diff options
| author | benj <benj@rse8.com> | 2023-05-22 15:47:06 -0700 |
|---|---|---|
| committer | benj <benj@rse8.com> | 2023-05-22 15:47:06 -0700 |
| commit | ed34a5251f13bbded0aa15719887db4924b351eb (patch) | |
| tree | 9719d805e915f4483d5db3e5e612e8b4cf5c702c /crates/secd/store/pg | |
| parent | eb92f823c31a5e702af7005231f0d6915aad3342 (diff) | |
| download | secdiam-ed34a5251f13bbded0aa15719887db4924b351eb.tar secdiam-ed34a5251f13bbded0aa15719887db4924b351eb.tar.gz secdiam-ed34a5251f13bbded0aa15719887db4924b351eb.tar.bz2 secdiam-ed34a5251f13bbded0aa15719887db4924b351eb.tar.lz secdiam-ed34a5251f13bbded0aa15719887db4924b351eb.tar.xz secdiam-ed34a5251f13bbded0aa15719887db4924b351eb.tar.zst secdiam-ed34a5251f13bbded0aa15719887db4924b351eb.zip | |
update credential API to include sessions
This change updates the credential API to include sessions as just another
credential type. It adds the ApiToken type and enables revocation of
credentials. Updates were also made to the Identity API which now includes a
list of new credentials added to an Identity.
This change also migrates off the hacky ENV configuration paradigm and includes
a new config.toml file specified by the SECD_CONFIG_PATH env var. No default is
currently provided.
Clippy updates and code cleanup.
Diffstat (limited to 'crates/secd/store/pg')
| -rw-r--r-- | crates/secd/store/pg/migrations/20221222002434_bootstrap.sql | 5 | ||||
| -rw-r--r-- | crates/secd/store/pg/sql/find_credential.sql | 2 | ||||
| -rw-r--r-- | crates/secd/store/pg/sql/find_identity.sql | 2 | ||||
| -rw-r--r-- | crates/secd/store/pg/sql/find_session.sql | 11 | ||||
| -rw-r--r-- | crates/secd/store/pg/sql/write_credential.sql | 4 | ||||
| -rw-r--r-- | crates/secd/store/pg/sql/write_identity.sql | 3 | ||||
| -rw-r--r-- | crates/secd/store/pg/sql/write_session.sql | 11 |
7 files changed, 8 insertions, 30 deletions
diff --git a/crates/secd/store/pg/migrations/20221222002434_bootstrap.sql b/crates/secd/store/pg/migrations/20221222002434_bootstrap.sql index 0cf3fa0..0fd423e 100644 --- a/crates/secd/store/pg/migrations/20221222002434_bootstrap.sql +++ b/crates/secd/store/pg/migrations/20221222002434_bootstrap.sql @@ -36,11 +36,10 @@ create table if not exists secd.credential ( , created_at timestamptz not null , revoked_at timestamptz , deleted_at timestamptz + , unique(partial_key) ); -create unique index if not exists credential_passphrase_type_key_ix -on secd.credential (partial_key) -where type = 'Passphrase'; +create unique index if not exists credential_partial_key_type_key_ix on secd.credential (partial_key); create table if not exists secd.address ( address_id bigserial primary key diff --git a/crates/secd/store/pg/sql/find_credential.sql b/crates/secd/store/pg/sql/find_credential.sql index e30c0ea..1736500 100644 --- a/crates/secd/store/pg/sql/find_credential.sql +++ b/crates/secd/store/pg/sql/find_credential.sql @@ -9,4 +9,4 @@ join secd.identity i using (identity_id) where (($1::uuid is null) or (c.credential_public_id = $1)) and (($2::uuid is null) or (i.identity_public_id = $2)) and (($3::text is null) or (c.type = $3)) -and (($3::text is null or $4::text is null) or (c.data->$3->>'key' = $4)) +and (($3::text is null or $4::text is null) or (c.partial_key = $4)) diff --git a/crates/secd/store/pg/sql/find_identity.sql b/crates/secd/store/pg/sql/find_identity.sql index 37105cb..41c8518 100644 --- a/crates/secd/store/pg/sql/find_identity.sql +++ b/crates/secd/store/pg/sql/find_identity.sql @@ -7,9 +7,7 @@ select distinct from secd.identity i left join secd.address_validation av using (identity_id) left join secd.address a using (address_id) -left join secd.session s using (identity_id) where (($1::uuid is null) or (i.identity_public_id = $1)) and (($2::text is null) or (a.value = $2)) and (($3::bool is null) or (($3::bool is true) and (av.validated_at is not null))) -and (($4::bytea is null) or (s.token_hash = $4)) and i.deleted_at is null; diff --git a/crates/secd/store/pg/sql/find_session.sql b/crates/secd/store/pg/sql/find_session.sql deleted file mode 100644 index ca58480..0000000 --- a/crates/secd/store/pg/sql/find_session.sql +++ /dev/null @@ -1,11 +0,0 @@ -select distinct - i.identity_public_id - , s.created_at - , s.expired_at - , s.revoked_at -from secd.session s -join secd.identity i using (identity_id) -where (($1::bytea is null) or (s.token_hash = $1)) -and (($2::uuid is null) or (i.identity_public_id = $2)) -and (($3::timestamptz is null) or (s.expired_at > $3)) -and ((revoked_at is null) or ($4::timestamptz is null) or (s.revoked_at > $4)); diff --git a/crates/secd/store/pg/sql/write_credential.sql b/crates/secd/store/pg/sql/write_credential.sql index 17e03a2..ecaf523 100644 --- a/crates/secd/store/pg/sql/write_credential.sql +++ b/crates/secd/store/pg/sql/write_credential.sql @@ -16,4 +16,6 @@ insert into secd.credential ( , $6 , $7 , $8 -); +) on conflict (partial_key) do update + set revoked_at = excluded.revoked_at + , deleted_at = excluded.deleted_at; diff --git a/crates/secd/store/pg/sql/write_identity.sql b/crates/secd/store/pg/sql/write_identity.sql index 4b2745b..e86d2f5 100644 --- a/crates/secd/store/pg/sql/write_identity.sql +++ b/crates/secd/store/pg/sql/write_identity.sql @@ -9,4 +9,5 @@ insert into secd.identity ( ) on conflict (identity_public_id) do update set data = excluded.data , updated_at = excluded.updated_at - , deleted_at = excluded.deleted_at; + , deleted_at = excluded.deleted_at +returning (xmax = 0); diff --git a/crates/secd/store/pg/sql/write_session.sql b/crates/secd/store/pg/sql/write_session.sql deleted file mode 100644 index aa9c0a1..0000000 --- a/crates/secd/store/pg/sql/write_session.sql +++ /dev/null @@ -1,11 +0,0 @@ -insert into secd.session ( - identity_id - , token_hash - , created_at - , expired_at - , revoked_at -) values ( - (select identity_id from secd.identity where identity_public_id = $1) - , $2, $3, $4, $5 -) on conflict (token_hash) do update - set revoked_at = excluded.revoked_at; |