @@
 use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
 
-use crate::{id::Id as BaseId, password::StoredHash};
+use crate::{login::Id, password::StoredHash};
 
 pub trait Provider {
     fn logins(&mut self) -> Logins;
@@ -61,26 +61,3 @@ impl<'t> From<&'t mut SqliteConnection> for Logins<'t> {
         Self(tx)
     }
 }
-
-// Stable identifier for a [Login]. Prefixed with `L`.
-#[derive(Clone, Debug, Eq, PartialEq, sqlx::Type, serde::Serialize)]
-#[sqlx(transparent)]
-pub struct Id(BaseId);
-
-impl From<BaseId> for Id {
-    fn from(id: BaseId) -> Self {
-        Self(id)
-    }
-}
-
-impl Id {
-    pub fn generate() -> Self {
-        BaseId::generate("L")
-    }
-}
-
-impl std::fmt::Display for Id {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        self.0.fmt(f)
-    }
-}
diff --git a/src/repo/message.rs b/src/repo/message.rs
index a1f73d5..acde3ea 100644
--- a/src/repo/message.rs
+++ b/src/repo/message.rs
@@ -1,30 +1,4 @@
-use std::fmt;
-
-use crate::id::Id as BaseId;
-
-// Stable identifier for a [Message]. Prefixed with `M`.
-#[derive(Clone, Debug, Eq, Hash, PartialEq, sqlx::Type, serde::Deserialize, serde::Serialize)]
-#[sqlx(transparent)]
-#[serde(transparent)]
-pub struct Id(BaseId);
-
-impl From<BaseId> for Id {
-    fn from(id: BaseId) -> Self {
-        Self(id)
-    }
-}
-
-impl Id {
-    pub fn generate() -> Self {
-        BaseId::generate("M")
-    }
-}
-
-impl fmt::Display for Id {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        self.0.fmt(f)
-    }
-}
+use crate::message::Id;
 
 #[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
 pub struct Message {
diff --git a/src/repo/token.rs b/src/repo/token.rs
index 1663f5e..79e5c54 100644
--- a/src/repo/token.rs
+++ b/src/repo/token.rs
@@ -1,10 +1,11 @@
-use std::fmt;
-
 use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
 use uuid::Uuid;
 
-use super::login::{self, Login};
-use crate::{clock::DateTime, id::Id as BaseId, login::extract::IdentitySecret};
+use super::login::Login;
+use crate::{
+    clock::DateTime,
+    login::{self, extract::IdentitySecret, token::Id},
+};
 
 pub trait Provider {
     fn tokens(&mut self) -> Tokens;
@@ -148,27 +149,3 @@ impl<'c> Tokens<'c> {
         Ok(login)
     }
 }
-
-// Stable identifier for a token. Prefixed with `T`.
-#[derive(Clone, Debug, Eq, Hash, PartialEq, sqlx::Type, serde::Deserialize, serde::Serialize)]
-#[sqlx(transparent)]
-#[serde(transparent)]
-pub struct Id(BaseId);
-
-impl From<BaseId> for Id {
-    fn from(id: BaseId) -> Self {
-        Self(id)
-    }
-}
-
-impl Id {
-    pub fn generate() -> Self {
-        BaseId::generate("T")
-    }
-}
-
-impl fmt::Display for Id {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        self.0.fmt(f)
-    }
-}
-- 
cgit v1.2.3


From 357116366c1307bedaac6a3dfe9c5ed8e0e0c210 Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Wed, 2 Oct 2024 00:41:25 -0400
Subject: First pass on reorganizing the backend.

This is primarily renames and repackagings.
---
 ...4db639b7a4a21210ebf0b7fba97cd016ff6ab4d769.json |  20 +
 ...884970c3eb93fc734d979e6b8e78cd7d0b6dd0b669.json |  20 -
 src/app.rs                                         |   2 +-
 src/channel/app.rs                                 |   9 +-
 src/channel/mod.rs                                 |  14 +-
 src/channel/routes.rs                              |   6 +-
 src/channel/routes/test/on_create.rs               |   2 +-
 src/channel/routes/test/on_send.rs                 |   2 +-
 src/cli.rs                                         |   4 +-
 src/event/app.rs                                   | 137 +++++++
 src/event/broadcaster.rs                           |   3 +
 src/event/extract.rs                               |  85 ++++
 src/event/mod.rs                                   |   9 +
 src/event/repo/message.rs                          | 188 +++++++++
 src/event/repo/mod.rs                              |   1 +
 src/event/routes.rs                                |  93 +++++
 src/event/routes/test.rs                           | 439 +++++++++++++++++++++
 src/event/sequence.rs                              |  24 ++
 src/event/types.rs                                 |  97 +++++
 src/events/app.rs                                  | 140 -------
 src/events/broadcaster.rs                          |   3 -
 src/events/extract.rs                              |  85 ----
 src/events/mod.rs                                  |   8 -
 src/events/repo/message.rs                         | 188 ---------
 src/events/repo/mod.rs                             |   1 -
 src/events/routes.rs                               |  92 -----
 src/events/routes/test.rs                          | 439 ---------------------
 src/events/types.rs                                |  96 -----
 src/lib.rs                                         |   4 +-
 src/login/app.rs                                   |  17 +-
 src/login/extract.rs                               | 181 +--------
 src/login/mod.rs                                   |  18 +-
 src/login/password.rs                              |  58 +++
 src/login/repo/auth.rs                             |   2 +-
 src/login/routes.rs                                |   6 +-
 src/login/token/id.rs                              |  27 --
 src/login/token/mod.rs                             |   3 -
 src/login/types.rs                                 |   2 +-
 src/message/mod.rs                                 |   6 +
 src/password.rs                                    |  58 ---
 src/repo/channel.rs                                |  15 +-
 src/repo/login.rs                                  |  50 +++
 src/repo/login/extract.rs                          |  15 -
 src/repo/login/mod.rs                              |   4 -
 src/repo/login/store.rs                            |  63 ---
 src/repo/message.rs                                |   7 -
 src/repo/mod.rs                                    |   1 -
 src/repo/sequence.rs                               |  27 +-
 src/repo/token.rs                                  |  10 +-
 src/test/fixtures/channel.rs                       |   2 +-
 src/test/fixtures/filter.rs                        |   2 +-
 src/test/fixtures/identity.rs                      |   9 +-
 src/test/fixtures/login.rs                         |   3 +-
 src/test/fixtures/message.rs                       |   7 +-
 src/token/extract/identity.rs                      |  75 ++++
 src/token/extract/identity_token.rs                |  94 +++++
 src/token/extract/mod.rs                           |   4 +
 src/token/id.rs                                    |  27 ++
 src/token/mod.rs                                   |   5 +
 src/token/secret.rs                                |  27 ++
 60 files changed, 1521 insertions(+), 1515 deletions(-)
 create mode 100644 .sqlx/query-8b474c8ed7859f745888644db639b7a4a21210ebf0b7fba97cd016ff6ab4d769.json
 delete mode 100644 .sqlx/query-e0deb4dfaffe4527ad630c884970c3eb93fc734d979e6b8e78cd7d0b6dd0b669.json
 create mode 100644 src/event/app.rs
 create mode 100644 src/event/broadcaster.rs
 create mode 100644 src/event/extract.rs
 create mode 100644 src/event/mod.rs
 create mode 100644 src/event/repo/message.rs
 create mode 100644 src/event/repo/mod.rs
 create mode 100644 src/event/routes.rs
 create mode 100644 src/event/routes/test.rs
 create mode 100644 src/event/sequence.rs
 create mode 100644 src/event/types.rs
 delete mode 100644 src/events/app.rs
 delete mode 100644 src/events/broadcaster.rs
 delete mode 100644 src/events/extract.rs
 delete mode 100644 src/events/mod.rs
 delete mode 100644 src/events/repo/message.rs
 delete mode 100644 src/events/repo/mod.rs
 delete mode 100644 src/events/routes.rs
 delete mode 100644 src/events/routes/test.rs
 delete mode 100644 src/events/types.rs
 create mode 100644 src/login/password.rs
 delete mode 100644 src/login/token/id.rs
 delete mode 100644 src/login/token/mod.rs
 delete mode 100644 src/password.rs
 create mode 100644 src/repo/login.rs
 delete mode 100644 src/repo/login/extract.rs
 delete mode 100644 src/repo/login/mod.rs
 delete mode 100644 src/repo/login/store.rs
 delete mode 100644 src/repo/message.rs
 create mode 100644 src/token/extract/identity.rs
 create mode 100644 src/token/extract/identity_token.rs
 create mode 100644 src/token/extract/mod.rs
 create mode 100644 src/token/id.rs
 create mode 100644 src/token/mod.rs
 create mode 100644 src/token/secret.rs

(limited to 'src/repo/channel.rs')

diff --git a/.sqlx/query-8b474c8ed7859f745888644db639b7a4a21210ebf0b7fba97cd016ff6ab4d769.json b/.sqlx/query-8b474c8ed7859f745888644db639b7a4a21210ebf0b7fba97cd016ff6ab4d769.json
new file mode 100644
index 0000000..b433e4c
--- /dev/null
+++ b/.sqlx/query-8b474c8ed7859f745888644db639b7a4a21210ebf0b7fba97cd016ff6ab4d769.json
@@ -0,0 +1,20 @@
+{
+  "db_name": "SQLite",
+  "query": "\n                insert\n                into token (id, secret, login, issued_at, last_used_at)\n                values ($1, $2, $3, $4, $4)\n                returning secret as \"secret!: Secret\"\n            ",
+  "describe": {
+    "columns": [
+      {
+        "name": "secret!: Secret",
+        "ordinal": 0,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 4
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "8b474c8ed7859f745888644db639b7a4a21210ebf0b7fba97cd016ff6ab4d769"
+}
diff --git a/.sqlx/query-e0deb4dfaffe4527ad630c884970c3eb93fc734d979e6b8e78cd7d0b6dd0b669.json b/.sqlx/query-e0deb4dfaffe4527ad630c884970c3eb93fc734d979e6b8e78cd7d0b6dd0b669.json
deleted file mode 100644
index eda6697..0000000
--- a/.sqlx/query-e0deb4dfaffe4527ad630c884970c3eb93fc734d979e6b8e78cd7d0b6dd0b669.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "db_name": "SQLite",
-  "query": "\n                insert\n                into token (id, secret, login, issued_at, last_used_at)\n                values ($1, $2, $3, $4, $4)\n                returning secret as \"secret!: IdentitySecret\"\n            ",
-  "describe": {
-    "columns": [
-      {
-        "name": "secret!: IdentitySecret",
-        "ordinal": 0,
-        "type_info": "Text"
-      }
-    ],
-    "parameters": {
-      "Right": 4
-    },
-    "nullable": [
-      false
-    ]
-  },
-  "hash": "e0deb4dfaffe4527ad630c884970c3eb93fc734d979e6b8e78cd7d0b6dd0b669"
-}
diff --git a/src/app.rs b/src/app.rs
index c13f52f..84a6357 100644
--- a/src/app.rs
+++ b/src/app.rs
@@ -2,7 +2,7 @@ use sqlx::sqlite::SqlitePool;
 
 use crate::{
     channel::app::Channels,
-    events::{app::Events, broadcaster::Broadcaster as EventBroadcaster},
+    event::{app::Events, broadcaster::Broadcaster as EventBroadcaster},
     login::{app::Logins, broadcaster::Broadcaster as LoginBroadcaster},
 };
 
diff --git a/src/channel/app.rs b/src/channel/app.rs
index d89e733..1422651 100644
--- a/src/channel/app.rs
+++ b/src/channel/app.rs
@@ -2,12 +2,11 @@ use chrono::TimeDelta;
 use sqlx::sqlite::SqlitePool;
 
 use crate::{
+    channel::Channel,
     clock::DateTime,
-    events::{broadcaster::Broadcaster, types::ChannelEvent},
-    repo::{
-        channel::{Channel, Provider as _},
-        sequence::{Provider as _, Sequence},
-    },
+    event::Sequence,
+    event::{broadcaster::Broadcaster, types::ChannelEvent},
+    repo::{channel::Provider as _, sequence::Provider as _},
 };
 
 pub struct Channels<'a> {
diff --git a/src/channel/mod.rs b/src/channel/mod.rs
index 3115e98..02d0ed4 100644
--- a/src/channel/mod.rs
+++ b/src/channel/mod.rs
@@ -1,7 +1,17 @@
+use crate::{clock::DateTime, event::Sequence};
+
 pub mod app;
 mod id;
 mod routes;
 
-pub use self::routes::router;
+pub use self::{id::Id, routes::router};
 
-pub use self::id::Id;
+#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
+pub struct Channel {
+    pub id: Id,
+    pub name: String,
+    #[serde(skip)]
+    pub created_at: DateTime,
+    #[serde(skip)]
+    pub created_sequence: Sequence,
+}
diff --git a/src/channel/routes.rs b/src/channel/routes.rs
index 72d6195..5d8b61e 100644
--- a/src/channel/routes.rs
+++ b/src/channel/routes.rs
@@ -10,11 +10,11 @@ use axum_extra::extract::Query;
 use super::app;
 use crate::{
     app::App,
-    channel,
+    channel::{self, Channel},
     clock::RequestedAt,
     error::Internal,
-    events::app::EventsError,
-    repo::{channel::Channel, login::Login, sequence::Sequence},
+    event::{app::EventsError, Sequence},
+    login::Login,
 };
 
 #[cfg(test)]
diff --git a/src/channel/routes/test/on_create.rs b/src/channel/routes/test/on_create.rs
index 72980ac..9988932 100644
--- a/src/channel/routes/test/on_create.rs
+++ b/src/channel/routes/test/on_create.rs
@@ -3,7 +3,7 @@ use futures::stream::StreamExt as _;
 
 use crate::{
     channel::{app, routes},
-    events::types,
+    event::types,
     test::fixtures::{self, future::Immediately as _},
 };
 
diff --git a/src/channel/routes/test/on_send.rs b/src/channel/routes/test/on_send.rs
index 987784d..6f844cd 100644
--- a/src/channel/routes/test/on_send.rs
+++ b/src/channel/routes/test/on_send.rs
@@ -4,7 +4,7 @@ use futures::stream::StreamExt;
 use crate::{
     channel,
     channel::routes,
-    events::{app, types},
+    event::{app, types},
     test::fixtures::{self, future::Immediately as _},
 };
 
diff --git a/src/cli.rs b/src/cli.rs
index 132baf8..ee95ea6 100644
--- a/src/cli.rs
+++ b/src/cli.rs
@@ -10,7 +10,7 @@ use clap::Parser;
 use sqlx::sqlite::SqlitePool;
 use tokio::net;
 
-use crate::{app::App, channel, clock, events, expire, login, repo::pool};
+use crate::{app::App, channel, clock, event, expire, login, repo::pool};
 
 /// Command-line entry point for running the `hi` server.
 ///
@@ -105,7 +105,7 @@ impl Args {
 }
 
 fn routers() -> Router<App> {
-    [channel::router(), events::router(), login::router()]
+    [channel::router(), event::router(), login::router()]
         .into_iter()
         .fold(Router::default(), Router::merge)
 }
diff --git a/src/event/app.rs b/src/event/app.rs
new file mode 100644
index 0000000..b5f2ecc
--- /dev/null
+++ b/src/event/app.rs
@@ -0,0 +1,137 @@
+use chrono::TimeDelta;
+use futures::{
+    future,
+    stream::{self, StreamExt as _},
+    Stream,
+};
+use sqlx::sqlite::SqlitePool;
+
+use super::{
+    broadcaster::Broadcaster,
+    repo::message::Provider as _,
+    types::{self, ChannelEvent},
+};
+use crate::{
+    channel,
+    clock::DateTime,
+    event::Sequence,
+    login::Login,
+    repo::{channel::Provider as _, error::NotFound as _, sequence::Provider as _},
+};
+
+pub struct Events<'a> {
+    db: &'a SqlitePool,
+    events: &'a Broadcaster,
+}
+
+impl<'a> Events<'a> {
+    pub const fn new(db: &'a SqlitePool, events: &'a Broadcaster) -> Self {
+        Self { db, events }
+    }
+
+    pub async fn send(
+        &self,
+        login: &Login,
+        channel: &channel::Id,
+        body: &str,
+        sent_at: &DateTime,
+    ) -> Result<types::ChannelEvent, EventsError> {
+        let mut tx = self.db.begin().await?;
+        let channel = tx
+            .channels()
+            .by_id(channel)
+            .await
+            .not_found(|| EventsError::ChannelNotFound(channel.clone()))?;
+        let sent_sequence = tx.sequence().next().await?;
+        let event = tx
+            .message_events()
+            .create(login, &channel, sent_at, sent_sequence, body)
+            .await?;
+        tx.commit().await?;
+
+        self.events.broadcast(&event);
+        Ok(event)
+    }
+
+    pub async fn expire(&self, relative_to: &DateTime) -> Result<(), sqlx::Error> {
+        // Somewhat arbitrarily, expire after 90 days.
+        let expire_at = relative_to.to_owned() - TimeDelta::days(90);
+
+        let mut tx = self.db.begin().await?;
+        let expired = tx.message_events().expired(&expire_at).await?;
+
+        let mut events = Vec::with_capacity(expired.len());
+        for (channel, message) in expired {
+            let deleted_sequence = tx.sequence().next().await?;
+            let event = tx
+                .message_events()
+                .delete(&channel, &message, relative_to, deleted_sequence)
+                .await?;
+            events.push(event);
+        }
+
+        tx.commit().await?;
+
+        for event in events {
+            self.events.broadcast(&event);
+        }
+
+        Ok(())
+    }
+
+    pub async fn subscribe(
+        &self,
+        resume_at: Option<Sequence>,
+    ) -> Result<impl Stream<Item = types::ChannelEvent> + std::fmt::Debug, sqlx::Error> {
+        // Subscribe before retrieving, to catch messages broadcast while we're
+        // querying the DB. We'll prune out duplicates later.
+        let live_messages = self.events.subscribe();
+
+        let mut tx = self.db.begin().await?;
+        let channels = tx.channels().replay(resume_at).await?;
+
+        let channel_events = channels
+            .into_iter()
+            .map(ChannelEvent::created)
+            .filter(move |event| resume_at.map_or(true, |resume_at| event.sequence > resume_at));
+
+        let message_events = tx.message_events().replay(resume_at).await?;
+
+        let mut replay_events = channel_events
+            .into_iter()
+            .chain(message_events.into_iter())
+            .collect::<Vec<_>>();
+        replay_events.sort_by_key(|event| event.sequence);
+        let resume_live_at = replay_events.last().map(|event| event.sequence);
+
+        let replay = stream::iter(replay_events);
+
+        // no skip_expired or resume transforms for stored_messages, as it's
+        // constructed not to contain messages meeting either criterion.
+        //
+        // * skip_expired is redundant with the `tx.broadcasts().expire(…)` call;
+        // * resume is redundant with the resume_at argument to
+        //   `tx.broadcasts().replay(…)`.
+        let live_messages = live_messages
+            // Filtering on the broadcast resume point filters out messages
+            // before resume_at, and filters out messages duplicated from
+            // stored_messages.
+            .filter(Self::resume(resume_live_at));
+
+        Ok(replay.chain(live_messages))
+    }
+
+    fn resume(
+        resume_at: Option<Sequence>,
+    ) -> impl for<'m> FnMut(&'m types::ChannelEvent) -> future::Ready<bool> {
+        move |event| future::ready(resume_at < Some(event.sequence))
+    }
+}
+
+#[derive(Debug, thiserror::Error)]
+pub enum EventsError {
+    #[error("channel {0} not found")]
+    ChannelNotFound(channel::Id),
+    #[error(transparent)]
+    DatabaseError(#[from] sqlx::Error),
+}
diff --git a/src/event/broadcaster.rs b/src/event/broadcaster.rs
new file mode 100644
index 0000000..92f631f
--- /dev/null
+++ b/src/event/broadcaster.rs
@@ -0,0 +1,3 @@
+use crate::{broadcast, event::types};
+
+pub type Broadcaster = broadcast::Broadcaster<types::ChannelEvent>;
diff --git a/src/event/extract.rs b/src/event/extract.rs
new file mode 100644
index 0000000..e3021e2
--- /dev/null
+++ b/src/event/extract.rs
@@ -0,0 +1,85 @@
+use std::ops::Deref;
+
+use axum::{
+    extract::FromRequestParts,
+    http::{request::Parts, HeaderName, HeaderValue},
+};
+use axum_extra::typed_header::TypedHeader;
+use serde::{de::DeserializeOwned, Serialize};
+
+// A typed header. When used as a bare extractor, reads from the
+// `Last-Event-Id` HTTP header.
+pub struct LastEventId<T>(pub T);
+
+static LAST_EVENT_ID: HeaderName = HeaderName::from_static("last-event-id");
+
+impl<T> headers::Header for LastEventId<T>
+where
+    T: Serialize + DeserializeOwned,
+{
+    fn name() -> &'static HeaderName {
+        &LAST_EVENT_ID
+    }
+
+    fn decode<'i, I>(values: &mut I) -> Result<Self, headers::Error>
+    where
+        I: Iterator<Item = &'i HeaderValue>,
+    {
+        let value = values.next().ok_or_else(headers::Error::invalid)?;
+        let value = value.to_str().map_err(|_| headers::Error::invalid())?;
+        let value = serde_json::from_str(value).map_err(|_| headers::Error::invalid())?;
+        Ok(Self(value))
+    }
+
+    fn encode<E>(&self, values: &mut E)
+    where
+        E: Extend<HeaderValue>,
+    {
+        let Self(value) = self;
+        // Must panic or suppress; the trait provides no other options.
+        let value = serde_json::to_string(value).expect("value can be encoded as JSON");
+        let value = HeaderValue::from_str(&value).expect("LastEventId is a valid header value");
+
+        values.extend(std::iter::once(value));
+    }
+}
+
+#[async_trait::async_trait]
+impl<S, T> FromRequestParts<S> for LastEventId<T>
+where
+    S: Send + Sync,
+    T: Serialize + DeserializeOwned,
+{
+    type Rejection = <TypedHeader<Self> as FromRequestParts<S>>::Rejection;
+
+    async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
+        // This is purely for ergonomics: it allows `RequestedAt` to be extracted
+        // without having to wrap it in `Extension<>`. Callers _can_ still do that,
+        // but they aren't forced to.
+        let TypedHeader(requested_at) = TypedHeader::from_request_parts(parts, state).await?;
+
+        Ok(requested_at)
+    }
+}
+
+impl<T> Deref for LastEventId<T> {
+    type Target = T;
+
+    fn deref(&self) -> &Self::Target {
+        let Self(header) = self;
+        header
+    }
+}
+
+impl<T> From<T> for LastEventId<T> {
+    fn from(value: T) -> Self {
+        Self(value)
+    }
+}
+
+impl<T> LastEventId<T> {
+    pub fn into_inner(self) -> T {
+        let Self(value) = self;
+        value
+    }
+}
diff --git a/src/event/mod.rs b/src/event/mod.rs
new file mode 100644
index 0000000..7ad3f9c
--- /dev/null
+++ b/src/event/mod.rs
@@ -0,0 +1,9 @@
+pub mod app;
+pub mod broadcaster;
+mod extract;
+pub mod repo;
+mod routes;
+mod sequence;
+pub mod types;
+
+pub use self::{routes::router, sequence::Sequence};
diff --git a/src/event/repo/message.rs b/src/event/repo/message.rs
new file mode 100644
index 0000000..f051fec
--- /dev/null
+++ b/src/event/repo/message.rs
@@ -0,0 +1,188 @@
+use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
+
+use crate::{
+    channel::{self, Channel},
+    clock::DateTime,
+    event::{types, Sequence},
+    login::{self, Login},
+    message::{self, Message},
+};
+
+pub trait Provider {
+    fn message_events(&mut self) -> Events;
+}
+
+impl<'c> Provider for Transaction<'c, Sqlite> {
+    fn message_events(&mut self) -> Events {
+        Events(self)
+    }
+}
+
+pub struct Events<'t>(&'t mut SqliteConnection);
+
+impl<'c> Events<'c> {
+    pub async fn create(
+        &mut self,
+        sender: &Login,
+        channel: &Channel,
+        sent_at: &DateTime,
+        sent_sequence: Sequence,
+        body: &str,
+    ) -> Result<types::ChannelEvent, sqlx::Error> {
+        let id = message::Id::generate();
+
+        let message = sqlx::query!(
+            r#"
+				insert into message
+					(id, channel, sender, sent_at, sent_sequence, body)
+				values ($1, $2, $3, $4, $5, $6)
+				returning
+					id as "id: message::Id",
+					sender as "sender: login::Id",
+                    sent_at as "sent_at: DateTime",
+                    sent_sequence as "sent_sequence: Sequence",
+					body
+			"#,
+            id,
+            channel.id,
+            sender.id,
+            sent_at,
+            sent_sequence,
+            body,
+        )
+        .map(|row| types::ChannelEvent {
+            sequence: row.sent_sequence,
+            at: row.sent_at,
+            data: types::MessageEvent {
+                channel: channel.clone(),
+                sender: sender.clone(),
+                message: Message {
+                    id: row.id,
+                    body: row.body,
+                },
+            }
+            .into(),
+        })
+        .fetch_one(&mut *self.0)
+        .await?;
+
+        Ok(message)
+    }
+
+    pub async fn delete(
+        &mut self,
+        channel: &Channel,
+        message: &message::Id,
+        deleted_at: &DateTime,
+        deleted_sequence: Sequence,
+    ) -> Result<types::ChannelEvent, sqlx::Error> {
+        sqlx::query_scalar!(
+            r#"
+                delete from message
+                where id = $1
+                returning 1 as "row: i64"
+            "#,
+            message,
+        )
+        .fetch_one(&mut *self.0)
+        .await?;
+
+        Ok(types::ChannelEvent {
+            sequence: deleted_sequence,
+            at: *deleted_at,
+            data: types::MessageDeletedEvent {
+                channel: channel.clone(),
+                message: message.clone(),
+            }
+            .into(),
+        })
+    }
+
+    pub async fn expired(
+        &mut self,
+        expire_at: &DateTime,
+    ) -> Result<Vec<(Channel, message::Id)>, sqlx::Error> {
+        let messages = sqlx::query!(
+            r#"
+                select
+                    channel.id as "channel_id: channel::Id",
+                    channel.name as "channel_name",
+                    channel.created_at as "channel_created_at: DateTime",
+                    channel.created_sequence as "channel_created_sequence: Sequence",
+                    message.id as "message: message::Id"
+                from message
+                    join channel on message.channel = channel.id
+                    join login as sender on message.sender = sender.id
+                where sent_at < $1
+            "#,
+            expire_at,
+        )
+        .map(|row| {
+            (
+                Channel {
+                    id: row.channel_id,
+                    name: row.channel_name,
+                    created_at: row.channel_created_at,
+                    created_sequence: row.channel_created_sequence,
+                },
+                row.message,
+            )
+        })
+        .fetch_all(&mut *self.0)
+        .await?;
+
+        Ok(messages)
+    }
+
+    pub async fn replay(
+        &mut self,
+        resume_at: Option<Sequence>,
+    ) -> Result<Vec<types::ChannelEvent>, sqlx::Error> {
+        let events = sqlx::query!(
+            r#"
+				select
+					message.id as "id: message::Id",
+                    channel.id as "channel_id: channel::Id",
+                    channel.name as "channel_name",
+                    channel.created_at as "channel_created_at: DateTime",
+                    channel.created_sequence as "channel_created_sequence: Sequence",
+					sender.id as "sender_id: login::Id",
+					sender.name as sender_name,
+                    message.sent_at as "sent_at: DateTime",
+                    message.sent_sequence as "sent_sequence: Sequence",
+                    message.body
+				from message
+                    join channel on message.channel = channel.id
+					join login as sender on message.sender = sender.id
+				where coalesce(message.sent_sequence > $1, true)
+				order by sent_sequence asc
+			"#,
+            resume_at,
+        )
+        .map(|row| types::ChannelEvent {
+            sequence: row.sent_sequence,
+            at: row.sent_at,
+            data: types::MessageEvent {
+                channel: Channel {
+                    id: row.channel_id,
+                    name: row.channel_name,
+                    created_at: row.channel_created_at,
+                    created_sequence: row.channel_created_sequence,
+                },
+                sender: Login {
+                    id: row.sender_id,
+                    name: row.sender_name,
+                },
+                message: Message {
+                    id: row.id,
+                    body: row.body,
+                },
+            }
+            .into(),
+        })
+        .fetch_all(&mut *self.0)
+        .await?;
+
+        Ok(events)
+    }
+}
diff --git a/src/event/repo/mod.rs b/src/event/repo/mod.rs
new file mode 100644
index 0000000..e216a50
--- /dev/null
+++ b/src/event/repo/mod.rs
@@ -0,0 +1 @@
+pub mod message;
diff --git a/src/event/routes.rs b/src/event/routes.rs
new file mode 100644
index 0000000..77761ca
--- /dev/null
+++ b/src/event/routes.rs
@@ -0,0 +1,93 @@
+use axum::{
+    extract::State,
+    response::{
+        sse::{self, Sse},
+        IntoResponse, Response,
+    },
+    routing::get,
+    Router,
+};
+use axum_extra::extract::Query;
+use futures::stream::{Stream, StreamExt as _};
+
+use super::{extract::LastEventId, types};
+use crate::{
+    app::App,
+    error::{Internal, Unauthorized},
+    event::Sequence,
+    login::app::ValidateError,
+    token::extract::Identity,
+};
+
+#[cfg(test)]
+mod test;
+
+pub fn router() -> Router<App> {
+    Router::new().route("/api/events", get(events))
+}
+
+#[derive(Default, serde::Deserialize)]
+struct EventsQuery {
+    resume_point: Option<Sequence>,
+}
+
+async fn events(
+    State(app): State<App>,
+    identity: Identity,
+    last_event_id: Option<LastEventId<Sequence>>,
+    Query(query): Query<EventsQuery>,
+) -> Result<Events<impl Stream<Item = types::ChannelEvent> + std::fmt::Debug>, EventsError> {
+    let resume_at = last_event_id
+        .map(LastEventId::into_inner)
+        .or(query.resume_point);
+
+    let stream = app.events().subscribe(resume_at).await?;
+    let stream = app.logins().limit_stream(identity.token, stream).await?;
+
+    Ok(Events(stream))
+}
+
+#[derive(Debug)]
+struct Events<S>(S);
+
+impl<S> IntoResponse for Events<S>
+where
+    S: Stream<Item = types::ChannelEvent> + Send + 'static,
+{
+    fn into_response(self) -> Response {
+        let Self(stream) = self;
+        let stream = stream.map(sse::Event::try_from);
+        Sse::new(stream)
+            .keep_alive(sse::KeepAlive::default())
+            .into_response()
+    }
+}
+
+impl TryFrom<types::ChannelEvent> for sse::Event {
+    type Error = serde_json::Error;
+
+    fn try_from(event: types::ChannelEvent) -> Result<Self, Self::Error> {
+        let id = serde_json::to_string(&event.sequence)?;
+        let data = serde_json::to_string_pretty(&event)?;
+
+        let event = Self::default().id(id).data(data);
+
+        Ok(event)
+    }
+}
+
+#[derive(Debug, thiserror::Error)]
+#[error(transparent)]
+pub enum EventsError {
+    DatabaseError(#[from] sqlx::Error),
+    ValidateError(#[from] ValidateError),
+}
+
+impl IntoResponse for EventsError {
+    fn into_response(self) -> Response {
+        match self {
+            Self::ValidateError(ValidateError::InvalidToken) => Unauthorized.into_response(),
+            other => Internal::from(other).into_response(),
+        }
+    }
+}
diff --git a/src/event/routes/test.rs b/src/event/routes/test.rs
new file mode 100644
index 0000000..9a3b12a
--- /dev/null
+++ b/src/event/routes/test.rs
@@ -0,0 +1,439 @@
+use axum::extract::State;
+use axum_extra::extract::Query;
+use futures::{
+    future,
+    stream::{self, StreamExt as _},
+};
+
+use crate::{
+    event::routes,
+    test::fixtures::{self, future::Immediately as _},
+};
+
+#[tokio::test]
+async fn includes_historical_message() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let sender = fixtures::login::create(&app).await;
+    let channel = fixtures::channel::create(&app, &fixtures::now()).await;
+    let message = fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await;
+
+    // Call the endpoint
+
+    let subscriber_creds = fixtures::login::create_with_password(&app).await;
+    let subscriber = fixtures::identity::identity(&app, &subscriber_creds, &fixtures::now()).await;
+    let routes::Events(events) = routes::events(State(app), subscriber, None, Query::default())
+        .await
+        .expect("subscribe never fails");
+
+    // Verify the structure of the response.
+
+    let event = events
+        .filter(fixtures::filter::messages())
+        .next()
+        .immediately()
+        .await
+        .expect("delivered stored message");
+
+    assert_eq!(message, event);
+}
+
+#[tokio::test]
+async fn includes_live_message() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let channel = fixtures::channel::create(&app, &fixtures::now()).await;
+
+    // Call the endpoint
+
+    let subscriber_creds = fixtures::login::create_with_password(&app).await;
+    let subscriber = fixtures::identity::identity(&app, &subscriber_creds, &fixtures::now()).await;
+    let routes::Events(events) =
+        routes::events(State(app.clone()), subscriber, None, Query::default())
+            .await
+            .expect("subscribe never fails");
+
+    // Verify the semantics
+
+    let sender = fixtures::login::create(&app).await;
+    let message = fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await;
+
+    let event = events
+        .filter(fixtures::filter::messages())
+        .next()
+        .immediately()
+        .await
+        .expect("delivered live message");
+
+    assert_eq!(message, event);
+}
+
+#[tokio::test]
+async fn includes_multiple_channels() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let sender = fixtures::login::create(&app).await;
+
+    let channels = [
+        fixtures::channel::create(&app, &fixtures::now()).await,
+        fixtures::channel::create(&app, &fixtures::now()).await,
+    ];
+
+    let messages = stream::iter(channels)
+        .then(|channel| {
+            let app = app.clone();
+            let sender = sender.clone();
+            let channel = channel.clone();
+            async move { fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await }
+        })
+        .collect::<Vec<_>>()
+        .await;
+
+    // Call the endpoint
+
+    let subscriber_creds = fixtures::login::create_with_password(&app).await;
+    let subscriber = fixtures::identity::identity(&app, &subscriber_creds, &fixtures::now()).await;
+    let routes::Events(events) = routes::events(State(app), subscriber, None, Query::default())
+        .await
+        .expect("subscribe never fails");
+
+    // Verify the structure of the response.
+
+    let events = events
+        .filter(fixtures::filter::messages())
+        .take(messages.len())
+        .collect::<Vec<_>>()
+        .immediately()
+        .await;
+
+    for message in &messages {
+        assert!(events.iter().any(|event| { event == message }));
+    }
+}
+
+#[tokio::test]
+async fn sequential_messages() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let channel = fixtures::channel::create(&app, &fixtures::now()).await;
+    let sender = fixtures::login::create(&app).await;
+
+    let messages = vec![
+        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
+        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
+        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
+    ];
+
+    // Call the endpoint
+
+    let subscriber_creds = fixtures::login::create_with_password(&app).await;
+    let subscriber = fixtures::identity::identity(&app, &subscriber_creds, &fixtures::now()).await;
+    let routes::Events(events) = routes::events(State(app), subscriber, None, Query::default())
+        .await
+        .expect("subscribe never fails");
+
+    // Verify the structure of the response.
+
+    let mut events = events.filter(|event| future::ready(messages.contains(event)));
+
+    // Verify delivery in order
+    for message in &messages {
+        let event = events
+            .next()
+            .immediately()
+            .await
+            .expect("undelivered messages remaining");
+
+        assert_eq!(message, &event);
+    }
+}
+
+#[tokio::test]
+async fn resumes_from() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let channel = fixtures::channel::create(&app, &fixtures::now()).await;
+    let sender = fixtures::login::create(&app).await;
+
+    let initial_message = fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await;
+
+    let later_messages = vec![
+        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
+        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
+    ];
+
+    // Call the endpoint
+
+    let subscriber_creds = fixtures::login::create_with_password(&app).await;
+    let subscriber = fixtures::identity::identity(&app, &subscriber_creds, &fixtures::now()).await;
+
+    let resume_at = {
+        // First subscription
+        let routes::Events(events) = routes::events(
+            State(app.clone()),
+            subscriber.clone(),
+            None,
+            Query::default(),
+        )
+        .await
+        .expect("subscribe never fails");
+
+        let event = events
+            .filter(fixtures::filter::messages())
+            .next()
+            .immediately()
+            .await
+            .expect("delivered events");
+
+        assert_eq!(initial_message, event);
+
+        event.sequence
+    };
+
+    // Resume after disconnect
+    let routes::Events(resumed) = routes::events(
+        State(app),
+        subscriber,
+        Some(resume_at.into()),
+        Query::default(),
+    )
+    .await
+    .expect("subscribe never fails");
+
+    // Verify the structure of the response.
+
+    let events = resumed
+        .take(later_messages.len())
+        .collect::<Vec<_>>()
+        .immediately()
+        .await;
+
+    for message in &later_messages {
+        assert!(events.iter().any(|event| event == message));
+    }
+}
+
+// This test verifies a real bug I hit developing the vector-of-sequences
+// approach to resuming events. A small omission caused the event IDs in a
+// resumed stream to _omit_ channels that were in the original stream until
+// those channels also appeared in the resumed stream.
+//
+// Clients would see something like
+// * In the original stream, Cfoo=5,Cbar=8
+// * In the resumed stream, Cfoo=6 (no Cbar sequence number)
+//
+// Disconnecting and reconnecting a second time, using event IDs from that
+// initial period of the first resume attempt, would then cause the second
+// resume attempt to restart all other channels from the beginning, and not
+// from where the first disconnection happened.
+//
+// This is a real and valid behaviour for clients!
+#[tokio::test]
+async fn serial_resume() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let sender = fixtures::login::create(&app).await;
+    let channel_a = fixtures::channel::create(&app, &fixtures::now()).await;
+    let channel_b = fixtures::channel::create(&app, &fixtures::now()).await;
+
+    // Call the endpoint
+
+    let subscriber_creds = fixtures::login::create_with_password(&app).await;
+    let subscriber = fixtures::identity::identity(&app, &subscriber_creds, &fixtures::now()).await;
+
+    let resume_at = {
+        let initial_messages = [
+            fixtures::message::send(&app, &sender, &channel_a, &fixtures::now()).await,
+            fixtures::message::send(&app, &sender, &channel_b, &fixtures::now()).await,
+        ];
+
+        // First subscription
+        let routes::Events(events) = routes::events(
+            State(app.clone()),
+            subscriber.clone(),
+            None,
+            Query::default(),
+        )
+        .await
+        .expect("subscribe never fails");
+
+        let events = events
+            .filter(fixtures::filter::messages())
+            .take(initial_messages.len())
+            .collect::<Vec<_>>()
+            .immediately()
+            .await;
+
+        for message in &initial_messages {
+            assert!(events.iter().any(|event| event == message));
+        }
+
+        let event = events.last().expect("this vec is non-empty");
+
+        event.sequence
+    };
+
+    // Resume after disconnect
+    let resume_at = {
+        let resume_messages = [
+            // Note that channel_b does not appear here. The buggy behaviour
+            // would be masked if channel_b happened to send a new message
+            // into the resumed event stream.
+            fixtures::message::send(&app, &sender, &channel_a, &fixtures::now()).await,
+            fixtures::message::send(&app, &sender, &channel_a, &fixtures::now()).await,
+        ];
+
+        // Second subscription
+        let routes::Events(events) = routes::events(
+            State(app.clone()),
+            subscriber.clone(),
+            Some(resume_at.into()),
+            Query::default(),
+        )
+        .await
+        .expect("subscribe never fails");
+
+        let events = events
+            .filter(fixtures::filter::messages())
+            .take(resume_messages.len())
+            .collect::<Vec<_>>()
+            .immediately()
+            .await;
+
+        for message in &resume_messages {
+            assert!(events.iter().any(|event| event == message));
+        }
+
+        let event = events.last().expect("this vec is non-empty");
+
+        event.sequence
+    };
+
+    // Resume after disconnect a second time
+    {
+        // At this point, we can send on either channel and demonstrate the
+        // problem. The resume point should before both of these messages, but
+        // after _all_ prior messages.
+        let final_messages = [
+            fixtures::message::send(&app, &sender, &channel_a, &fixtures::now()).await,
+            fixtures::message::send(&app, &sender, &channel_b, &fixtures::now()).await,
+        ];
+
+        // Third subscription
+        let routes::Events(events) = routes::events(
+            State(app.clone()),
+            subscriber.clone(),
+            Some(resume_at.into()),
+            Query::default(),
+        )
+        .await
+        .expect("subscribe never fails");
+
+        let events = events
+            .filter(fixtures::filter::messages())
+            .take(final_messages.len())
+            .collect::<Vec<_>>()
+            .immediately()
+            .await;
+
+        // This set of messages, in particular, _should not_ include any prior
+        // messages from `initial_messages` or `resume_messages`.
+        for message in &final_messages {
+            assert!(events.iter().any(|event| event == message));
+        }
+    };
+}
+
+#[tokio::test]
+async fn terminates_on_token_expiry() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let channel = fixtures::channel::create(&app, &fixtures::now()).await;
+    let sender = fixtures::login::create(&app).await;
+
+    // Subscribe via the endpoint
+
+    let subscriber_creds = fixtures::login::create_with_password(&app).await;
+    let subscriber =
+        fixtures::identity::identity(&app, &subscriber_creds, &fixtures::ancient()).await;
+
+    let routes::Events(events) =
+        routes::events(State(app.clone()), subscriber, None, Query::default())
+            .await
+            .expect("subscribe never fails");
+
+    // Verify the resulting stream's behaviour
+
+    app.logins()
+        .expire(&fixtures::now())
+        .await
+        .expect("expiring tokens succeeds");
+
+    // These should not be delivered.
+    let messages = [
+        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
+        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
+        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
+    ];
+
+    assert!(events
+        .filter(|event| future::ready(messages.contains(event)))
+        .next()
+        .immediately()
+        .await
+        .is_none());
+}
+
+#[tokio::test]
+async fn terminates_on_logout() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let channel = fixtures::channel::create(&app, &fixtures::now()).await;
+    let sender = fixtures::login::create(&app).await;
+
+    // Subscribe via the endpoint
+
+    let subscriber_creds = fixtures::login::create_with_password(&app).await;
+    let subscriber_token =
+        fixtures::identity::logged_in(&app, &subscriber_creds, &fixtures::now()).await;
+    let subscriber =
+        fixtures::identity::from_token(&app, &subscriber_token, &fixtures::now()).await;
+
+    let routes::Events(events) = routes::events(
+        State(app.clone()),
+        subscriber.clone(),
+        None,
+        Query::default(),
+    )
+    .await
+    .expect("subscribe never fails");
+
+    // Verify the resulting stream's behaviour
+
+    app.logins()
+        .logout(&subscriber.token)
+        .await
+        .expect("expiring tokens succeeds");
+
+    // These should not be delivered.
+    let messages = [
+        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
+        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
+        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
+    ];
+
+    assert!(events
+        .filter(|event| future::ready(messages.contains(event)))
+        .next()
+        .immediately()
+        .await
+        .is_none());
+}
diff --git a/src/event/sequence.rs b/src/event/sequence.rs
new file mode 100644
index 0000000..9ebddd7
--- /dev/null
+++ b/src/event/sequence.rs
@@ -0,0 +1,24 @@
+use std::fmt;
+
+#[derive(
+    Clone,
+    Copy,
+    Debug,
+    Eq,
+    Ord,
+    PartialEq,
+    PartialOrd,
+    serde::Deserialize,
+    serde::Serialize,
+    sqlx::Type,
+)]
+#[serde(transparent)]
+#[sqlx(transparent)]
+pub struct Sequence(i64);
+
+impl fmt::Display for Sequence {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        let Self(value) = self;
+        value.fmt(f)
+    }
+}
diff --git a/src/event/types.rs b/src/event/types.rs
new file mode 100644
index 0000000..cd7dea6
--- /dev/null
+++ b/src/event/types.rs
@@ -0,0 +1,97 @@
+use crate::{
+    channel::{self, Channel},
+    clock::DateTime,
+    event::Sequence,
+    login::Login,
+    message::{self, Message},
+};
+
+#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
+pub struct ChannelEvent {
+    #[serde(skip)]
+    pub sequence: Sequence,
+    pub at: DateTime,
+    #[serde(flatten)]
+    pub data: ChannelEventData,
+}
+
+impl ChannelEvent {
+    pub fn created(channel: Channel) -> Self {
+        Self {
+            at: channel.created_at,
+            sequence: channel.created_sequence,
+            data: CreatedEvent { channel }.into(),
+        }
+    }
+
+    pub fn channel_id(&self) -> &channel::Id {
+        match &self.data {
+            ChannelEventData::Created(event) => &event.channel.id,
+            ChannelEventData::Message(event) => &event.channel.id,
+            ChannelEventData::MessageDeleted(event) => &event.channel.id,
+            ChannelEventData::Deleted(event) => &event.channel,
+        }
+    }
+}
+
+impl<'c> From<&'c ChannelEvent> for Sequence {
+    fn from(event: &'c ChannelEvent) -> Self {
+        event.sequence
+    }
+}
+
+#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
+#[serde(tag = "type", rename_all = "snake_case")]
+pub enum ChannelEventData {
+    Created(CreatedEvent),
+    Message(MessageEvent),
+    MessageDeleted(MessageDeletedEvent),
+    Deleted(DeletedEvent),
+}
+
+#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
+pub struct CreatedEvent {
+    pub channel: Channel,
+}
+
+impl From<CreatedEvent> for ChannelEventData {
+    fn from(event: CreatedEvent) -> Self {
+        Self::Created(event)
+    }
+}
+
+#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
+pub struct MessageEvent {
+    pub channel: Channel,
+    pub sender: Login,
+    pub message: Message,
+}
+
+impl From<MessageEvent> for ChannelEventData {
+    fn from(event: MessageEvent) -> Self {
+        Self::Message(event)
+    }
+}
+
+#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
+pub struct MessageDeletedEvent {
+    pub channel: Channel,
+    pub message: message::Id,
+}
+
+impl From<MessageDeletedEvent> for ChannelEventData {
+    fn from(event: MessageDeletedEvent) -> Self {
+        Self::MessageDeleted(event)
+    }
+}
+
+#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
+pub struct DeletedEvent {
+    pub channel: channel::Id,
+}
+
+impl From<DeletedEvent> for ChannelEventData {
+    fn from(event: DeletedEvent) -> Self {
+        Self::Deleted(event)
+    }
+}
diff --git a/src/events/app.rs b/src/events/app.rs
deleted file mode 100644
index 1fa2f70..0000000
--- a/src/events/app.rs
+++ /dev/null
@@ -1,140 +0,0 @@
-use chrono::TimeDelta;
-use futures::{
-    future,
-    stream::{self, StreamExt as _},
-    Stream,
-};
-use sqlx::sqlite::SqlitePool;
-
-use super::{
-    broadcaster::Broadcaster,
-    repo::message::Provider as _,
-    types::{self, ChannelEvent},
-};
-use crate::{
-    channel,
-    clock::DateTime,
-    repo::{
-        channel::Provider as _,
-        error::NotFound as _,
-        login::Login,
-        sequence::{Provider as _, Sequence},
-    },
-};
-
-pub struct Events<'a> {
-    db: &'a SqlitePool,
-    events: &'a Broadcaster,
-}
-
-impl<'a> Events<'a> {
-    pub const fn new(db: &'a SqlitePool, events: &'a Broadcaster) -> Self {
-        Self { db, events }
-    }
-
-    pub async fn send(
-        &self,
-        login: &Login,
-        channel: &channel::Id,
-        body: &str,
-        sent_at: &DateTime,
-    ) -> Result<types::ChannelEvent, EventsError> {
-        let mut tx = self.db.begin().await?;
-        let channel = tx
-            .channels()
-            .by_id(channel)
-            .await
-            .not_found(|| EventsError::ChannelNotFound(channel.clone()))?;
-        let sent_sequence = tx.sequence().next().await?;
-        let event = tx
-            .message_events()
-            .create(login, &channel, sent_at, sent_sequence, body)
-            .await?;
-        tx.commit().await?;
-
-        self.events.broadcast(&event);
-        Ok(event)
-    }
-
-    pub async fn expire(&self, relative_to: &DateTime) -> Result<(), sqlx::Error> {
-        // Somewhat arbitrarily, expire after 90 days.
-        let expire_at = relative_to.to_owned() - TimeDelta::days(90);
-
-        let mut tx = self.db.begin().await?;
-        let expired = tx.message_events().expired(&expire_at).await?;
-
-        let mut events = Vec::with_capacity(expired.len());
-        for (channel, message) in expired {
-            let deleted_sequence = tx.sequence().next().await?;
-            let event = tx
-                .message_events()
-                .delete(&channel, &message, relative_to, deleted_sequence)
-                .await?;
-            events.push(event);
-        }
-
-        tx.commit().await?;
-
-        for event in events {
-            self.events.broadcast(&event);
-        }
-
-        Ok(())
-    }
-
-    pub async fn subscribe(
-        &self,
-        resume_at: Option<Sequence>,
-    ) -> Result<impl Stream<Item = types::ChannelEvent> + std::fmt::Debug, sqlx::Error> {
-        // Subscribe before retrieving, to catch messages broadcast while we're
-        // querying the DB. We'll prune out duplicates later.
-        let live_messages = self.events.subscribe();
-
-        let mut tx = self.db.begin().await?;
-        let channels = tx.channels().replay(resume_at).await?;
-
-        let channel_events = channels
-            .into_iter()
-            .map(ChannelEvent::created)
-            .filter(move |event| resume_at.map_or(true, |resume_at| event.sequence > resume_at));
-
-        let message_events = tx.message_events().replay(resume_at).await?;
-
-        let mut replay_events = channel_events
-            .into_iter()
-            .chain(message_events.into_iter())
-            .collect::<Vec<_>>();
-        replay_events.sort_by_key(|event| event.sequence);
-        let resume_live_at = replay_events.last().map(|event| event.sequence);
-
-        let replay = stream::iter(replay_events);
-
-        // no skip_expired or resume transforms for stored_messages, as it's
-        // constructed not to contain messages meeting either criterion.
-        //
-        // * skip_expired is redundant with the `tx.broadcasts().expire(…)` call;
-        // * resume is redundant with the resume_at argument to
-        //   `tx.broadcasts().replay(…)`.
-        let live_messages = live_messages
-            // Filtering on the broadcast resume point filters out messages
-            // before resume_at, and filters out messages duplicated from
-            // stored_messages.
-            .filter(Self::resume(resume_live_at));
-
-        Ok(replay.chain(live_messages))
-    }
-
-    fn resume(
-        resume_at: Option<Sequence>,
-    ) -> impl for<'m> FnMut(&'m types::ChannelEvent) -> future::Ready<bool> {
-        move |event| future::ready(resume_at < Some(event.sequence))
-    }
-}
-
-#[derive(Debug, thiserror::Error)]
-pub enum EventsError {
-    #[error("channel {0} not found")]
-    ChannelNotFound(channel::Id),
-    #[error(transparent)]
-    DatabaseError(#[from] sqlx::Error),
-}
diff --git a/src/events/broadcaster.rs b/src/events/broadcaster.rs
deleted file mode 100644
index 6b664cb..0000000
--- a/src/events/broadcaster.rs
+++ /dev/null
@@ -1,3 +0,0 @@
-use crate::{broadcast, events::types};
-
-pub type Broadcaster = broadcast::Broadcaster<types::ChannelEvent>;
diff --git a/src/events/extract.rs b/src/events/extract.rs
deleted file mode 100644
index e3021e2..0000000
--- a/src/events/extract.rs
+++ /dev/null
@@ -1,85 +0,0 @@
-use std::ops::Deref;
-
-use axum::{
-    extract::FromRequestParts,
-    http::{request::Parts, HeaderName, HeaderValue},
-};
-use axum_extra::typed_header::TypedHeader;
-use serde::{de::DeserializeOwned, Serialize};
-
-// A typed header. When used as a bare extractor, reads from the
-// `Last-Event-Id` HTTP header.
-pub struct LastEventId<T>(pub T);
-
-static LAST_EVENT_ID: HeaderName = HeaderName::from_static("last-event-id");
-
-impl<T> headers::Header for LastEventId<T>
-where
-    T: Serialize + DeserializeOwned,
-{
-    fn name() -> &'static HeaderName {
-        &LAST_EVENT_ID
-    }
-
-    fn decode<'i, I>(values: &mut I) -> Result<Self, headers::Error>
-    where
-        I: Iterator<Item = &'i HeaderValue>,
-    {
-        let value = values.next().ok_or_else(headers::Error::invalid)?;
-        let value = value.to_str().map_err(|_| headers::Error::invalid())?;
-        let value = serde_json::from_str(value).map_err(|_| headers::Error::invalid())?;
-        Ok(Self(value))
-    }
-
-    fn encode<E>(&self, values: &mut E)
-    where
-        E: Extend<HeaderValue>,
-    {
-        let Self(value) = self;
-        // Must panic or suppress; the trait provides no other options.
-        let value = serde_json::to_string(value).expect("value can be encoded as JSON");
-        let value = HeaderValue::from_str(&value).expect("LastEventId is a valid header value");
-
-        values.extend(std::iter::once(value));
-    }
-}
-
-#[async_trait::async_trait]
-impl<S, T> FromRequestParts<S> for LastEventId<T>
-where
-    S: Send + Sync,
-    T: Serialize + DeserializeOwned,
-{
-    type Rejection = <TypedHeader<Self> as FromRequestParts<S>>::Rejection;
-
-    async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
-        // This is purely for ergonomics: it allows `RequestedAt` to be extracted
-        // without having to wrap it in `Extension<>`. Callers _can_ still do that,
-        // but they aren't forced to.
-        let TypedHeader(requested_at) = TypedHeader::from_request_parts(parts, state).await?;
-
-        Ok(requested_at)
-    }
-}
-
-impl<T> Deref for LastEventId<T> {
-    type Target = T;
-
-    fn deref(&self) -> &Self::Target {
-        let Self(header) = self;
-        header
-    }
-}
-
-impl<T> From<T> for LastEventId<T> {
-    fn from(value: T) -> Self {
-        Self(value)
-    }
-}
-
-impl<T> LastEventId<T> {
-    pub fn into_inner(self) -> T {
-        let Self(value) = self;
-        value
-    }
-}
diff --git a/src/events/mod.rs b/src/events/mod.rs
deleted file mode 100644
index 711ae64..0000000
--- a/src/events/mod.rs
+++ /dev/null
@@ -1,8 +0,0 @@
-pub mod app;
-pub mod broadcaster;
-mod extract;
-pub mod repo;
-mod routes;
-pub mod types;
-
-pub use self::routes::router;
diff --git a/src/events/repo/message.rs b/src/events/repo/message.rs
deleted file mode 100644
index 00c24b1..0000000
--- a/src/events/repo/message.rs
+++ /dev/null
@@ -1,188 +0,0 @@
-use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
-
-use crate::{
-    channel,
-    clock::DateTime,
-    events::types,
-    login, message,
-    repo::{channel::Channel, login::Login, message::Message, sequence::Sequence},
-};
-
-pub trait Provider {
-    fn message_events(&mut self) -> Events;
-}
-
-impl<'c> Provider for Transaction<'c, Sqlite> {
-    fn message_events(&mut self) -> Events {
-        Events(self)
-    }
-}
-
-pub struct Events<'t>(&'t mut SqliteConnection);
-
-impl<'c> Events<'c> {
-    pub async fn create(
-        &mut self,
-        sender: &Login,
-        channel: &Channel,
-        sent_at: &DateTime,
-        sent_sequence: Sequence,
-        body: &str,
-    ) -> Result<types::ChannelEvent, sqlx::Error> {
-        let id = message::Id::generate();
-
-        let message = sqlx::query!(
-            r#"
-				insert into message
-					(id, channel, sender, sent_at, sent_sequence, body)
-				values ($1, $2, $3, $4, $5, $6)
-				returning
-					id as "id: message::Id",
-					sender as "sender: login::Id",
-                    sent_at as "sent_at: DateTime",
-                    sent_sequence as "sent_sequence: Sequence",
-					body
-			"#,
-            id,
-            channel.id,
-            sender.id,
-            sent_at,
-            sent_sequence,
-            body,
-        )
-        .map(|row| types::ChannelEvent {
-            sequence: row.sent_sequence,
-            at: row.sent_at,
-            data: types::MessageEvent {
-                channel: channel.clone(),
-                sender: sender.clone(),
-                message: Message {
-                    id: row.id,
-                    body: row.body,
-                },
-            }
-            .into(),
-        })
-        .fetch_one(&mut *self.0)
-        .await?;
-
-        Ok(message)
-    }
-
-    pub async fn delete(
-        &mut self,
-        channel: &Channel,
-        message: &message::Id,
-        deleted_at: &DateTime,
-        deleted_sequence: Sequence,
-    ) -> Result<types::ChannelEvent, sqlx::Error> {
-        sqlx::query_scalar!(
-            r#"
-                delete from message
-                where id = $1
-                returning 1 as "row: i64"
-            "#,
-            message,
-        )
-        .fetch_one(&mut *self.0)
-        .await?;
-
-        Ok(types::ChannelEvent {
-            sequence: deleted_sequence,
-            at: *deleted_at,
-            data: types::MessageDeletedEvent {
-                channel: channel.clone(),
-                message: message.clone(),
-            }
-            .into(),
-        })
-    }
-
-    pub async fn expired(
-        &mut self,
-        expire_at: &DateTime,
-    ) -> Result<Vec<(Channel, message::Id)>, sqlx::Error> {
-        let messages = sqlx::query!(
-            r#"
-                select
-                    channel.id as "channel_id: channel::Id",
-                    channel.name as "channel_name",
-                    channel.created_at as "channel_created_at: DateTime",
-                    channel.created_sequence as "channel_created_sequence: Sequence",
-                    message.id as "message: message::Id"
-                from message
-                    join channel on message.channel = channel.id
-                    join login as sender on message.sender = sender.id
-                where sent_at < $1
-            "#,
-            expire_at,
-        )
-        .map(|row| {
-            (
-                Channel {
-                    id: row.channel_id,
-                    name: row.channel_name,
-                    created_at: row.channel_created_at,
-                    created_sequence: row.channel_created_sequence,
-                },
-                row.message,
-            )
-        })
-        .fetch_all(&mut *self.0)
-        .await?;
-
-        Ok(messages)
-    }
-
-    pub async fn replay(
-        &mut self,
-        resume_at: Option<Sequence>,
-    ) -> Result<Vec<types::ChannelEvent>, sqlx::Error> {
-        let events = sqlx::query!(
-            r#"
-				select
-					message.id as "id: message::Id",
-                    channel.id as "channel_id: channel::Id",
-                    channel.name as "channel_name",
-                    channel.created_at as "channel_created_at: DateTime",
-                    channel.created_sequence as "channel_created_sequence: Sequence",
-					sender.id as "sender_id: login::Id",
-					sender.name as sender_name,
-                    message.sent_at as "sent_at: DateTime",
-                    message.sent_sequence as "sent_sequence: Sequence",
-                    message.body
-				from message
-                    join channel on message.channel = channel.id
-					join login as sender on message.sender = sender.id
-				where coalesce(message.sent_sequence > $1, true)
-				order by sent_sequence asc
-			"#,
-            resume_at,
-        )
-        .map(|row| types::ChannelEvent {
-            sequence: row.sent_sequence,
-            at: row.sent_at,
-            data: types::MessageEvent {
-                channel: Channel {
-                    id: row.channel_id,
-                    name: row.channel_name,
-                    created_at: row.channel_created_at,
-                    created_sequence: row.channel_created_sequence,
-                },
-                sender: Login {
-                    id: row.sender_id,
-                    name: row.sender_name,
-                },
-                message: Message {
-                    id: row.id,
-                    body: row.body,
-                },
-            }
-            .into(),
-        })
-        .fetch_all(&mut *self.0)
-        .await?;
-
-        Ok(events)
-    }
-}
diff --git a/src/events/repo/mod.rs b/src/events/repo/mod.rs
deleted file mode 100644
index e216a50..0000000
--- a/src/events/repo/mod.rs
+++ /dev/null
@@ -1 +0,0 @@
-pub mod message;
diff --git a/src/events/routes.rs b/src/events/routes.rs
deleted file mode 100644
index d81c7fb..0000000
--- a/src/events/routes.rs
+++ /dev/null
@@ -1,92 +0,0 @@
-use axum::{
-    extract::State,
-    response::{
-        sse::{self, Sse},
-        IntoResponse, Response,
-    },
-    routing::get,
-    Router,
-};
-use axum_extra::extract::Query;
-use futures::stream::{Stream, StreamExt as _};
-
-use super::{extract::LastEventId, types};
-use crate::{
-    app::App,
-    error::{Internal, Unauthorized},
-    login::{app::ValidateError, extract::Identity},
-    repo::sequence::Sequence,
-};
-
-#[cfg(test)]
-mod test;
-
-pub fn router() -> Router<App> {
-    Router::new().route("/api/events", get(events))
-}
-
-#[derive(Default, serde::Deserialize)]
-struct EventsQuery {
-    resume_point: Option<Sequence>,
-}
-
-async fn events(
-    State(app): State<App>,
-    identity: Identity,
-    last_event_id: Option<LastEventId<Sequence>>,
-    Query(query): Query<EventsQuery>,
-) -> Result<Events<impl Stream<Item = types::ChannelEvent> + std::fmt::Debug>, EventsError> {
-    let resume_at = last_event_id
-        .map(LastEventId::into_inner)
-        .or(query.resume_point);
-
-    let stream = app.events().subscribe(resume_at).await?;
-    let stream = app.logins().limit_stream(identity.token, stream).await?;
-
-    Ok(Events(stream))
-}
-
-#[derive(Debug)]
-struct Events<S>(S);
-
-impl<S> IntoResponse for Events<S>
-where
-    S: Stream<Item = types::ChannelEvent> + Send + 'static,
-{
-    fn into_response(self) -> Response {
-        let Self(stream) = self;
-        let stream = stream.map(sse::Event::try_from);
-        Sse::new(stream)
-            .keep_alive(sse::KeepAlive::default())
-            .into_response()
-    }
-}
-
-impl TryFrom<types::ChannelEvent> for sse::Event {
-    type Error = serde_json::Error;
-
-    fn try_from(event: types::ChannelEvent) -> Result<Self, Self::Error> {
-        let id = serde_json::to_string(&event.sequence)?;
-        let data = serde_json::to_string_pretty(&event)?;
-
-        let event = Self::default().id(id).data(data);
-
-        Ok(event)
-    }
-}
-
-#[derive(Debug, thiserror::Error)]
-#[error(transparent)]
-pub enum EventsError {
-    DatabaseError(#[from] sqlx::Error),
-    ValidateError(#[from] ValidateError),
-}
-
-impl IntoResponse for EventsError {
-    fn into_response(self) -> Response {
-        match self {
-            Self::ValidateError(ValidateError::InvalidToken) => Unauthorized.into_response(),
-            other => Internal::from(other).into_response(),
-        }
-    }
-}
diff --git a/src/events/routes/test.rs b/src/events/routes/test.rs
deleted file mode 100644
index 11f01b8..0000000
--- a/src/events/routes/test.rs
+++ /dev/null
@@ -1,439 +0,0 @@
-use axum::extract::State;
-use axum_extra::extract::Query;
-use futures::{
-    future,
-    stream::{self, StreamExt as _},
-};
-
-use crate::{
-    events::routes,
-    test::fixtures::{self, future::Immediately as _},
-};
-
-#[tokio::test]
-async fn includes_historical_message() {
-    // Set up the environment
-
-    let app = fixtures::scratch_app().await;
-    let sender = fixtures::login::create(&app).await;
-    let channel = fixtures::channel::create(&app, &fixtures::now()).await;
-    let message = fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await;
-
-    // Call the endpoint
-
-    let subscriber_creds = fixtures::login::create_with_password(&app).await;
-    let subscriber = fixtures::identity::identity(&app, &subscriber_creds, &fixtures::now()).await;
-    let routes::Events(events) = routes::events(State(app), subscriber, None, Query::default())
-        .await
-        .expect("subscribe never fails");
-
-    // Verify the structure of the response.
-
-    let event = events
-        .filter(fixtures::filter::messages())
-        .next()
-        .immediately()
-        .await
-        .expect("delivered stored message");
-
-    assert_eq!(message, event);
-}
-
-#[tokio::test]
-async fn includes_live_message() {
-    // Set up the environment
-
-    let app = fixtures::scratch_app().await;
-    let channel = fixtures::channel::create(&app, &fixtures::now()).await;
-
-    // Call the endpoint
-
-    let subscriber_creds = fixtures::login::create_with_password(&app).await;
-    let subscriber = fixtures::identity::identity(&app, &subscriber_creds, &fixtures::now()).await;
-    let routes::Events(events) =
-        routes::events(State(app.clone()), subscriber, None, Query::default())
-            .await
-            .expect("subscribe never fails");
-
-    // Verify the semantics
-
-    let sender = fixtures::login::create(&app).await;
-    let message = fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await;
-
-    let event = events
-        .filter(fixtures::filter::messages())
-        .next()
-        .immediately()
-        .await
-        .expect("delivered live message");
-
-    assert_eq!(message, event);
-}
-
-#[tokio::test]
-async fn includes_multiple_channels() {
-    // Set up the environment
-
-    let app = fixtures::scratch_app().await;
-    let sender = fixtures::login::create(&app).await;
-
-    let channels = [
-        fixtures::channel::create(&app, &fixtures::now()).await,
-        fixtures::channel::create(&app, &fixtures::now()).await,
-    ];
-
-    let messages = stream::iter(channels)
-        .then(|channel| {
-            let app = app.clone();
-            let sender = sender.clone();
-            let channel = channel.clone();
-            async move { fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await }
-        })
-        .collect::<Vec<_>>()
-        .await;
-
-    // Call the endpoint
-
-    let subscriber_creds = fixtures::login::create_with_password(&app).await;
-    let subscriber = fixtures::identity::identity(&app, &subscriber_creds, &fixtures::now()).await;
-    let routes::Events(events) = routes::events(State(app), subscriber, None, Query::default())
-        .await
-        .expect("subscribe never fails");
-
-    // Verify the structure of the response.
-
-    let events = events
-        .filter(fixtures::filter::messages())
-        .take(messages.len())
-        .collect::<Vec<_>>()
-        .immediately()
-        .await;
-
-    for message in &messages {
-        assert!(events.iter().any(|event| { event == message }));
-    }
-}
-
-#[tokio::test]
-async fn sequential_messages() {
-    // Set up the environment
-
-    let app = fixtures::scratch_app().await;
-    let channel = fixtures::channel::create(&app, &fixtures::now()).await;
-    let sender = fixtures::login::create(&app).await;
-
-    let messages = vec![
-        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
-        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
-        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
-    ];
-
-    // Call the endpoint
-
-    let subscriber_creds = fixtures::login::create_with_password(&app).await;
-    let subscriber = fixtures::identity::identity(&app, &subscriber_creds, &fixtures::now()).await;
-    let routes::Events(events) = routes::events(State(app), subscriber, None, Query::default())
-        .await
-        .expect("subscribe never fails");
-
-    // Verify the structure of the response.
-
-    let mut events = events.filter(|event| future::ready(messages.contains(event)));
-
-    // Verify delivery in order
-    for message in &messages {
-        let event = events
-            .next()
-            .immediately()
-            .await
-            .expect("undelivered messages remaining");
-
-        assert_eq!(message, &event);
-    }
-}
-
-#[tokio::test]
-async fn resumes_from() {
-    // Set up the environment
-
-    let app = fixtures::scratch_app().await;
-    let channel = fixtures::channel::create(&app, &fixtures::now()).await;
-    let sender = fixtures::login::create(&app).await;
-
-    let initial_message = fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await;
-
-    let later_messages = vec![
-        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
-        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
-    ];
-
-    // Call the endpoint
-
-    let subscriber_creds = fixtures::login::create_with_password(&app).await;
-    let subscriber = fixtures::identity::identity(&app, &subscriber_creds, &fixtures::now()).await;
-
-    let resume_at = {
-        // First subscription
-        let routes::Events(events) = routes::events(
-            State(app.clone()),
-            subscriber.clone(),
-            None,
-            Query::default(),
-        )
-        .await
-        .expect("subscribe never fails");
-
-        let event = events
-            .filter(fixtures::filter::messages())
-            .next()
-            .immediately()
-            .await
-            .expect("delivered events");
-
-        assert_eq!(initial_message, event);
-
-        event.sequence
-    };
-
-    // Resume after disconnect
-    let routes::Events(resumed) = routes::events(
-        State(app),
-        subscriber,
-        Some(resume_at.into()),
-        Query::default(),
-    )
-    .await
-    .expect("subscribe never fails");
-
-    // Verify the structure of the response.
-
-    let events = resumed
-        .take(later_messages.len())
-        .collect::<Vec<_>>()
-        .immediately()
-        .await;
-
-    for message in &later_messages {
-        assert!(events.iter().any(|event| event == message));
-    }
-}
-
-// This test verifies a real bug I hit developing the vector-of-sequences
-// approach to resuming events. A small omission caused the event IDs in a
-// resumed stream to _omit_ channels that were in the original stream until
-// those channels also appeared in the resumed stream.
-//
-// Clients would see something like
-// * In the original stream, Cfoo=5,Cbar=8
-// * In the resumed stream, Cfoo=6 (no Cbar sequence number)
-//
-// Disconnecting and reconnecting a second time, using event IDs from that
-// initial period of the first resume attempt, would then cause the second
-// resume attempt to restart all other channels from the beginning, and not
-// from where the first disconnection happened.
-//
-// This is a real and valid behaviour for clients!
-#[tokio::test]
-async fn serial_resume() {
-    // Set up the environment
-
-    let app = fixtures::scratch_app().await;
-    let sender = fixtures::login::create(&app).await;
-    let channel_a = fixtures::channel::create(&app, &fixtures::now()).await;
-    let channel_b = fixtures::channel::create(&app, &fixtures::now()).await;
-
-    // Call the endpoint
-
-    let subscriber_creds = fixtures::login::create_with_password(&app).await;
-    let subscriber = fixtures::identity::identity(&app, &subscriber_creds, &fixtures::now()).await;
-
-    let resume_at = {
-        let initial_messages = [
-            fixtures::message::send(&app, &sender, &channel_a, &fixtures::now()).await,
-            fixtures::message::send(&app, &sender, &channel_b, &fixtures::now()).await,
-        ];
-
-        // First subscription
-        let routes::Events(events) = routes::events(
-            State(app.clone()),
-            subscriber.clone(),
-            None,
-            Query::default(),
-        )
-        .await
-        .expect("subscribe never fails");
-
-        let events = events
-            .filter(fixtures::filter::messages())
-            .take(initial_messages.len())
-            .collect::<Vec<_>>()
-            .immediately()
-            .await;
-
-        for message in &initial_messages {
-            assert!(events.iter().any(|event| event == message));
-        }
-
-        let event = events.last().expect("this vec is non-empty");
-
-        event.sequence
-    };
-
-    // Resume after disconnect
-    let resume_at = {
-        let resume_messages = [
-            // Note that channel_b does not appear here. The buggy behaviour
-            // would be masked if channel_b happened to send a new message
-            // into the resumed event stream.
-            fixtures::message::send(&app, &sender, &channel_a, &fixtures::now()).await,
-            fixtures::message::send(&app, &sender, &channel_a, &fixtures::now()).await,
-        ];
-
-        // Second subscription
-        let routes::Events(events) = routes::events(
-            State(app.clone()),
-            subscriber.clone(),
-            Some(resume_at.into()),
-            Query::default(),
-        )
-        .await
-        .expect("subscribe never fails");
-
-        let events = events
-            .filter(fixtures::filter::messages())
-            .take(resume_messages.len())
-            .collect::<Vec<_>>()
-            .immediately()
-            .await;
-
-        for message in &resume_messages {
-            assert!(events.iter().any(|event| event == message));
-        }
-
-        let event = events.last().expect("this vec is non-empty");
-
-        event.sequence
-    };
-
-    // Resume after disconnect a second time
-    {
-        // At this point, we can send on either channel and demonstrate the
-        // problem. The resume point should before both of these messages, but
-        // after _all_ prior messages.
-        let final_messages = [
-            fixtures::message::send(&app, &sender, &channel_a, &fixtures::now()).await,
-            fixtures::message::send(&app, &sender, &channel_b, &fixtures::now()).await,
-        ];
-
-        // Third subscription
-        let routes::Events(events) = routes::events(
-            State(app.clone()),
-            subscriber.clone(),
-            Some(resume_at.into()),
-            Query::default(),
-        )
-        .await
-        .expect("subscribe never fails");
-
-        let events = events
-            .filter(fixtures::filter::messages())
-            .take(final_messages.len())
-            .collect::<Vec<_>>()
-            .immediately()
-            .await;
-
-        // This set of messages, in particular, _should not_ include any prior
-        // messages from `initial_messages` or `resume_messages`.
-        for message in &final_messages {
-            assert!(events.iter().any(|event| event == message));
-        }
-    };
-}
-
-#[tokio::test]
-async fn terminates_on_token_expiry() {
-    // Set up the environment
-
-    let app = fixtures::scratch_app().await;
-    let channel = fixtures::channel::create(&app, &fixtures::now()).await;
-    let sender = fixtures::login::create(&app).await;
-
-    // Subscribe via the endpoint
-
-    let subscriber_creds = fixtures::login::create_with_password(&app).await;
-    let subscriber =
-        fixtures::identity::identity(&app, &subscriber_creds, &fixtures::ancient()).await;
-
-    let routes::Events(events) =
-        routes::events(State(app.clone()), subscriber, None, Query::default())
-            .await
-            .expect("subscribe never fails");
-
-    // Verify the resulting stream's behaviour
-
-    app.logins()
-        .expire(&fixtures::now())
-        .await
-        .expect("expiring tokens succeeds");
-
-    // These should not be delivered.
-    let messages = [
-        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
-        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
-        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
-    ];
-
-    assert!(events
-        .filter(|event| future::ready(messages.contains(event)))
-        .next()
-        .immediately()
-        .await
-        .is_none());
-}
-
-#[tokio::test]
-async fn terminates_on_logout() {
-    // Set up the environment
-
-    let app = fixtures::scratch_app().await;
-    let channel = fixtures::channel::create(&app, &fixtures::now()).await;
-    let sender = fixtures::login::create(&app).await;
-
-    // Subscribe via the endpoint
-
-    let subscriber_creds = fixtures::login::create_with_password(&app).await;
-    let subscriber_token =
-        fixtures::identity::logged_in(&app, &subscriber_creds, &fixtures::now()).await;
-    let subscriber =
-        fixtures::identity::from_token(&app, &subscriber_token, &fixtures::now()).await;
-
-    let routes::Events(events) = routes::events(
-        State(app.clone()),
-        subscriber.clone(),
-        None,
-        Query::default(),
-    )
-    .await
-    .expect("subscribe never fails");
-
-    // Verify the resulting stream's behaviour
-
-    app.logins()
-        .logout(&subscriber.token)
-        .await
-        .expect("expiring tokens succeeds");
-
-    // These should not be delivered.
-    let messages = [
-        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
-        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
-        fixtures::message::send(&app, &sender, &channel, &fixtures::now()).await,
-    ];
-
-    assert!(events
-        .filter(|event| future::ready(messages.contains(event)))
-        .next()
-        .immediately()
-        .await
-        .is_none());
-}
diff --git a/src/events/types.rs b/src/events/types.rs
deleted file mode 100644
index 762b6e5..0000000
--- a/src/events/types.rs
+++ /dev/null
@@ -1,96 +0,0 @@
-use crate::{
-    channel,
-    clock::DateTime,
-    message,
-    repo::{channel::Channel, login::Login, message::Message, sequence::Sequence},
-};
-
-#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
-pub struct ChannelEvent {
-    #[serde(skip)]
-    pub sequence: Sequence,
-    pub at: DateTime,
-    #[serde(flatten)]
-    pub data: ChannelEventData,
-}
-
-impl ChannelEvent {
-    pub fn created(channel: Channel) -> Self {
-        Self {
-            at: channel.created_at,
-            sequence: channel.created_sequence,
-            data: CreatedEvent { channel }.into(),
-        }
-    }
-
-    pub fn channel_id(&self) -> &channel::Id {
-        match &self.data {
-            ChannelEventData::Created(event) => &event.channel.id,
-            ChannelEventData::Message(event) => &event.channel.id,
-            ChannelEventData::MessageDeleted(event) => &event.channel.id,
-            ChannelEventData::Deleted(event) => &event.channel,
-        }
-    }
-}
-
-impl<'c> From<&'c ChannelEvent> for Sequence {
-    fn from(event: &'c ChannelEvent) -> Self {
-        event.sequence
-    }
-}
-
-#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
-#[serde(tag = "type", rename_all = "snake_case")]
-pub enum ChannelEventData {
-    Created(CreatedEvent),
-    Message(MessageEvent),
-    MessageDeleted(MessageDeletedEvent),
-    Deleted(DeletedEvent),
-}
-
-#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
-pub struct CreatedEvent {
-    pub channel: Channel,
-}
-
-impl From<CreatedEvent> for ChannelEventData {
-    fn from(event: CreatedEvent) -> Self {
-        Self::Created(event)
-    }
-}
-
-#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
-pub struct MessageEvent {
-    pub channel: Channel,
-    pub sender: Login,
-    pub message: Message,
-}
-
-impl From<MessageEvent> for ChannelEventData {
-    fn from(event: MessageEvent) -> Self {
-        Self::Message(event)
-    }
-}
-
-#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
-pub struct MessageDeletedEvent {
-    pub channel: Channel,
-    pub message: message::Id,
-}
-
-impl From<MessageDeletedEvent> for ChannelEventData {
-    fn from(event: MessageDeletedEvent) -> Self {
-        Self::MessageDeleted(event)
-    }
-}
-
-#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
-pub struct DeletedEvent {
-    pub channel: channel::Id,
-}
-
-impl From<DeletedEvent> for ChannelEventData {
-    fn from(event: DeletedEvent) -> Self {
-        Self::Deleted(event)
-    }
-}
diff --git a/src/lib.rs b/src/lib.rs
index 2300071..bbcb314 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -8,12 +8,12 @@ mod channel;
 pub mod cli;
 mod clock;
 mod error;
-mod events;
+mod event;
 mod expire;
 mod id;
 mod login;
 mod message;
-mod password;
 mod repo;
 #[cfg(test)]
 mod test;
+mod token;
diff --git a/src/login/app.rs b/src/login/app.rs
index 8ea0a91..60475af 100644
--- a/src/login/app.rs
+++ b/src/login/app.rs
@@ -6,18 +6,15 @@ use futures::{
 };
 use sqlx::sqlite::SqlitePool;
 
-use super::{
-    broadcaster::Broadcaster, extract::IdentitySecret, repo::auth::Provider as _, token, types,
-};
+use super::{broadcaster::Broadcaster, repo::auth::Provider as _, types, Login};
 use crate::{
     clock::DateTime,
-    password::Password,
+    event::Sequence,
+    login::Password,
     repo::{
-        error::NotFound as _,
-        login::{Login, Provider as _},
-        sequence::{Provider as _, Sequence},
-        token::Provider as _,
+        error::NotFound as _, login::Provider as _, sequence::Provider as _, token::Provider as _,
     },
+    token::{self, Secret},
 };
 
 pub struct Logins<'a> {
@@ -43,7 +40,7 @@ impl<'a> Logins<'a> {
         name: &str,
         password: &Password,
         login_at: &DateTime,
-    ) -> Result<IdentitySecret, LoginError> {
+    ) -> Result<Secret, LoginError> {
         let mut tx = self.db.begin().await?;
 
         let login = if let Some((login, stored_hash)) = tx.auth().for_name(name).await? {
@@ -78,7 +75,7 @@ impl<'a> Logins<'a> {
 
     pub async fn validate(
         &self,
-        secret: &IdentitySecret,
+        secret: &Secret,
         used_at: &DateTime,
     ) -> Result<(token::Id, Login), ValidateError> {
         let mut tx = self.db.begin().await?;
diff --git a/src/login/extract.rs b/src/login/extract.rs
index 39dd9e4..c2d97f2 100644
--- a/src/login/extract.rs
+++ b/src/login/extract.rs
@@ -1,182 +1,15 @@
-use std::fmt;
+use axum::{extract::FromRequestParts, http::request::Parts};
 
-use axum::{
-    extract::{FromRequestParts, State},
-    http::request::Parts,
-    response::{IntoResponse, IntoResponseParts, Response, ResponseParts},
-};
-use axum_extra::extract::cookie::{Cookie, CookieJar};
-
-use crate::{
-    app::App,
-    clock::RequestedAt,
-    error::{Internal, Unauthorized},
-    login::{app::ValidateError, token},
-    repo::login::Login,
-};
-
-// The usage pattern here - receive the extractor as an argument, return it in
-// the response - is heavily modelled after CookieJar's own intended usage.
-#[derive(Clone)]
-pub struct IdentityToken {
-    cookies: CookieJar,
-}
-
-impl fmt::Debug for IdentityToken {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        f.debug_struct("IdentityToken")
-            .field(
-                "identity",
-                &self.cookies.get(IDENTITY_COOKIE).map(|_| "********"),
-            )
-            .finish()
-    }
-}
-
-impl IdentityToken {
-    // Creates a new, unpopulated identity token store.
-    #[cfg(test)]
-    pub fn new() -> Self {
-        Self {
-            cookies: CookieJar::new(),
-        }
-    }
-
-    // Get the identity secret sent in the request, if any. If the identity
-    // was not sent, or if it has previously been [clear]ed, then this will
-    // return [None]. If the identity has previously been [set], then this
-    // will return that secret, regardless of what the request originally
-    // included.
-    pub fn secret(&self) -> Option<IdentitySecret> {
-        self.cookies
-            .get(IDENTITY_COOKIE)
-            .map(Cookie::value)
-            .map(IdentitySecret::from)
-    }
-
-    // Positively set the identity secret, and ensure that it will be sent
-    // back to the client when this extractor is included in a response.
-    pub fn set(self, secret: impl Into<IdentitySecret>) -> Self {
-        let IdentitySecret(secret) = secret.into();
-        let identity_cookie = Cookie::build((IDENTITY_COOKIE, secret))
-            .http_only(true)
-            .path("/api/")
-            .permanent()
-            .build();
-
-        Self {
-            cookies: self.cookies.add(identity_cookie),
-        }
-    }
-
-    // Remove the identity secret and ensure that it will be cleared when this
-    // extractor is included in a response.
-    pub fn clear(self) -> Self {
-        Self {
-            cookies: self.cookies.remove(IDENTITY_COOKIE),
-        }
-    }
-}
-
-const IDENTITY_COOKIE: &str = "identity";
-
-#[async_trait::async_trait]
-impl<S> FromRequestParts<S> for IdentityToken
-where
-    S: Send + Sync,
-{
-    type Rejection = <CookieJar as FromRequestParts<S>>::Rejection;
-
-    async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
-        let cookies = CookieJar::from_request_parts(parts, state).await?;
-        Ok(Self { cookies })
-    }
-}
-
-impl IntoResponseParts for IdentityToken {
-    type Error = <CookieJar as IntoResponseParts>::Error;
-
-    fn into_response_parts(self, res: ResponseParts) -> Result<ResponseParts, Self::Error> {
-        let Self { cookies } = self;
-        cookies.into_response_parts(res)
-    }
-}
-
-#[derive(sqlx::Type)]
-#[sqlx(transparent)]
-pub struct IdentitySecret(String);
-
-impl fmt::Debug for IdentitySecret {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        f.debug_tuple("IdentityToken").field(&"********").finish()
-    }
-}
-
-impl<S> From<S> for IdentitySecret
-where
-    S: Into<String>,
-{
-    fn from(value: S) -> Self {
-        Self(value.into())
-    }
-}
-
-#[derive(Clone, Debug)]
-pub struct Identity {
-    pub token: token::Id,
-    pub login: Login,
-}
+use super::Login;
+use crate::{app::App, token::extract::Identity};
 
 #[async_trait::async_trait]
-impl FromRequestParts<App> for Identity {
-    type Rejection = LoginError<Internal>;
+impl FromRequestParts<App> for Login {
+    type Rejection = <Identity as FromRequestParts<App>>::Rejection;
 
     async fn from_request_parts(parts: &mut Parts, state: &App) -> Result<Self, Self::Rejection> {
-        // After Rust 1.82 (and #[feature(min_exhaustive_patterns)] lands on
-        // stable), the following can be replaced:
-        //
-        // ```
-        // let Ok(identity_token) = IdentityToken::from_request_parts(
-        //     parts,
-        //     state,
-        // ).await;
-        // ```
-        let identity_token = IdentityToken::from_request_parts(parts, state).await?;
-        let RequestedAt(used_at) = RequestedAt::from_request_parts(parts, state).await?;
-
-        let secret = identity_token.secret().ok_or(LoginError::Unauthorized)?;
-
-        let app = State::<App>::from_request_parts(parts, state).await?;
-        match app.logins().validate(&secret, &used_at).await {
-            Ok((token, login)) => Ok(Identity { token, login }),
-            Err(ValidateError::InvalidToken) => Err(LoginError::Unauthorized),
-            Err(other) => Err(other.into()),
-        }
-    }
-}
-
-pub enum LoginError<E> {
-    Failure(E),
-    Unauthorized,
-}
-
-impl<E> IntoResponse for LoginError<E>
-where
-    E: IntoResponse,
-{
-    fn into_response(self) -> Response {
-        match self {
-            Self::Unauthorized => Unauthorized.into_response(),
-            Self::Failure(e) => e.into_response(),
-        }
-    }
-}
+        let identity = Identity::from_request_parts(parts, state).await?;
 
-impl<E> From<E> for LoginError<Internal>
-where
-    E: Into<Internal>,
-{
-    fn from(err: E) -> Self {
-        Self::Failure(err.into())
+        Ok(identity.login)
     }
 }
diff --git a/src/login/mod.rs b/src/login/mod.rs
index 0430f4b..91c1821 100644
--- a/src/login/mod.rs
+++ b/src/login/mod.rs
@@ -2,10 +2,22 @@ pub mod app;
 pub mod broadcaster;
 pub mod extract;
 mod id;
+pub mod password;
 mod repo;
 mod routes;
-pub mod token;
 pub mod types;
 
-pub use self::id::Id;
-pub use self::routes::router;
+pub use self::{id::Id, password::Password, routes::router};
+
+// This also implements FromRequestParts (see `./extract.rs`). As a result, it
+// can be used as an extractor for endpoints that want to require login, or for
+// endpoints that need to behave differently depending on whether the client is
+// or is not logged in.
+#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
+pub struct Login {
+    pub id: Id,
+    pub name: String,
+    // The omission of the hashed password is deliberate, to minimize the
+    // chance that it ends up tangled up in debug output or in some other chunk
+    // of logic elsewhere.
+}
diff --git a/src/login/password.rs b/src/login/password.rs
new file mode 100644
index 0000000..da3930f
--- /dev/null
+++ b/src/login/password.rs
@@ -0,0 +1,58 @@
+use std::fmt;
+
+use argon2::Argon2;
+use password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString};
+use rand_core::OsRng;
+
+#[derive(Debug, sqlx::Type)]
+#[sqlx(transparent)]
+pub struct StoredHash(String);
+
+impl StoredHash {
+    pub fn verify(&self, password: &Password) -> Result<bool, password_hash::Error> {
+        let hash = PasswordHash::new(&self.0)?;
+
+        match Argon2::default().verify_password(password.as_bytes(), &hash) {
+            // Successful authentication, not an error
+            Ok(()) => Ok(true),
+            // Unsuccessful authentication, also not an error
+            Err(password_hash::errors::Error::Password) => Ok(false),
+            // Password validation failed for some other reason, treat as an error
+            Err(err) => Err(err),
+        }
+    }
+}
+
+#[derive(serde::Deserialize)]
+#[serde(transparent)]
+pub struct Password(String);
+
+impl Password {
+    pub fn hash(&self) -> Result<StoredHash, password_hash::Error> {
+        let Self(password) = self;
+        let salt = SaltString::generate(&mut OsRng);
+        let argon2 = Argon2::default();
+        let hash = argon2
+            .hash_password(password.as_bytes(), &salt)?
+            .to_string();
+        Ok(StoredHash(hash))
+    }
+
+    fn as_bytes(&self) -> &[u8] {
+        let Self(value) = self;
+        value.as_bytes()
+    }
+}
+
+impl fmt::Debug for Password {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.debug_tuple("Password").field(&"********").finish()
+    }
+}
+
+#[cfg(test)]
+impl From<String> for Password {
+    fn from(password: String) -> Self {
+        Self(password)
+    }
+}
diff --git a/src/login/repo/auth.rs b/src/login/repo/auth.rs
index 9816c5c..b299697 100644
--- a/src/login/repo/auth.rs
+++ b/src/login/repo/auth.rs
@@ -1,6 +1,6 @@
 use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
 
-use crate::{login, password::StoredHash, repo::login::Login};
+use crate::login::{self, password::StoredHash, Login};
 
 pub trait Provider {
     fn auth(&mut self) -> Auth;
diff --git a/src/login/routes.rs b/src/login/routes.rs
index ef75871..b571bd5 100644
--- a/src/login/routes.rs
+++ b/src/login/routes.rs
@@ -10,11 +10,11 @@ use crate::{
     app::App,
     clock::RequestedAt,
     error::{Internal, Unauthorized},
-    password::Password,
-    repo::login::Login,
+    login::{Login, Password},
 };
 
-use super::{app, extract::IdentityToken};
+use super::app;
+use crate::token::extract::IdentityToken;
 
 #[cfg(test)]
 mod test;
diff --git a/src/login/token/id.rs b/src/login/token/id.rs
deleted file mode 100644
index 9ef063c..0000000
--- a/src/login/token/id.rs
+++ /dev/null
@@ -1,27 +0,0 @@
-use std::fmt;
-
-use crate::id::Id as BaseId;
-
-// Stable identifier for a token. Prefixed with `T`.
-#[derive(Clone, Debug, Eq, Hash, PartialEq, sqlx::Type, serde::Deserialize, serde::Serialize)]
-#[sqlx(transparent)]
-#[serde(transparent)]
-pub struct Id(BaseId);
-
-impl From<BaseId> for Id {
-    fn from(id: BaseId) -> Self {
-        Self(id)
-    }
-}
-
-impl Id {
-    pub fn generate() -> Self {
-        BaseId::generate("T")
-    }
-}
-
-impl fmt::Display for Id {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        self.0.fmt(f)
-    }
-}
diff --git a/src/login/token/mod.rs b/src/login/token/mod.rs
deleted file mode 100644
index d563a88..0000000
--- a/src/login/token/mod.rs
+++ /dev/null
@@ -1,3 +0,0 @@
-mod id;
-
-pub use self::id::Id;
diff --git a/src/login/types.rs b/src/login/types.rs
index a210977..d53d436 100644
--- a/src/login/types.rs
+++ b/src/login/types.rs
@@ -1,4 +1,4 @@
-use crate::login::token;
+use crate::token;
 
 #[derive(Clone, Debug)]
 pub struct TokenRevoked {
diff --git a/src/message/mod.rs b/src/message/mod.rs
index d563a88..9a9bf14 100644
--- a/src/message/mod.rs
+++ b/src/message/mod.rs
@@ -1,3 +1,9 @@
 mod id;
 
 pub use self::id::Id;
+
+#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
+pub struct Message {
+    pub id: Id,
+    pub body: String,
+}
diff --git a/src/password.rs b/src/password.rs
deleted file mode 100644
index da3930f..0000000
--- a/src/password.rs
+++ /dev/null
@@ -1,58 +0,0 @@
-use std::fmt;
-
-use argon2::Argon2;
-use password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString};
-use rand_core::OsRng;
-
-#[derive(Debug, sqlx::Type)]
-#[sqlx(transparent)]
-pub struct StoredHash(String);
-
-impl StoredHash {
-    pub fn verify(&self, password: &Password) -> Result<bool, password_hash::Error> {
-        let hash = PasswordHash::new(&self.0)?;
-
-        match Argon2::default().verify_password(password.as_bytes(), &hash) {
-            // Successful authentication, not an error
-            Ok(()) => Ok(true),
-            // Unsuccessful authentication, also not an error
-            Err(password_hash::errors::Error::Password) => Ok(false),
-            // Password validation failed for some other reason, treat as an error
-            Err(err) => Err(err),
-        }
-    }
-}
-
-#[derive(serde::Deserialize)]
-#[serde(transparent)]
-pub struct Password(String);
-
-impl Password {
-    pub fn hash(&self) -> Result<StoredHash, password_hash::Error> {
-        let Self(password) = self;
-        let salt = SaltString::generate(&mut OsRng);
-        let argon2 = Argon2::default();
-        let hash = argon2
-            .hash_password(password.as_bytes(), &salt)?
-            .to_string();
-        Ok(StoredHash(hash))
-    }
-
-    fn as_bytes(&self) -> &[u8] {
-        let Self(value) = self;
-        value.as_bytes()
-    }
-}
-
-impl fmt::Debug for Password {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        f.debug_tuple("Password").field(&"********").finish()
-    }
-}
-
-#[cfg(test)]
-impl From<String> for Password {
-    fn from(password: String) -> Self {
-        Self(password)
-    }
-}
diff --git a/src/repo/channel.rs b/src/repo/channel.rs
index 9f1d930..18cd81f 100644
--- a/src/repo/channel.rs
+++ b/src/repo/channel.rs
@@ -1,10 +1,9 @@
 use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
 
-use super::sequence::Sequence;
 use crate::{
-    channel::Id,
+    channel::{Channel, Id},
     clock::DateTime,
-    events::types::{self},
+    event::{types, Sequence},
 };
 
 pub trait Provider {
@@ -19,16 +18,6 @@ impl<'c> Provider for Transaction<'c, Sqlite> {
 
 pub struct Channels<'t>(&'t mut SqliteConnection);
 
-#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
-pub struct Channel {
-    pub id: Id,
-    pub name: String,
-    #[serde(skip)]
-    pub created_at: DateTime,
-    #[serde(skip)]
-    pub created_sequence: Sequence,
-}
-
 impl<'c> Channels<'c> {
     pub async fn create(
         &mut self,
diff --git a/src/repo/login.rs b/src/repo/login.rs
new file mode 100644
index 0000000..d1a02c4
--- /dev/null
+++ b/src/repo/login.rs
@@ -0,0 +1,50 @@
+use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
+
+use crate::login::{password::StoredHash, Id, Login};
+
+pub trait Provider {
+    fn logins(&mut self) -> Logins;
+}
+
+impl<'c> Provider for Transaction<'c, Sqlite> {
+    fn logins(&mut self) -> Logins {
+        Logins(self)
+    }
+}
+
+pub struct Logins<'t>(&'t mut SqliteConnection);
+
+impl<'c> Logins<'c> {
+    pub async fn create(
+        &mut self,
+        name: &str,
+        password_hash: &StoredHash,
+    ) -> Result<Login, sqlx::Error> {
+        let id = Id::generate();
+
+        let login = sqlx::query_as!(
+            Login,
+            r#"
+                insert or fail
+                into login (id, name, password_hash)
+                values ($1, $2, $3)
+                returning
+                    id as "id: Id",
+                    name
+            "#,
+            id,
+            name,
+            password_hash,
+        )
+        .fetch_one(&mut *self.0)
+        .await?;
+
+        Ok(login)
+    }
+}
+
+impl<'t> From<&'t mut SqliteConnection> for Logins<'t> {
+    fn from(tx: &'t mut SqliteConnection) -> Self {
+        Self(tx)
+    }
+}
diff --git a/src/repo/login/extract.rs b/src/repo/login/extract.rs
deleted file mode 100644
index ab61106..0000000
--- a/src/repo/login/extract.rs
+++ /dev/null
@@ -1,15 +0,0 @@
-use axum::{extract::FromRequestParts, http::request::Parts};
-
-use super::Login;
-use crate::{app::App, login::extract::Identity};
-
-#[async_trait::async_trait]
-impl FromRequestParts<App> for Login {
-    type Rejection = <Identity as FromRequestParts<App>>::Rejection;
-
-    async fn from_request_parts(parts: &mut Parts, state: &App) -> Result<Self, Self::Rejection> {
-        let identity = Identity::from_request_parts(parts, state).await?;
-
-        Ok(identity.login)
-    }
-}
diff --git a/src/repo/login/mod.rs b/src/repo/login/mod.rs
deleted file mode 100644
index 4ff7a96..0000000
--- a/src/repo/login/mod.rs
+++ /dev/null
@@ -1,4 +0,0 @@
-mod extract;
-mod store;
-
-pub use self::store::{Login, Provider};
diff --git a/src/repo/login/store.rs b/src/repo/login/store.rs
deleted file mode 100644
index 47d1a7c..0000000
--- a/src/repo/login/store.rs
+++ /dev/null
@@ -1,63 +0,0 @@
-use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
-
-use crate::{login::Id, password::StoredHash};
-
-pub trait Provider {
-    fn logins(&mut self) -> Logins;
-}
-
-impl<'c> Provider for Transaction<'c, Sqlite> {
-    fn logins(&mut self) -> Logins {
-        Logins(self)
-    }
-}
-
-pub struct Logins<'t>(&'t mut SqliteConnection);
-
-// This also implements FromRequestParts (see `./extract.rs`). As a result, it
-// can be used as an extractor for endpoints that want to require login, or for
-// endpoints that need to behave differently depending on whether the client is
-// or is not logged in.
-#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
-pub struct Login {
-    pub id: Id,
-    pub name: String,
-    // The omission of the hashed password is deliberate, to minimize the
-    // chance that it ends up tangled up in debug output or in some other chunk
-    // of logic elsewhere.
-}
-
-impl<'c> Logins<'c> {
-    pub async fn create(
-        &mut self,
-        name: &str,
-        password_hash: &StoredHash,
-    ) -> Result<Login, sqlx::Error> {
-        let id = Id::generate();
-
-        let login = sqlx::query_as!(
-            Login,
-            r#"
-                insert or fail
-                into login (id, name, password_hash)
-                values ($1, $2, $3)
-                returning
-                    id as "id: Id",
-                    name
-            "#,
-            id,
-            name,
-            password_hash,
-        )
-        .fetch_one(&mut *self.0)
-        .await?;
-
-        Ok(login)
-    }
-}
-
-impl<'t> From<&'t mut SqliteConnection> for Logins<'t> {
-    fn from(tx: &'t mut SqliteConnection) -> Self {
-        Self(tx)
-    }
-}
diff --git a/src/repo/message.rs b/src/repo/message.rs
deleted file mode 100644
index acde3ea..0000000
--- a/src/repo/message.rs
+++ /dev/null
@@ -1,7 +0,0 @@
-use crate::message::Id;
-
-#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize)]
-pub struct Message {
-    pub id: Id,
-    pub body: String,
-}
diff --git a/src/repo/mod.rs b/src/repo/mod.rs
index 8f271f4..69ad82c 100644
--- a/src/repo/mod.rs
+++ b/src/repo/mod.rs
@@ -1,7 +1,6 @@
 pub mod channel;
 pub mod error;
 pub mod login;
-pub mod message;
 pub mod pool;
 pub mod sequence;
 pub mod token;
diff --git a/src/repo/sequence.rs b/src/repo/sequence.rs
index c47b41c..c985869 100644
--- a/src/repo/sequence.rs
+++ b/src/repo/sequence.rs
@@ -1,7 +1,7 @@
-use std::fmt;
-
 use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
 
+use crate::event::Sequence;
+
 pub trait Provider {
     fn sequence(&mut self) -> Sequences;
 }
@@ -42,26 +42,3 @@ impl<'c> Sequences<'c> {
         Ok(next)
     }
 }
-
-#[derive(
-    Clone,
-    Copy,
-    Debug,
-    Eq,
-    Ord,
-    PartialEq,
-    PartialOrd,
-    serde::Deserialize,
-    serde::Serialize,
-    sqlx::Type,
-)]
-#[serde(transparent)]
-#[sqlx(transparent)]
-pub struct Sequence(i64);
-
-impl fmt::Display for Sequence {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        let Self(value) = self;
-        value.fmt(f)
-    }
-}
diff --git a/src/repo/token.rs b/src/repo/token.rs
index 79e5c54..5f64dac 100644
--- a/src/repo/token.rs
+++ b/src/repo/token.rs
@@ -1,10 +1,10 @@
 use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
 use uuid::Uuid;
 
-use super::login::Login;
 use crate::{
     clock::DateTime,
-    login::{self, extract::IdentitySecret, token::Id},
+    login::{self, Login},
+    token::{Id, Secret},
 };
 
 pub trait Provider {
@@ -26,7 +26,7 @@ impl<'c> Tokens<'c> {
         &mut self,
         login: &Login,
         issued_at: &DateTime,
-    ) -> Result<IdentitySecret, sqlx::Error> {
+    ) -> Result<Secret, sqlx::Error> {
         let id = Id::generate();
         let secret = Uuid::new_v4().to_string();
 
@@ -35,7 +35,7 @@ impl<'c> Tokens<'c> {
                 insert
                 into token (id, secret, login, issued_at, last_used_at)
                 values ($1, $2, $3, $4, $4)
-                returning secret as "secret!: IdentitySecret"
+                returning secret as "secret!: Secret"
             "#,
             id,
             secret,
@@ -103,7 +103,7 @@ impl<'c> Tokens<'c> {
     // timestamp will be set to `used_at`.
     pub async fn validate(
         &mut self,
-        secret: &IdentitySecret,
+        secret: &Secret,
         used_at: &DateTime,
     ) -> Result<(Id, Login), sqlx::Error> {
         // I would use `update … returning` to do this in one query, but
diff --git a/src/test/fixtures/channel.rs b/src/test/fixtures/channel.rs
index 8744470..b678717 100644
--- a/src/test/fixtures/channel.rs
+++ b/src/test/fixtures/channel.rs
@@ -4,7 +4,7 @@ use faker_rand::{
 };
 use rand;
 
-use crate::{app::App, clock::RequestedAt, repo::channel::Channel};
+use crate::{app::App, channel::Channel, clock::RequestedAt};
 
 pub async fn create(app: &App, created_at: &RequestedAt) -> Channel {
     let name = propose();
diff --git a/src/test/fixtures/filter.rs b/src/test/fixtures/filter.rs
index c31fa58..d1939a5 100644
--- a/src/test/fixtures/filter.rs
+++ b/src/test/fixtures/filter.rs
@@ -1,6 +1,6 @@
 use futures::future;
 
-use crate::events::types;
+use crate::event::types;
 
 pub fn messages() -> impl FnMut(&types::ChannelEvent) -> future::Ready<bool> {
     |event| future::ready(matches!(event.data, types::ChannelEventData::Message(_)))
diff --git a/src/test/fixtures/identity.rs b/src/test/fixtures/identity.rs
index 633fb8a..9e8e403 100644
--- a/src/test/fixtures/identity.rs
+++ b/src/test/fixtures/identity.rs
@@ -3,8 +3,11 @@ use uuid::Uuid;
 use crate::{
     app::App,
     clock::RequestedAt,
-    login::extract::{Identity, IdentitySecret, IdentityToken},
-    password::Password,
+    login::Password,
+    token::{
+        extract::{Identity, IdentityToken},
+        Secret,
+    },
 };
 
 pub fn not_logged_in() -> IdentityToken {
@@ -38,7 +41,7 @@ pub async fn identity(app: &App, login: &(String, Password), issued_at: &Request
     from_token(app, &secret, issued_at).await
 }
 
-pub fn secret(identity: &IdentityToken) -> IdentitySecret {
+pub fn secret(identity: &IdentityToken) -> Secret {
     identity.secret().expect("identity contained a secret")
 }
 
diff --git a/src/test/fixtures/login.rs b/src/test/fixtures/login.rs
index d6a321b..00c2789 100644
--- a/src/test/fixtures/login.rs
+++ b/src/test/fixtures/login.rs
@@ -3,8 +3,7 @@ use uuid::Uuid;
 
 use crate::{
     app::App,
-    password::Password,
-    repo::login::{self, Login},
+    login::{self, Login, Password},
 };
 
 pub async fn create_with_password(app: &App) -> (String, Password) {
diff --git a/src/test/fixtures/message.rs b/src/test/fixtures/message.rs
index bfca8cd..fd50887 100644
--- a/src/test/fixtures/message.rs
+++ b/src/test/fixtures/message.rs
@@ -1,11 +1,6 @@
 use faker_rand::lorem::Paragraphs;
 
-use crate::{
-    app::App,
-    clock::RequestedAt,
-    events::types,
-    repo::{channel::Channel, login::Login},
-};
+use crate::{app::App, channel::Channel, clock::RequestedAt, event::types, login::Login};
 
 pub async fn send(
     app: &App,
diff --git a/src/token/extract/identity.rs b/src/token/extract/identity.rs
new file mode 100644
index 0000000..42c7c60
--- /dev/null
+++ b/src/token/extract/identity.rs
@@ -0,0 +1,75 @@
+use axum::{
+    extract::{FromRequestParts, State},
+    http::request::Parts,
+    response::{IntoResponse, Response},
+};
+
+use super::IdentityToken;
+
+use crate::{
+    app::App,
+    clock::RequestedAt,
+    error::{Internal, Unauthorized},
+    login::{app::ValidateError, Login},
+    token,
+};
+
+#[derive(Clone, Debug)]
+pub struct Identity {
+    pub token: token::Id,
+    pub login: Login,
+}
+
+#[async_trait::async_trait]
+impl FromRequestParts<App> for Identity {
+    type Rejection = LoginError<Internal>;
+
+    async fn from_request_parts(parts: &mut Parts, state: &App) -> Result<Self, Self::Rejection> {
+        // After Rust 1.82 (and #[feature(min_exhaustive_patterns)] lands on
+        // stable), the following can be replaced:
+        //
+        // ```
+        // let Ok(identity_token) = IdentityToken::from_request_parts(
+        //     parts,
+        //     state,
+        // ).await;
+        // ```
+        let identity_token = IdentityToken::from_request_parts(parts, state).await?;
+        let RequestedAt(used_at) = RequestedAt::from_request_parts(parts, state).await?;
+
+        let secret = identity_token.secret().ok_or(LoginError::Unauthorized)?;
+
+        let app = State::<App>::from_request_parts(parts, state).await?;
+        match app.logins().validate(&secret, &used_at).await {
+            Ok((token, login)) => Ok(Identity { token, login }),
+            Err(ValidateError::InvalidToken) => Err(LoginError::Unauthorized),
+            Err(other) => Err(other.into()),
+        }
+    }
+}
+
+pub enum LoginError<E> {
+    Failure(E),
+    Unauthorized,
+}
+
+impl<E> IntoResponse for LoginError<E>
+where
+    E: IntoResponse,
+{
+    fn into_response(self) -> Response {
+        match self {
+            Self::Unauthorized => Unauthorized.into_response(),
+            Self::Failure(e) => e.into_response(),
+        }
+    }
+}
+
+impl<E> From<E> for LoginError<Internal>
+where
+    E: Into<Internal>,
+{
+    fn from(err: E) -> Self {
+        Self::Failure(err.into())
+    }
+}
diff --git a/src/token/extract/identity_token.rs b/src/token/extract/identity_token.rs
new file mode 100644
index 0000000..0a47a43
--- /dev/null
+++ b/src/token/extract/identity_token.rs
@@ -0,0 +1,94 @@
+use std::fmt;
+
+use axum::{
+    extract::FromRequestParts,
+    http::request::Parts,
+    response::{IntoResponseParts, ResponseParts},
+};
+use axum_extra::extract::cookie::{Cookie, CookieJar};
+
+use crate::token::Secret;
+
+// The usage pattern here - receive the extractor as an argument, return it in
+// the response - is heavily modelled after CookieJar's own intended usage.
+#[derive(Clone)]
+pub struct IdentityToken {
+    cookies: CookieJar,
+}
+
+impl fmt::Debug for IdentityToken {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.debug_struct("IdentityToken")
+            .field("identity", &self.secret())
+            .finish()
+    }
+}
+
+impl IdentityToken {
+    // Creates a new, unpopulated identity token store.
+    #[cfg(test)]
+    pub fn new() -> Self {
+        Self {
+            cookies: CookieJar::new(),
+        }
+    }
+
+    // Get the identity secret sent in the request, if any. If the identity
+    // was not sent, or if it has previously been [clear]ed, then this will
+    // return [None]. If the identity has previously been [set], then this
+    // will return that secret, regardless of what the request originally
+    // included.
+    pub fn secret(&self) -> Option<Secret> {
+        self.cookies
+            .get(IDENTITY_COOKIE)
+            .map(Cookie::value)
+            .map(Secret::from)
+    }
+
+    // Positively set the identity secret, and ensure that it will be sent
+    // back to the client when this extractor is included in a response.
+    pub fn set(self, secret: impl Into<Secret>) -> Self {
+        let secret = secret.into().reveal();
+        let identity_cookie = Cookie::build((IDENTITY_COOKIE, secret))
+            .http_only(true)
+            .path("/api/")
+            .permanent()
+            .build();
+
+        Self {
+            cookies: self.cookies.add(identity_cookie),
+        }
+    }
+
+    // Remove the identity secret and ensure that it will be cleared when this
+    // extractor is included in a response.
+    pub fn clear(self) -> Self {
+        Self {
+            cookies: self.cookies.remove(IDENTITY_COOKIE),
+        }
+    }
+}
+
+const IDENTITY_COOKIE: &str = "identity";
+
+#[async_trait::async_trait]
+impl<S> FromRequestParts<S> for IdentityToken
+where
+    S: Send + Sync,
+{
+    type Rejection = <CookieJar as FromRequestParts<S>>::Rejection;
+
+    async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
+        let cookies = CookieJar::from_request_parts(parts, state).await?;
+        Ok(Self { cookies })
+    }
+}
+
+impl IntoResponseParts for IdentityToken {
+    type Error = <CookieJar as IntoResponseParts>::Error;
+
+    fn into_response_parts(self, res: ResponseParts) -> Result<ResponseParts, Self::Error> {
+        let Self { cookies } = self;
+        cookies.into_response_parts(res)
+    }
+}
diff --git a/src/token/extract/mod.rs b/src/token/extract/mod.rs
new file mode 100644
index 0000000..b4800ae
--- /dev/null
+++ b/src/token/extract/mod.rs
@@ -0,0 +1,4 @@
+mod identity;
+mod identity_token;
+
+pub use self::{identity::Identity, identity_token::IdentityToken};
diff --git a/src/token/id.rs b/src/token/id.rs
new file mode 100644
index 0000000..9ef063c
--- /dev/null
+++ b/src/token/id.rs
@@ -0,0 +1,27 @@
+use std::fmt;
+
+use crate::id::Id as BaseId;
+
+// Stable identifier for a token. Prefixed with `T`.
+#[derive(Clone, Debug, Eq, Hash, PartialEq, sqlx::Type, serde::Deserialize, serde::Serialize)]
+#[sqlx(transparent)]
+#[serde(transparent)]
+pub struct Id(BaseId);
+
+impl From<BaseId> for Id {
+    fn from(id: BaseId) -> Self {
+        Self(id)
+    }
+}
+
+impl Id {
+    pub fn generate() -> Self {
+        BaseId::generate("T")
+    }
+}
+
+impl fmt::Display for Id {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        self.0.fmt(f)
+    }
+}
diff --git a/src/token/mod.rs b/src/token/mod.rs
new file mode 100644
index 0000000..c98b8c2
--- /dev/null
+++ b/src/token/mod.rs
@@ -0,0 +1,5 @@
+pub mod extract;
+mod id;
+mod secret;
+
+pub use self::{id::Id, secret::Secret};
diff --git a/src/token/secret.rs b/src/token/secret.rs
new file mode 100644
index 0000000..28c93bb
--- /dev/null
+++ b/src/token/secret.rs
@@ -0,0 +1,27 @@
+use std::fmt;
+
+#[derive(sqlx::Type)]
+#[sqlx(transparent)]
+pub struct Secret(String);
+
+impl Secret {
+    pub fn reveal(self) -> String {
+        let Self(secret) = self;
+        secret
+    }
+}
+
+impl fmt::Debug for Secret {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.debug_tuple("IdentityToken").field(&"********").finish()
+    }
+}
+
+impl<S> From<S> for Secret
+where
+    S: Into<String>,
+{
+    fn from(value: S) -> Self {
+        Self(value.into())
+    }
+}
-- 
cgit v1.2.3


From 6f07e6869bbf62903ac83c9bc061e7bde997e6a8 Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Wed, 2 Oct 2024 01:10:09 -0400
Subject: Retire top-level `repo`.

This helped me discover an organizational scheme I like more.
---
 src/channel/app.rs         |   6 +-
 src/channel/mod.rs         |   1 +
 src/channel/repo.rs        | 165 +++++++++++++++++++++++++++++++++++++++++++++
 src/cli.rs                 |   4 +-
 src/db.rs                  |  42 ++++++++++++
 src/event/app.rs           |   6 +-
 src/event/repo/mod.rs      |   3 +
 src/event/repo/sequence.rs |  44 ++++++++++++
 src/lib.rs                 |   2 +-
 src/login/app.rs           |   2 +-
 src/repo/channel.rs        | 165 ---------------------------------------------
 src/repo/error.rs          |  23 -------
 src/repo/mod.rs            |   4 --
 src/repo/pool.rs           |  18 -----
 src/repo/sequence.rs       |  44 ------------
 src/test/fixtures/mod.rs   |   4 +-
 src/token/app.rs           |   2 +-
 17 files changed, 267 insertions(+), 268 deletions(-)
 create mode 100644 src/channel/repo.rs
 create mode 100644 src/db.rs
 create mode 100644 src/event/repo/sequence.rs
 delete mode 100644 src/repo/channel.rs
 delete mode 100644 src/repo/error.rs
 delete mode 100644 src/repo/mod.rs
 delete mode 100644 src/repo/pool.rs
 delete mode 100644 src/repo/sequence.rs

(limited to 'src/repo/channel.rs')

diff --git a/src/channel/app.rs b/src/channel/app.rs
index 1422651..ef0a63f 100644
--- a/src/channel/app.rs
+++ b/src/channel/app.rs
@@ -2,11 +2,9 @@ use chrono::TimeDelta;
 use sqlx::sqlite::SqlitePool;
 
 use crate::{
-    channel::Channel,
+    channel::{repo::Provider as _, Channel},
     clock::DateTime,
-    event::Sequence,
-    event::{broadcaster::Broadcaster, types::ChannelEvent},
-    repo::{channel::Provider as _, sequence::Provider as _},
+    event::{broadcaster::Broadcaster, repo::Provider as _, types::ChannelEvent, Sequence},
 };
 
 pub struct Channels<'a> {
diff --git a/src/channel/mod.rs b/src/channel/mod.rs
index 02d0ed4..2672084 100644
--- a/src/channel/mod.rs
+++ b/src/channel/mod.rs
@@ -2,6 +2,7 @@ use crate::{clock::DateTime, event::Sequence};
 
 pub mod app;
 mod id;
+pub mod repo;
 mod routes;
 
 pub use self::{id::Id, routes::router};
diff --git a/src/channel/repo.rs b/src/channel/repo.rs
new file mode 100644
index 0000000..18cd81f
--- /dev/null
+++ b/src/channel/repo.rs
@@ -0,0 +1,165 @@
+use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
+
+use crate::{
+    channel::{Channel, Id},
+    clock::DateTime,
+    event::{types, Sequence},
+};
+
+pub trait Provider {
+    fn channels(&mut self) -> Channels;
+}
+
+impl<'c> Provider for Transaction<'c, Sqlite> {
+    fn channels(&mut self) -> Channels {
+        Channels(self)
+    }
+}
+
+pub struct Channels<'t>(&'t mut SqliteConnection);
+
+impl<'c> Channels<'c> {
+    pub async fn create(
+        &mut self,
+        name: &str,
+        created_at: &DateTime,
+        created_sequence: Sequence,
+    ) -> Result<Channel, sqlx::Error> {
+        let id = Id::generate();
+        let channel = sqlx::query_as!(
+            Channel,
+            r#"
+                insert
+                into channel (id, name, created_at, created_sequence)
+                values ($1, $2, $3, $4)
+                returning
+                    id as "id: Id",
+                    name,
+                    created_at as "created_at: DateTime",
+                    created_sequence as "created_sequence: Sequence"
+            "#,
+            id,
+            name,
+            created_at,
+            created_sequence,
+        )
+        .fetch_one(&mut *self.0)
+        .await?;
+
+        Ok(channel)
+    }
+
+    pub async fn by_id(&mut self, channel: &Id) -> Result<Channel, sqlx::Error> {
+        let channel = sqlx::query_as!(
+            Channel,
+            r#"
+                select
+                    id as "id: Id",
+                    name,
+                    created_at as "created_at: DateTime",
+                    created_sequence as "created_sequence: Sequence"
+                from channel
+                where id = $1
+            "#,
+            channel,
+        )
+        .fetch_one(&mut *self.0)
+        .await?;
+
+        Ok(channel)
+    }
+
+    pub async fn all(
+        &mut self,
+        resume_point: Option<Sequence>,
+    ) -> Result<Vec<Channel>, sqlx::Error> {
+        let channels = sqlx::query_as!(
+            Channel,
+            r#"
+                select
+                    id as "id: Id",
+                    name,
+                    created_at as "created_at: DateTime",
+                    created_sequence as "created_sequence: Sequence"
+                from channel
+                where coalesce(created_sequence <= $1, true)
+                order by channel.name
+            "#,
+            resume_point,
+        )
+        .fetch_all(&mut *self.0)
+        .await?;
+
+        Ok(channels)
+    }
+
+    pub async fn replay(
+        &mut self,
+        resume_at: Option<Sequence>,
+    ) -> Result<Vec<Channel>, sqlx::Error> {
+        let channels = sqlx::query_as!(
+            Channel,
+            r#"
+                select
+                    id as "id: Id",
+                    name,
+                    created_at as "created_at: DateTime",
+                    created_sequence as "created_sequence: Sequence"
+                from channel
+                where coalesce(created_sequence > $1, true)
+            "#,
+            resume_at,
+        )
+        .fetch_all(&mut *self.0)
+        .await?;
+
+        Ok(channels)
+    }
+
+    pub async fn delete(
+        &mut self,
+        channel: &Channel,
+        deleted_at: &DateTime,
+        deleted_sequence: Sequence,
+    ) -> Result<types::ChannelEvent, sqlx::Error> {
+        let channel = channel.id.clone();
+        sqlx::query_scalar!(
+            r#"
+                delete from channel
+                where id = $1
+                returning 1 as "row: i64"
+            "#,
+            channel,
+        )
+        .fetch_one(&mut *self.0)
+        .await?;
+
+        Ok(types::ChannelEvent {
+            sequence: deleted_sequence,
+            at: *deleted_at,
+            data: types::DeletedEvent { channel }.into(),
+        })
+    }
+
+    pub async fn expired(&mut self, expired_at: &DateTime) -> Result<Vec<Channel>, sqlx::Error> {
+        let channels = sqlx::query_as!(
+            Channel,
+            r#"
+                select
+                    channel.id as "id: Id",
+                    channel.name,
+                    channel.created_at as "created_at: DateTime",
+                    channel.created_sequence as "created_sequence: Sequence"
+                from channel
+                    left join message
+                where created_at < $1
+                    and message.id is null
+            "#,
+            expired_at,
+        )
+        .fetch_all(&mut *self.0)
+        .await?;
+
+        Ok(channels)
+    }
+}
diff --git a/src/cli.rs b/src/cli.rs
index ee95ea6..893fae2 100644
--- a/src/cli.rs
+++ b/src/cli.rs
@@ -10,7 +10,7 @@ use clap::Parser;
 use sqlx::sqlite::SqlitePool;
 use tokio::net;
 
-use crate::{app::App, channel, clock, event, expire, login, repo::pool};
+use crate::{app::App, channel, clock, db, event, expire, login};
 
 /// Command-line entry point for running the `hi` server.
 ///
@@ -100,7 +100,7 @@ impl Args {
     }
 
     async fn pool(&self) -> sqlx::Result<SqlitePool> {
-        pool::prepare(&self.database_url).await
+        db::prepare(&self.database_url).await
     }
 }
 
diff --git a/src/db.rs b/src/db.rs
new file mode 100644
index 0000000..93a1169
--- /dev/null
+++ b/src/db.rs
@@ -0,0 +1,42 @@
+use std::str::FromStr;
+
+use sqlx::sqlite::{SqliteConnectOptions, SqlitePool, SqlitePoolOptions};
+
+pub async fn prepare(url: &str) -> sqlx::Result<SqlitePool> {
+    let pool = create(url).await?;
+    sqlx::migrate!().run(&pool).await?;
+    Ok(pool)
+}
+
+async fn create(database_url: &str) -> sqlx::Result<SqlitePool> {
+    let options = SqliteConnectOptions::from_str(database_url)?
+        .create_if_missing(true)
+        .optimize_on_close(true, /* analysis_limit */ None);
+
+    let pool = SqlitePoolOptions::new().connect_with(options).await?;
+    Ok(pool)
+}
+
+pub trait NotFound {
+    type Ok;
+    fn not_found<E, F>(self, map: F) -> Result<Self::Ok, E>
+    where
+        E: From<sqlx::Error>,
+        F: FnOnce() -> E;
+}
+
+impl<T> NotFound for Result<T, sqlx::Error> {
+    type Ok = T;
+
+    fn not_found<E, F>(self, map: F) -> Result<T, E>
+    where
+        E: From<sqlx::Error>,
+        F: FnOnce() -> E,
+    {
+        match self {
+            Err(sqlx::Error::RowNotFound) => Err(map()),
+            Err(other) => Err(other.into()),
+            Ok(value) => Ok(value),
+        }
+    }
+}
diff --git a/src/event/app.rs b/src/event/app.rs
index b5f2ecc..3d35f1a 100644
--- a/src/event/app.rs
+++ b/src/event/app.rs
@@ -12,11 +12,11 @@ use super::{
     types::{self, ChannelEvent},
 };
 use crate::{
-    channel,
+    channel::{self, repo::Provider as _},
     clock::DateTime,
-    event::Sequence,
+    db::NotFound as _,
+    event::{repo::Provider as _, Sequence},
     login::Login,
-    repo::{channel::Provider as _, error::NotFound as _, sequence::Provider as _},
 };
 
 pub struct Events<'a> {
diff --git a/src/event/repo/mod.rs b/src/event/repo/mod.rs
index e216a50..cee840c 100644
--- a/src/event/repo/mod.rs
+++ b/src/event/repo/mod.rs
@@ -1 +1,4 @@
 pub mod message;
+mod sequence;
+
+pub use self::sequence::Provider;
diff --git a/src/event/repo/sequence.rs b/src/event/repo/sequence.rs
new file mode 100644
index 0000000..c985869
--- /dev/null
+++ b/src/event/repo/sequence.rs
@@ -0,0 +1,44 @@
+use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
+
+use crate::event::Sequence;
+
+pub trait Provider {
+    fn sequence(&mut self) -> Sequences;
+}
+
+impl<'c> Provider for Transaction<'c, Sqlite> {
+    fn sequence(&mut self) -> Sequences {
+        Sequences(self)
+    }
+}
+
+pub struct Sequences<'t>(&'t mut SqliteConnection);
+
+impl<'c> Sequences<'c> {
+    pub async fn next(&mut self) -> Result<Sequence, sqlx::Error> {
+        let next = sqlx::query_scalar!(
+            r#"
+                update event_sequence
+                set last_value = last_value + 1
+                returning last_value as "next_value: Sequence"
+            "#,
+        )
+        .fetch_one(&mut *self.0)
+        .await?;
+
+        Ok(next)
+    }
+
+    pub async fn current(&mut self) -> Result<Sequence, sqlx::Error> {
+        let next = sqlx::query_scalar!(
+            r#"
+                select last_value as "last_value: Sequence"
+                from event_sequence
+            "#,
+        )
+        .fetch_one(&mut *self.0)
+        .await?;
+
+        Ok(next)
+    }
+}
diff --git a/src/lib.rs b/src/lib.rs
index bbcb314..8ec13da 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -7,13 +7,13 @@ mod broadcast;
 mod channel;
 pub mod cli;
 mod clock;
+mod db;
 mod error;
 mod event;
 mod expire;
 mod id;
 mod login;
 mod message;
-mod repo;
 #[cfg(test)]
 mod test;
 mod token;
diff --git a/src/login/app.rs b/src/login/app.rs
index 69c1055..15adb31 100644
--- a/src/login/app.rs
+++ b/src/login/app.rs
@@ -1,6 +1,6 @@
 use sqlx::sqlite::SqlitePool;
 
-use crate::{event::Sequence, repo::sequence::Provider as _};
+use crate::event::{repo::Provider as _, Sequence};
 
 #[cfg(test)]
 use super::{repo::Provider as _, Login, Password};
diff --git a/src/repo/channel.rs b/src/repo/channel.rs
deleted file mode 100644
index 18cd81f..0000000
--- a/src/repo/channel.rs
+++ /dev/null
@@ -1,165 +0,0 @@
-use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
-
-use crate::{
-    channel::{Channel, Id},
-    clock::DateTime,
-    event::{types, Sequence},
-};
-
-pub trait Provider {
-    fn channels(&mut self) -> Channels;
-}
-
-impl<'c> Provider for Transaction<'c, Sqlite> {
-    fn channels(&mut self) -> Channels {
-        Channels(self)
-    }
-}
-
-pub struct Channels<'t>(&'t mut SqliteConnection);
-
-impl<'c> Channels<'c> {
-    pub async fn create(
-        &mut self,
-        name: &str,
-        created_at: &DateTime,
-        created_sequence: Sequence,
-    ) -> Result<Channel, sqlx::Error> {
-        let id = Id::generate();
-        let channel = sqlx::query_as!(
-            Channel,
-            r#"
-                insert
-                into channel (id, name, created_at, created_sequence)
-                values ($1, $2, $3, $4)
-                returning
-                    id as "id: Id",
-                    name,
-                    created_at as "created_at: DateTime",
-                    created_sequence as "created_sequence: Sequence"
-            "#,
-            id,
-            name,
-            created_at,
-            created_sequence,
-        )
-        .fetch_one(&mut *self.0)
-        .await?;
-
-        Ok(channel)
-    }
-
-    pub async fn by_id(&mut self, channel: &Id) -> Result<Channel, sqlx::Error> {
-        let channel = sqlx::query_as!(
-            Channel,
-            r#"
-                select
-                    id as "id: Id",
-                    name,
-                    created_at as "created_at: DateTime",
-                    created_sequence as "created_sequence: Sequence"
-                from channel
-                where id = $1
-            "#,
-            channel,
-        )
-        .fetch_one(&mut *self.0)
-        .await?;
-
-        Ok(channel)
-    }
-
-    pub async fn all(
-        &mut self,
-        resume_point: Option<Sequence>,
-    ) -> Result<Vec<Channel>, sqlx::Error> {
-        let channels = sqlx::query_as!(
-            Channel,
-            r#"
-                select
-                    id as "id: Id",
-                    name,
-                    created_at as "created_at: DateTime",
-                    created_sequence as "created_sequence: Sequence"
-                from channel
-                where coalesce(created_sequence <= $1, true)
-                order by channel.name
-            "#,
-            resume_point,
-        )
-        .fetch_all(&mut *self.0)
-        .await?;
-
-        Ok(channels)
-    }
-
-    pub async fn replay(
-        &mut self,
-        resume_at: Option<Sequence>,
-    ) -> Result<Vec<Channel>, sqlx::Error> {
-        let channels = sqlx::query_as!(
-            Channel,
-            r#"
-                select
-                    id as "id: Id",
-                    name,
-                    created_at as "created_at: DateTime",
-                    created_sequence as "created_sequence: Sequence"
-                from channel
-                where coalesce(created_sequence > $1, true)
-            "#,
-            resume_at,
-        )
-        .fetch_all(&mut *self.0)
-        .await?;
-
-        Ok(channels)
-    }
-
-    pub async fn delete(
-        &mut self,
-        channel: &Channel,
-        deleted_at: &DateTime,
-        deleted_sequence: Sequence,
-    ) -> Result<types::ChannelEvent, sqlx::Error> {
-        let channel = channel.id.clone();
-        sqlx::query_scalar!(
-            r#"
-                delete from channel
-                where id = $1
-                returning 1 as "row: i64"
-            "#,
-            channel,
-        )
-        .fetch_one(&mut *self.0)
-        .await?;
-
-        Ok(types::ChannelEvent {
-            sequence: deleted_sequence,
-            at: *deleted_at,
-            data: types::DeletedEvent { channel }.into(),
-        })
-    }
-
-    pub async fn expired(&mut self, expired_at: &DateTime) -> Result<Vec<Channel>, sqlx::Error> {
-        let channels = sqlx::query_as!(
-            Channel,
-            r#"
-                select
-                    channel.id as "id: Id",
-                    channel.name,
-                    channel.created_at as "created_at: DateTime",
-                    channel.created_sequence as "created_sequence: Sequence"
-                from channel
-                    left join message
-                where created_at < $1
-                    and message.id is null
-            "#,
-            expired_at,
-        )
-        .fetch_all(&mut *self.0)
-        .await?;
-
-        Ok(channels)
-    }
-}
diff --git a/src/repo/error.rs b/src/repo/error.rs
deleted file mode 100644
index a5961e2..0000000
--- a/src/repo/error.rs
+++ /dev/null
@@ -1,23 +0,0 @@
-pub trait NotFound {
-    type Ok;
-    fn not_found<E, F>(self, map: F) -> Result<Self::Ok, E>
-    where
-        E: From<sqlx::Error>,
-        F: FnOnce() -> E;
-}
-
-impl<T> NotFound for Result<T, sqlx::Error> {
-    type Ok = T;
-
-    fn not_found<E, F>(self, map: F) -> Result<T, E>
-    where
-        E: From<sqlx::Error>,
-        F: FnOnce() -> E,
-    {
-        match self {
-            Err(sqlx::Error::RowNotFound) => Err(map()),
-            Err(other) => Err(other.into()),
-            Ok(value) => Ok(value),
-        }
-    }
-}
diff --git a/src/repo/mod.rs b/src/repo/mod.rs
deleted file mode 100644
index 7abd46b..0000000
--- a/src/repo/mod.rs
+++ /dev/null
@@ -1,4 +0,0 @@
-pub mod channel;
-pub mod error;
-pub mod pool;
-pub mod sequence;
diff --git a/src/repo/pool.rs b/src/repo/pool.rs
deleted file mode 100644
index b4aa6fc..0000000
--- a/src/repo/pool.rs
+++ /dev/null
@@ -1,18 +0,0 @@
-use std::str::FromStr;
-
-use sqlx::sqlite::{SqliteConnectOptions, SqlitePool, SqlitePoolOptions};
-
-pub async fn prepare(url: &str) -> sqlx::Result<SqlitePool> {
-    let pool = create(url).await?;
-    sqlx::migrate!().run(&pool).await?;
-    Ok(pool)
-}
-
-async fn create(database_url: &str) -> sqlx::Result<SqlitePool> {
-    let options = SqliteConnectOptions::from_str(database_url)?
-        .create_if_missing(true)
-        .optimize_on_close(true, /* analysis_limit */ None);
-
-    let pool = SqlitePoolOptions::new().connect_with(options).await?;
-    Ok(pool)
-}
diff --git a/src/repo/sequence.rs b/src/repo/sequence.rs
deleted file mode 100644
index c985869..0000000
--- a/src/repo/sequence.rs
+++ /dev/null
@@ -1,44 +0,0 @@
-use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
-
-use crate::event::Sequence;
-
-pub trait Provider {
-    fn sequence(&mut self) -> Sequences;
-}
-
-impl<'c> Provider for Transaction<'c, Sqlite> {
-    fn sequence(&mut self) -> Sequences {
-        Sequences(self)
-    }
-}
-
-pub struct Sequences<'t>(&'t mut SqliteConnection);
-
-impl<'c> Sequences<'c> {
-    pub async fn next(&mut self) -> Result<Sequence, sqlx::Error> {
-        let next = sqlx::query_scalar!(
-            r#"
-                update event_sequence
-                set last_value = last_value + 1
-                returning last_value as "next_value: Sequence"
-            "#,
-        )
-        .fetch_one(&mut *self.0)
-        .await?;
-
-        Ok(next)
-    }
-
-    pub async fn current(&mut self) -> Result<Sequence, sqlx::Error> {
-        let next = sqlx::query_scalar!(
-            r#"
-                select last_value as "last_value: Sequence"
-                from event_sequence
-            "#,
-        )
-        .fetch_one(&mut *self.0)
-        .await?;
-
-        Ok(next)
-    }
-}
diff --git a/src/test/fixtures/mod.rs b/src/test/fixtures/mod.rs
index d1dd0c3..76467ab 100644
--- a/src/test/fixtures/mod.rs
+++ b/src/test/fixtures/mod.rs
@@ -1,6 +1,6 @@
 use chrono::{TimeDelta, Utc};
 
-use crate::{app::App, clock::RequestedAt, repo::pool};
+use crate::{app::App, clock::RequestedAt, db};
 
 pub mod channel;
 pub mod filter;
@@ -10,7 +10,7 @@ pub mod login;
 pub mod message;
 
 pub async fn scratch_app() -> App {
-    let pool = pool::prepare("sqlite::memory:")
+    let pool = db::prepare("sqlite::memory:")
         .await
         .expect("setting up in-memory sqlite database");
     App::from(pool)
diff --git a/src/token/app.rs b/src/token/app.rs
index 1477a9f..030ec69 100644
--- a/src/token/app.rs
+++ b/src/token/app.rs
@@ -11,8 +11,8 @@ use super::{
 };
 use crate::{
     clock::DateTime,
+    db::NotFound as _,
     login::{repo::Provider as _, Login, Password},
-    repo::error::NotFound as _,
 };
 
 pub struct Tokens<'a> {
-- 
cgit v1.2.3