1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
use chrono::TimeDelta;
use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
use uuid::Uuid;
use super::logins::{Id as LoginId, Login};
use crate::error::BoxedError;
type DateTime = chrono::DateTime<chrono::Utc>;
pub trait Provider {
fn tokens(&mut self) -> Tokens;
}
impl<'c> Provider for Transaction<'c, Sqlite> {
fn tokens(&mut self) -> Tokens {
Tokens(self)
}
}
pub struct Tokens<'t>(&'t mut SqliteConnection);
impl<'c> Tokens<'c> {
/// Issue a new token for an existing login. The issued_at timestamp will
/// be used to control expiry, until the token is actually used.
pub async fn issue(
&mut self,
login: &LoginId,
issued_at: DateTime,
) -> Result<String, BoxedError> {
let secret = Uuid::new_v4().to_string();
let secret = sqlx::query_scalar!(
r#"
insert
into token (secret, login, issued_at, last_used_at)
values ($1, $2, $3, $3)
returning secret as "secret!"
"#,
secret,
login,
issued_at,
)
.fetch_one(&mut *self.0)
.await?;
Ok(secret)
}
/// Revoke a token by its secret. If there is no such token with that
/// secret, this will succeed by doing nothing.
pub async fn revoke(&mut self, secret: &str) -> Result<(), BoxedError> {
sqlx::query!(
r#"
delete
from token
where secret = $1
"#,
secret,
)
.execute(&mut *self.0)
.await?;
Ok(())
}
/// Expire and delete all tokens that haven't been used within the expiry
/// interval (right now, 7 days) prior to `expire_at`. Tokens that are in
/// use within that period will be retained.
pub async fn expire(&mut self, expire_at: DateTime) -> Result<(), BoxedError> {
// Somewhat arbitrarily, expire after 7 days.
let expired_issue_at = expire_at - TimeDelta::days(7);
sqlx::query!(
r#"
delete
from token
where last_used_at < $1
"#,
expired_issue_at,
)
.execute(&mut *self.0)
.await?;
Ok(())
}
/// Validate a token by its secret, retrieving the associated Login record.
/// Will return [None] if the token is not valid. The token's last-used
/// timestamp will be set to `used_at`.
pub async fn validate(
&mut self,
secret: &str,
used_at: DateTime,
) -> Result<Option<Login>, BoxedError> {
// I would use `update … returning` to do this in one query, but
// sqlite3, as of this writing, does not allow an update's `returning`
// clause to reference columns from tables joined into the update. Two
// queries is fine, but it feels untidy.
sqlx::query!(
r#"
update token
set last_used_at = $1
where secret = $2
"#,
used_at,
secret,
)
.execute(&mut *self.0)
.await?;
let login = sqlx::query_as!(
Login,
r#"
select
login.id as "id: LoginId",
name
from login
join token on login.id = token.login
where token.secret = $1
"#,
secret,
)
.fetch_optional(&mut *self.0)
.await?;
Ok(login)
}
}
|
