1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
|
use sqlx::{SqliteConnection, Transaction, sqlite::Sqlite};
use crate::{
clock::DateTime,
db::NotFound,
login::{self, Login},
name::{self, Name},
token::{Id, Secret, Token},
};
pub trait Provider {
fn tokens(&mut self) -> Tokens<'_>;
}
impl Provider for Transaction<'_, Sqlite> {
fn tokens(&mut self) -> Tokens<'_> {
Tokens(self)
}
}
pub struct Tokens<'t>(&'t mut SqliteConnection);
impl Tokens<'_> {
pub async fn create(&mut self, token: &Token, secret: &Secret) -> Result<(), sqlx::Error> {
sqlx::query!(
r#"
insert
into token (id, secret, login, issued_at, last_used_at)
values ($1, $2, $3, $4, $5)
"#,
token.id,
secret,
token.login,
token.issued_at,
token.last_used_at,
)
.execute(&mut *self.0)
.await?;
Ok(())
}
pub async fn require(&mut self, token: &Id) -> Result<(), sqlx::Error> {
sqlx::query_scalar!(
r#"
select id as "id: Id"
from token
where id = $1
"#,
token,
)
.fetch_one(&mut *self.0)
.await?;
Ok(())
}
pub async fn revoke(&mut self, token: &Token) -> Result<(), sqlx::Error> {
sqlx::query!(
r#"
delete from token
where id = $1
"#,
token.id,
)
.execute(&mut *self.0)
.await?;
Ok(())
}
// Revoke tokens for a login
pub async fn revoke_all(&mut self, login: &Login) -> Result<Vec<Id>, sqlx::Error> {
let tokens = sqlx::query_scalar!(
r#"
delete
from token
where login = $1
returning id as "id: Id"
"#,
login.id,
)
.fetch_all(&mut *self.0)
.await?;
Ok(tokens)
}
// Expire and delete all tokens that haven't been used more recently than
// `expire_at`.
pub async fn expire(&mut self, expire_at: &DateTime) -> Result<Vec<Id>, sqlx::Error> {
// This lives here, rather than in the `push` repository, to ensure that the criteria for
// stale tokens don't drift apart between the two queries. That would be a larger risk if
// the queries lived in very separate parts of the codebase.
sqlx::query!(
r#"
with stale_tokens as (
select id from token
where last_used_at < $1
)
delete from push_subscription
where token in stale_tokens
"#,
expire_at,
)
.execute(&mut *self.0)
.await?;
let tokens = sqlx::query_scalar!(
r#"
delete
from token
where last_used_at < $1
returning id as "id: Id"
"#,
expire_at,
)
.fetch_all(&mut *self.0)
.await?;
Ok(tokens)
}
pub async fn validate(
&mut self,
secret: &Secret,
used_at: &DateTime,
) -> Result<(Token, Login), LoadError> {
// I would use `update … returning` to do this in one query, but
// sqlite3, as of this writing, does not allow an update's `returning`
// clause to reference columns from tables joined into the update. Two
// queries is fine, but it feels untidy.
let token = sqlx::query!(
r#"
update token
set last_used_at = $1
where secret = $2
returning
id as "id: Id",
login as "login: login::Id",
issued_at as "issued_at: DateTime",
last_used_at as "last_used_at: DateTime"
"#,
used_at,
secret,
)
.map(|row| Token {
id: row.id,
login: row.login,
issued_at: row.issued_at,
last_used_at: row.last_used_at,
})
.fetch_one(&mut *self.0)
.await?;
let user = sqlx::query!(
r#"
select
id as "id: login::Id",
display_name,
canonical_name
from login
where id = $1
"#,
token.login,
)
.map(|row| {
Ok::<_, name::Error>(Login {
id: row.id,
name: Name::new(row.display_name, row.canonical_name)?,
})
})
.fetch_one(&mut *self.0)
.await??;
Ok((token, user))
}
}
#[derive(Debug, thiserror::Error)]
#[error(transparent)]
pub enum LoadError {
Database(#[from] sqlx::Error),
Name(#[from] name::Error),
}
impl<T> NotFound for Result<T, LoadError> {
type Ok = T;
type Error = LoadError;
fn optional(self) -> Result<Option<T>, LoadError> {
match self {
Ok(value) => Ok(Some(value)),
Err(LoadError::Database(sqlx::Error::RowNotFound)) => Ok(None),
Err(other) => Err(other),
}
}
}
|
