use chrono::TimeDelta; use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction}; use uuid::Uuid; use super::logins::{Id as LoginId, Login}; use crate::error::BoxedError; type DateTime = chrono::DateTime; pub trait Provider { fn tokens(&mut self) -> Tokens; } impl<'c> Provider for Transaction<'c, Sqlite> { fn tokens(&mut self) -> Tokens { Tokens(self) } } pub struct Tokens<'t>(&'t mut SqliteConnection); impl<'c> Tokens<'c> { /// Issue a new token for an existing login. The issued_at timestamp will /// be used to control expiry. pub async fn issue( &mut self, login: &LoginId, issued_at: DateTime, ) -> Result { let secret = Uuid::new_v4().to_string(); let secret = sqlx::query_scalar!( r#" insert into token (secret, login, issued_at) values ($1, $2, $3) returning secret as "secret!" "#, secret, login, issued_at, ) .fetch_one(&mut *self.0) .await?; Ok(secret) } /// Revoke a token by its secret. If there is no such token with that /// secret, this will succeed by doing nothing. pub async fn revoke(&mut self, secret: &str) -> Result<(), BoxedError> { sqlx::query!( r#" delete from token where secret = $1 "#, secret, ) .execute(&mut *self.0) .await?; Ok(()) } pub async fn expire(&mut self, expire_at: DateTime) -> Result<(), BoxedError> { // Somewhat arbitrarily, expire after 90 days. let expired_issue_at = expire_at - TimeDelta::days(90); sqlx::query!( r#" delete from token where issued_at < $1 "#, expired_issue_at, ) .execute(&mut *self.0) .await?; Ok(()) } /// Validate a token by its secret, retrieving the associated Login record. /// Will return [None] if the token is not valid. pub async fn validate(&mut self, secret: &str) -> Result, BoxedError> { let login = sqlx::query_as!( Login, r#" select login.id as "id: LoginId", name from login join token on login.id = token.login where token.secret = $1 "#, secret, ) .fetch_optional(&mut *self.0) .await?; Ok(login) } }