1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
|
use sqlx::{SqliteConnection, Transaction, sqlite::Sqlite};
use uuid::Uuid;
use crate::{
clock::DateTime,
db::NotFound,
event::{Instant, Sequence},
name::{self, Name},
token::{Id, Secret},
user::{self, History, User},
};
pub trait Provider {
fn tokens(&mut self) -> Tokens;
}
impl Provider for Transaction<'_, Sqlite> {
fn tokens(&mut self) -> Tokens {
Tokens(self)
}
}
pub struct Tokens<'t>(&'t mut SqliteConnection);
impl Tokens<'_> {
// Issue a new token for an existing user. The issued_at timestamp will
// determine the token's initial expiry deadline.
pub async fn issue(
&mut self,
user: &History,
issued_at: &DateTime,
) -> Result<Secret, sqlx::Error> {
let id = Id::generate();
let secret = Uuid::new_v4().to_string();
let user = user.id();
let secret = sqlx::query_scalar!(
r#"
insert
into token (id, secret, user, issued_at, last_used_at)
values ($1, $2, $3, $4, $4)
returning secret as "secret!: Secret"
"#,
id,
secret,
user,
issued_at,
)
.fetch_one(&mut *self.0)
.await?;
Ok(secret)
}
pub async fn require(&mut self, token: &Id) -> Result<(), sqlx::Error> {
sqlx::query_scalar!(
r#"
select id as "id: Id"
from token
where id = $1
"#,
token,
)
.fetch_one(&mut *self.0)
.await?;
Ok(())
}
// Revoke a token by its secret.
pub async fn revoke(&mut self, token: &Id) -> Result<(), sqlx::Error> {
sqlx::query_scalar!(
r#"
delete
from token
where id = $1
returning id as "id: Id"
"#,
token,
)
.fetch_one(&mut *self.0)
.await?;
Ok(())
}
// Revoke tokens for a login
pub async fn revoke_all(&mut self, user: &user::History) -> Result<Vec<Id>, sqlx::Error> {
let user = user.id();
let tokens = sqlx::query_scalar!(
r#"
delete
from token
where user = $1
returning id as "id: Id"
"#,
user,
)
.fetch_all(&mut *self.0)
.await?;
Ok(tokens)
}
// Expire and delete all tokens that haven't been used more recently than
// `expire_at`.
pub async fn expire(&mut self, expire_at: &DateTime) -> Result<Vec<Id>, sqlx::Error> {
let tokens = sqlx::query_scalar!(
r#"
delete
from token
where last_used_at < $1
returning id as "id: Id"
"#,
expire_at,
)
.fetch_all(&mut *self.0)
.await?;
Ok(tokens)
}
// Validate a token by its secret, retrieving the associated Login record.
// Will return an error if the token is not valid. If successful, the
// retrieved token's last-used timestamp will be set to `used_at`.
pub async fn validate(
&mut self,
secret: &Secret,
used_at: &DateTime,
) -> Result<(Id, History), LoadError> {
// I would use `update … returning` to do this in one query, but
// sqlite3, as of this writing, does not allow an update's `returning`
// clause to reference columns from tables joined into the update. Two
// queries is fine, but it feels untidy.
let (token, user) = sqlx::query!(
r#"
update token
set last_used_at = $1
where secret = $2
returning
id as "token: Id",
user as "user: user::Id"
"#,
used_at,
secret,
)
.map(|row| (row.token, row.user))
.fetch_one(&mut *self.0)
.await?;
let user = sqlx::query!(
r#"
select
id as "id: user::Id",
display_name as "display_name: String",
canonical_name as "canonical_name: String",
created_sequence as "created_sequence: Sequence",
created_at as "created_at: DateTime"
from user
where id = $1
"#,
user,
)
.map(|row| {
Ok::<_, name::Error>(History {
user: User {
id: row.id,
name: Name::new(row.display_name, row.canonical_name)?,
},
created: Instant::new(row.created_at, row.created_sequence),
})
})
.fetch_one(&mut *self.0)
.await??;
Ok((token, user))
}
}
#[derive(Debug, thiserror::Error)]
#[error(transparent)]
pub enum LoadError {
Database(#[from] sqlx::Error),
Name(#[from] name::Error),
}
impl<T> NotFound for Result<T, LoadError> {
type Ok = T;
type Error = LoadError;
fn optional(self) -> Result<Option<T>, LoadError> {
match self {
Ok(value) => Ok(Some(value)),
Err(LoadError::Database(sqlx::Error::RowNotFound)) => Ok(None),
Err(other) => Err(other),
}
}
}
|
