hack to allow impersonator to impersonate target

3 files changed, 26 insertions, 28 deletions

diff --git a/crates/secd/store/pg/migrations/20221222002434_bootstrap.sql b/crates/secd/store/pg/migrations/20221222002434_bootstrap.sql
index 0fd423e..8f0a9c0 100644
--- a/crates/secd/store/pg/migrations/20221222002434_bootstrap.sql
+++ b/crates/secd/store/pg/migrations/20221222002434_bootstrap.sql
@@ -66,16 +66,6 @@ create table if not exists secd.address_validation (
        , unique(address_validation_public_id)
 );
 
-create table if not exists secd.session (
-       session_id bigserial primary key
-       , identity_id bigint not null references secd.identity(identity_id)
-       , token_hash bytea not null
-       , created_at timestamptz not null
-       , expired_at timestamptz not null
-       , revoked_at timestamptz
-       , unique(token_hash)
-);
-
 create table if not exists secd.message (
        message_id bigserial primary key
        , address_id bigint not null references secd.address(address_id)
@@ -87,22 +77,9 @@ create table if not exists secd.message (
        , sent_at timestamptz
 );
 
-create table if not exists secd.namespace_config (
-       namespace text not null
-       , serialized_config text not null
-       , created_at xid8 not null
-       , deleted_at xid8
-       -- TODO: indexes and stuff
-);
-
-create table if not exists secd.relation_tuple (
-       namespace text not null
-       , object_id text not null
-       , relation text not null
-       , userset_namespace text not null
-       , userset_object_id text not null
-       , userset_relation text not null
-       , created_at xid8 not null
-       , deleted_at xid8 not null
-       -- TODO: indexes and stuff
+create table if not exists secd.impersonator (
+       impersonator_id bigint not null references secd.identity(identity_id)
+       , target_id bigint not null references secd.identity(identity_id)
+       , credential_id bigint not null references secd.credential(credential_id)
+       , created_at timestamptz not null
 );
diff --git a/crates/secd/store/pg/sql/find_impersonator.sql b/crates/secd/store/pg/sql/find_impersonator.sql
new file mode 100644
index 0000000..e544598
--- /dev/null
+++ b/crates/secd/store/pg/sql/find_impersonator.sql
@@ -0,0 +1,10 @@
+select i2.identity_public_id as impersonator_public_id
+       , i3.identity_public_id as target_public_id
+       , i.created_at
+from secd.impersonator i
+join secd.identity i2 on i.impersonator_id = i2.identity_id
+join secd.identity i3 on i.target_id = i3.identity_id
+join secd.credential c using (credential_id)
+where (($1::uuid is null) or (i2.identity_public_id = $1))
+and (($2::uuid is null) or (i3.identity_public_id = $2))
+and c.revoked_at > $3;
diff --git a/crates/secd/store/pg/sql/write_impersonator.sql b/crates/secd/store/pg/sql/write_impersonator.sql
new file mode 100644
index 0000000..b67b738
--- /dev/null
+++ b/crates/secd/store/pg/sql/write_impersonator.sql
@@ -0,0 +1,11 @@
+insert into secd.impersonator (
+    impersonator_id
+    , target_id
+    , credential_id
+    , created_at
+) values (
+  (select identity_id from secd.identity where identity_public_id = $1)
+  , (select identity_id from secd.identity where identity_public_id = $2)
+  , (select credential_id from secd.credential where credential_public_id = $3)
+  , $4
+);