1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
|
use std::fmt;
use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
use uuid::Uuid;
use super::login::{self, Login};
use crate::{clock::DateTime, id::Id as BaseId, login::extract::IdentitySecret};
pub trait Provider {
fn tokens(&mut self) -> Tokens;
}
impl<'c> Provider for Transaction<'c, Sqlite> {
fn tokens(&mut self) -> Tokens {
Tokens(self)
}
}
pub struct Tokens<'t>(&'t mut SqliteConnection);
impl<'c> Tokens<'c> {
// Issue a new token for an existing login. The issued_at timestamp will
// be used to control expiry, until the token is actually used.
pub async fn issue(
&mut self,
login: &Login,
issued_at: &DateTime,
) -> Result<IdentitySecret, sqlx::Error> {
let id = Id::generate();
let secret = Uuid::new_v4().to_string();
let secret = sqlx::query_scalar!(
r#"
insert
into token (id, secret, login, issued_at, last_used_at)
values ($1, $2, $3, $4, $4)
returning secret as "secret!: IdentitySecret"
"#,
id,
secret,
login.id,
issued_at,
)
.fetch_one(&mut *self.0)
.await?;
Ok(secret)
}
pub async fn require(&mut self, token: &Id) -> Result<(), sqlx::Error> {
sqlx::query_scalar!(
r#"
select id as "id: Id"
from token
where id = $1
"#,
token,
)
.fetch_one(&mut *self.0)
.await?;
Ok(())
}
// Revoke a token by its secret.
pub async fn revoke(&mut self, token: &Id) -> Result<(), sqlx::Error> {
sqlx::query_scalar!(
r#"
delete
from token
where id = $1
returning id as "id: Id"
"#,
token,
)
.fetch_one(&mut *self.0)
.await?;
Ok(())
}
// Expire and delete all tokens that haven't been used more recently than
// `expire_at`.
pub async fn expire(&mut self, expire_at: &DateTime) -> Result<Vec<Id>, sqlx::Error> {
let tokens = sqlx::query_scalar!(
r#"
delete
from token
where last_used_at < $1
returning id as "id: Id"
"#,
expire_at,
)
.fetch_all(&mut *self.0)
.await?;
Ok(tokens)
}
// Validate a token by its secret, retrieving the associated Login record.
// Will return [None] if the token is not valid. The token's last-used
// timestamp will be set to `used_at`.
pub async fn validate(
&mut self,
secret: &IdentitySecret,
used_at: &DateTime,
) -> Result<(Id, Login), sqlx::Error> {
// I would use `update … returning` to do this in one query, but
// sqlite3, as of this writing, does not allow an update's `returning`
// clause to reference columns from tables joined into the update. Two
// queries is fine, but it feels untidy.
sqlx::query!(
r#"
update token
set last_used_at = $1
where secret = $2
"#,
used_at,
secret,
)
.execute(&mut *self.0)
.await?;
let login = sqlx::query!(
r#"
select
token.id as "token_id: Id",
login.id as "login_id: login::Id",
name as "login_name"
from login
join token on login.id = token.login
where token.secret = $1
"#,
secret,
)
.map(|row| {
(
row.token_id,
Login {
id: row.login_id,
name: row.login_name,
},
)
})
.fetch_one(&mut *self.0)
.await?;
Ok(login)
}
}
// Stable identifier for a token. Prefixed with `T`.
#[derive(Clone, Debug, Eq, Hash, PartialEq, sqlx::Type, serde::Deserialize, serde::Serialize)]
#[sqlx(transparent)]
#[serde(transparent)]
pub struct Id(BaseId);
impl From<BaseId> for Id {
fn from(id: BaseId) -> Self {
Self(id)
}
}
impl Id {
pub fn generate() -> Self {
BaseId::generate("T")
}
}
impl fmt::Display for Id {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
self.0.fmt(f)
}
}
|
