Use dynamic filters on upstream OAuth 2.0 providers

2025-07-31 09:24:31 +03:00 · 2024-07-16 17:00:47 +02:00
parent 7c2c310cac
commit 112f673e22
2 changed files with 23 additions and 21 deletions
--- a/crates/storage-pg/.sqlx/query-9aa8fa3a6277f67b2bf5a5ea5429a61e7997ff4f3e8d0dc772448a1f97e1e390.json
+++ b/crates/storage-pg/.sqlx/query-9aa8fa3a6277f67b2bf5a5ea5429a61e7997ff4f3e8d0dc772448a1f97e1e390.json
@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "\n                INSERT INTO upstream_oauth_providers (\n                    upstream_oauth_provider_id,\n                    issuer,\n                    human_name,\n                    brand_name,\n                    scope,\n                    token_endpoint_auth_method,\n                    token_endpoint_signing_alg,\n                    client_id,\n                    encrypted_client_secret,\n                    claims_imports,\n                    authorization_endpoint_override,\n                    token_endpoint_override,\n                    jwks_uri_override,\n                    discovery_mode,\n                    pkce_mode,\n                    additional_parameters,\n                    created_at\n                ) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9,\n                          $10, $11, $12, $13, $14, $15, $16, $17)\n                ON CONFLICT (upstream_oauth_provider_id) \n                    DO UPDATE\n                    SET\n                        issuer = EXCLUDED.issuer,\n                        human_name = EXCLUDED.human_name,\n                        brand_name = EXCLUDED.brand_name,\n                        scope = EXCLUDED.scope,\n                        token_endpoint_auth_method = EXCLUDED.token_endpoint_auth_method,\n                        token_endpoint_signing_alg = EXCLUDED.token_endpoint_signing_alg,\n                        disabled_at = NULL,\n                        client_id = EXCLUDED.client_id,\n                        encrypted_client_secret = EXCLUDED.encrypted_client_secret,\n                        claims_imports = EXCLUDED.claims_imports,\n                        authorization_endpoint_override = EXCLUDED.authorization_endpoint_override,\n                        token_endpoint_override = EXCLUDED.token_endpoint_override,\n                        jwks_uri_override = EXCLUDED.jwks_uri_override,\n                        discovery_mode = EXCLUDED.discovery_mode,\n                        pkce_mode = EXCLUDED.pkce_mode,\n                        additional_parameters = EXCLUDED.additional_parameters\n                RETURNING created_at\n            ",
+  "query": "\n                INSERT INTO upstream_oauth_providers (\n                    upstream_oauth_provider_id,\n                    issuer,\n                    human_name,\n                    brand_name,\n                    scope,\n                    token_endpoint_auth_method,\n                    token_endpoint_signing_alg,\n                    client_id,\n                    encrypted_client_secret,\n                    claims_imports,\n                    authorization_endpoint_override,\n                    token_endpoint_override,\n                    jwks_uri_override,\n                    discovery_mode,\n                    pkce_mode,\n                    additional_parameters,\n                    created_at\n                ) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9,\n                          $10, $11, $12, $13, $14, $15, $16, $17)\n                ON CONFLICT (upstream_oauth_provider_id)\n                    DO UPDATE\n                    SET\n                        issuer = EXCLUDED.issuer,\n                        human_name = EXCLUDED.human_name,\n                        brand_name = EXCLUDED.brand_name,\n                        scope = EXCLUDED.scope,\n                        token_endpoint_auth_method = EXCLUDED.token_endpoint_auth_method,\n                        token_endpoint_signing_alg = EXCLUDED.token_endpoint_signing_alg,\n                        disabled_at = NULL,\n                        client_id = EXCLUDED.client_id,\n                        encrypted_client_secret = EXCLUDED.encrypted_client_secret,\n                        claims_imports = EXCLUDED.claims_imports,\n                        authorization_endpoint_override = EXCLUDED.authorization_endpoint_override,\n                        token_endpoint_override = EXCLUDED.token_endpoint_override,\n                        jwks_uri_override = EXCLUDED.jwks_uri_override,\n                        discovery_mode = EXCLUDED.discovery_mode,\n                        pkce_mode = EXCLUDED.pkce_mode,\n                        additional_parameters = EXCLUDED.additional_parameters\n                RETURNING created_at\n            ",
  "describe": {
    "columns": [
      {
@ -34,5 +34,5 @@
      false
    ]
  },
-  "hash": "94fd87e99088671b6a20bb7b9a3838ecce8df564257b348adf22f2e9356e6dae"
+  "hash": "9aa8fa3a6277f67b2bf5a5ea5429a61e7997ff4f3e8d0dc772448a1f97e1e390"
 }
--- a/crates/storage-pg/src/upstream_oauth2/provider.rs
+++ b/crates/storage-pg/src/upstream_oauth2/provider.rs
@ -31,8 +31,11 @@ use ulid::Ulid;
 use uuid::Uuid;

 use crate::{
-    iden::UpstreamOAuthProviders, pagination::QueryBuilderExt, tracing::ExecuteExt, DatabaseError,
-    DatabaseInconsistencyError,
+    filter::{Filter, StatementExt},
+    iden::UpstreamOAuthProviders,
+    pagination::QueryBuilderExt,
+    tracing::ExecuteExt,
+    DatabaseError, DatabaseInconsistencyError,
 };

 /// An implementation of [`UpstreamOAuthProviderRepository`] for a PostgreSQL
@ -174,6 +177,19 @@ impl TryFrom<ProviderLookup> for UpstreamOAuthProvider {
    }
 }

+impl Filter for UpstreamOAuthProviderFilter<'_> {
+    fn generate_condition(&self, _has_joins: bool) -> impl sea_query::IntoCondition {
+        sea_query::Condition::all().add_option(self.enabled().map(|enabled| {
+            Expr::col((
+                UpstreamOAuthProviders::Table,
+                UpstreamOAuthProviders::DisabledAt,
+            ))
+            .is_null()
+            .eq(enabled)
+        }))
+    }
+}
+
 #[async_trait]
 impl<'c> UpstreamOAuthProviderRepository for PgUpstreamOAuthProviderRepository<'c> {
    type Error = DatabaseError;
@ -429,7 +445,7 @@ impl<'c> UpstreamOAuthProviderRepository for PgUpstreamOAuthProviderRepository<'
                    created_at
                ) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9,
                          $10, $11, $12, $13, $14, $15, $16, $17)
-                ON CONFLICT (upstream_oauth_provider_id) 
+                ON CONFLICT (upstream_oauth_provider_id)
                    DO UPDATE
                    SET
                        issuer = EXCLUDED.issuer,
@ -676,14 +692,7 @@ impl<'c> UpstreamOAuthProviderRepository for PgUpstreamOAuthProviderRepository<'
                ProviderLookupIden::AdditionalParameters,
            )
            .from(UpstreamOAuthProviders::Table)
-            .and_where_option(filter.enabled().map(|enabled| {
-                Expr::col((
-                    UpstreamOAuthProviders::Table,
-                    UpstreamOAuthProviders::DisabledAt,
-                ))
-                .is_null()
-                .eq(enabled)
-            }))
+            .apply_filter(filter)
            .generate_pagination(
                (
                    UpstreamOAuthProviders::Table,
@ -726,14 +735,7 @@ impl<'c> UpstreamOAuthProviderRepository for PgUpstreamOAuthProviderRepository<'
                .count(),
            )
            .from(UpstreamOAuthProviders::Table)
-            .and_where_option(filter.enabled().map(|enabled| {
-                Expr::col((
-                    UpstreamOAuthProviders::Table,
-                    UpstreamOAuthProviders::DisabledAt,
-                ))
-                .is_null()
-                .eq(enabled)
-            }))
+            .apply_filter(filter)
            .build_sqlx(PostgresQueryBuilder);

        let count: i64 = sqlx::query_scalar_with(&sql, arguments)