1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
use chrono::TimeDelta;
use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
use uuid::Uuid;
use super::login::{self, Login};
use crate::clock::DateTime;
pub trait Provider {
fn tokens(&mut self) -> Tokens;
}
impl<'c> Provider for Transaction<'c, Sqlite> {
fn tokens(&mut self) -> Tokens {
Tokens(self)
}
}
pub struct Tokens<'t>(&'t mut SqliteConnection);
impl<'c> Tokens<'c> {
/// Issue a new token for an existing login. The issued_at timestamp will
/// be used to control expiry, until the token is actually used.
pub async fn issue(
&mut self,
login: &Login,
issued_at: DateTime,
) -> Result<String, sqlx::Error> {
let secret = Uuid::new_v4().to_string();
let secret = sqlx::query_scalar!(
r#"
insert
into token (secret, login, issued_at, last_used_at)
values ($1, $2, $3, $3)
returning secret as "secret!"
"#,
secret,
login.id,
issued_at,
)
.fetch_one(&mut *self.0)
.await?;
Ok(secret)
}
/// Revoke a token by its secret.
pub async fn revoke(&mut self, secret: &str) -> Result<(), sqlx::Error> {
sqlx::query!(
r#"
delete
from token
where secret = $1
returning 1 as "found: u32"
"#,
secret,
)
.fetch_one(&mut *self.0)
.await?;
Ok(())
}
/// Expire and delete all tokens that haven't been used within the expiry
/// interval (right now, 7 days) prior to `expire_at`. Tokens that are in
/// use within that period will be retained.
pub async fn expire(&mut self, expire_at: DateTime) -> Result<(), sqlx::Error> {
// Somewhat arbitrarily, expire after 7 days.
let expired_issue_at = expire_at - TimeDelta::days(7);
sqlx::query!(
r#"
delete
from token
where last_used_at < $1
"#,
expired_issue_at,
)
.execute(&mut *self.0)
.await?;
Ok(())
}
/// Validate a token by its secret, retrieving the associated Login record.
/// Will return [None] if the token is not valid. The token's last-used
/// timestamp will be set to `used_at`.
pub async fn validate(
&mut self,
secret: &str,
used_at: DateTime,
) -> Result<Login, sqlx::Error> {
// I would use `update … returning` to do this in one query, but
// sqlite3, as of this writing, does not allow an update's `returning`
// clause to reference columns from tables joined into the update. Two
// queries is fine, but it feels untidy.
sqlx::query!(
r#"
update token
set last_used_at = $1
where secret = $2
"#,
used_at,
secret,
)
.execute(&mut *self.0)
.await?;
let login = sqlx::query_as!(
Login,
r#"
select
login.id as "id: login::Id",
name
from login
join token on login.id = token.login
where token.secret = $1
"#,
secret,
)
.fetch_one(&mut *self.0)
.await?;
Ok(login)
}
}
|
