use std::fmt; use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction}; use uuid::Uuid; use super::login::{self, Login}; use crate::{clock::DateTime, id::Id as BaseId, login::extract::IdentitySecret}; pub trait Provider { fn tokens(&mut self) -> Tokens; } impl<'c> Provider for Transaction<'c, Sqlite> { fn tokens(&mut self) -> Tokens { Tokens(self) } } pub struct Tokens<'t>(&'t mut SqliteConnection); impl<'c> Tokens<'c> { // Issue a new token for an existing login. The issued_at timestamp will // be used to control expiry, until the token is actually used. pub async fn issue( &mut self, login: &Login, issued_at: &DateTime, ) -> Result { let id = Id::generate(); let secret = Uuid::new_v4().to_string(); let secret = sqlx::query_scalar!( r#" insert into token (id, secret, login, issued_at, last_used_at) values ($1, $2, $3, $4, $4) returning secret as "secret!: IdentitySecret" "#, id, secret, login.id, issued_at, ) .fetch_one(&mut *self.0) .await?; Ok(secret) } // Revoke a token by its secret. pub async fn revoke(&mut self, secret: &IdentitySecret) -> Result { let token = sqlx::query_scalar!( r#" delete from token where secret = $1 returning id as "id: Id" "#, secret, ) .fetch_one(&mut *self.0) .await?; Ok(token) } // Expire and delete all tokens that haven't been used more recently than // `expire_at`. pub async fn expire(&mut self, expire_at: &DateTime) -> Result, sqlx::Error> { let tokens = sqlx::query_scalar!( r#" delete from token where last_used_at < $1 returning id as "id: Id" "#, expire_at, ) .fetch_all(&mut *self.0) .await?; Ok(tokens) } // Validate a token by its secret, retrieving the associated Login record. // Will return [None] if the token is not valid. The token's last-used // timestamp will be set to `used_at`. pub async fn validate( &mut self, secret: &IdentitySecret, used_at: &DateTime, ) -> Result<(Id, Login), sqlx::Error> { // I would use `update … returning` to do this in one query, but // sqlite3, as of this writing, does not allow an update's `returning` // clause to reference columns from tables joined into the update. Two // queries is fine, but it feels untidy. sqlx::query!( r#" update token set last_used_at = $1 where secret = $2 "#, used_at, secret, ) .execute(&mut *self.0) .await?; let login = sqlx::query!( r#" select token.id as "token_id: Id", login.id as "login_id: login::Id", name as "login_name" from login join token on login.id = token.login where token.secret = $1 "#, secret, ) .map(|row| { ( row.token_id, Login { id: row.login_id, name: row.login_name, }, ) }) .fetch_one(&mut *self.0) .await?; Ok(login) } } // Stable identifier for a token. Prefixed with `T`. #[derive(Clone, Debug, Eq, Hash, PartialEq, sqlx::Type, serde::Deserialize, serde::Serialize)] #[sqlx(transparent)] #[serde(transparent)] pub struct Id(BaseId); impl From for Id { fn from(id: BaseId) -> Self { Self(id) } } impl Id { pub fn generate() -> Self { BaseId::generate("T") } } impl fmt::Display for Id { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { self.0.fmt(f) } }