matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-29 22:01:14 +03:00
Code Activity

storage: user and user email repository

Browse Source
This commit is contained in:
Quentin Gliech
2023-01-02 15:28:44 +01:00
parent 870a37151f
commit 13a9d03647
26 changed files with 2148 additions and 2424 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
crates/storage/src/compat.rs
View File

@ -15,7 +15,7 @@
use chrono::{DateTime, Duration, Utc};
use mas_data_model::{
CompatAccessToken, CompatRefreshToken, CompatSession, CompatSsoLogin, CompatSsoLoginState,
Device, User, UserEmail,
Device, User,
};
use rand::Rng;
use sqlx::{Acquire, PgExecutor, Postgres, QueryBuilder};
@ -40,10 +40,7 @@ struct CompatAccessTokenLookup {
compat_session_device_id: String,
user_id: Uuid,
user_username: String,
user_email_id: Option<Uuid>,
user_email: Option<String>,
user_email_created_at: Option<DateTime<Utc>>,
user_email_confirmed_at: Option<DateTime<Utc>>,
user_primary_user_email_id: Option<Uuid>,
}
#[tracing::instrument(skip_all, err)]
@ -66,18 +63,13 @@ pub async fn lookup_active_compat_access_token(
cs.device_id AS "compat_session_device_id",
u.user_id AS "user_id!",
u.username AS "user_username!",
ue.user_email_id AS "user_email_id?",
ue.email AS "user_email?",
ue.created_at AS "user_email_created_at?",
ue.confirmed_at AS "user_email_confirmed_at?"
u.primary_user_email_id AS "user_primary_user_email_id"
FROM compat_access_tokens ct
INNER JOIN compat_sessions cs
USING (compat_session_id)
INNER JOIN users u
USING (user_id)
LEFT JOIN user_emails ue
ON ue.user_email_id = u.primary_user_email_id
WHERE ct.access_token = $1
AND (ct.expires_at < $2 OR ct.expires_at IS NULL)
@ -101,32 +93,11 @@ pub async fn lookup_active_compat_access_token(
};
let user_id = Ulid::from(res.user_id);
let primary_email = match (
res.user_email_id,
res.user_email,
res.user_email_created_at,
res.user_email_confirmed_at,
) {
(Some(id), Some(email), Some(created_at), confirmed_at) => Some(UserEmail {
id: id.into(),
email,
created_at,
confirmed_at,
}),
(None, None, None, None) => None,
_ => {
return Err(DatabaseInconsistencyError::on("compat_sessions")
.column("user_id")
.row(user_id)
.into())
}
};
let user = User {
id: user_id,
username: res.user_username,
sub: user_id.to_string(),
primary_email,
primary_user_email_id: res.user_primary_user_email_id.map(Into::into),
};
let id = res.compat_session_id.into();
@ -162,10 +133,7 @@ pub struct CompatRefreshTokenLookup {
compat_session_device_id: String,
user_id: Uuid,
user_username: String,
user_email_id: Option<Uuid>,
user_email: Option<String>,
user_email_created_at: Option<DateTime<Utc>>,
user_email_confirmed_at: Option<DateTime<Utc>>,
user_primary_user_email_id: Option<Uuid>,
}
#[tracing::instrument(skip_all, err)]
@ -191,10 +159,7 @@ pub async fn lookup_active_compat_refresh_token(
cs.device_id AS "compat_session_device_id",
u.user_id,
u.username AS "user_username!",
ue.user_email_id AS "user_email_id?",
ue.email AS "user_email?",
ue.created_at AS "user_email_created_at?",
ue.confirmed_at AS "user_email_confirmed_at?"
u.primary_user_email_id AS "user_primary_user_email_id"
FROM compat_refresh_tokens cr
INNER JOIN compat_sessions cs
@ -203,8 +168,6 @@ pub async fn lookup_active_compat_refresh_token(
USING (compat_access_token_id)
INNER JOIN users u
USING (user_id)
LEFT JOIN user_emails ue
ON ue.user_email_id = u.primary_user_email_id
WHERE cr.refresh_token = $1
AND cr.consumed_at IS NULL
@ -233,32 +196,11 @@ pub async fn lookup_active_compat_refresh_token(
};
let user_id = Ulid::from(res.user_id);
let primary_email = match (
res.user_email_id,
res.user_email,
res.user_email_created_at,
res.user_email_confirmed_at,
) {
(Some(id), Some(email), Some(created_at), confirmed_at) => Some(UserEmail {
id: id.into(),
email,
created_at,
confirmed_at,
}),
(None, None, None, None) => None,
_ => {
return Err(DatabaseInconsistencyError::on("users")
.column("primary_user_email_id")
.row(user_id)
.into())
}
};
let user = User {
id: user_id,
username: res.user_username,
sub: user_id.to_string(),
primary_email,
primary_user_email_id: res.user_primary_user_email_id.map(Into::into),
};
let session_id = res.compat_session_id.into();
@ -528,10 +470,7 @@ struct CompatSsoLoginLookup {
compat_session_device_id: Option<String>,
user_id: Option<Uuid>,
user_username: Option<String>,
user_email_id: Option<Uuid>,
user_email: Option<String>,
user_email_created_at: Option<DateTime<Utc>>,
user_email_confirmed_at: Option<DateTime<Utc>>,
user_primary_user_email_id: Option<Uuid>,
}
impl TryFrom<CompatSsoLoginLookup> for CompatSsoLogin {
@ -546,32 +485,18 @@ impl TryFrom<CompatSsoLoginLookup> for CompatSsoLogin {
.source(e)
})?;
let primary_email = match (
res.user_email_id,
res.user_email,
res.user_email_created_at,
res.user_email_confirmed_at,
let user = match (
res.user_id,
res.user_username,
res.user_primary_user_email_id,
) {
(Some(id), Some(email), Some(created_at), confirmed_at) => Some(UserEmail {
id: id.into(),
email,
created_at,
confirmed_at,
}),
(None, None, None, None) => None,
_ => {
return Err(DatabaseInconsistencyError::on("users").column("primary_user_email_id"))
}
};
let user = match (res.user_id, res.user_username, primary_email) {
(Some(id), Some(username), primary_email) => {
(Some(id), Some(username), primary_email_id) => {
let id = Ulid::from(id);
Some(User {
id,
username,
sub: id.to_string(),
primary_email,
primary_user_email_id: primary_email_id.map(Into::into),
})
}
@ -667,17 +592,12 @@ pub async fn get_compat_sso_login_by_id(
cs.device_id AS "compat_session_device_id?",
u.user_id AS "user_id?",
u.username AS "user_username?",
ue.user_email_id AS "user_email_id?",
ue.email AS "user_email?",
ue.created_at AS "user_email_created_at?",
ue.confirmed_at AS "user_email_confirmed_at?"
u.primary_user_email_id AS "user_primary_user_email_id?"
FROM compat_sso_logins cl
LEFT JOIN compat_sessions cs
USING (compat_session_id)
LEFT JOIN users u
USING (user_id)
LEFT JOIN user_emails ue
ON ue.user_email_id = u.primary_user_email_id
WHERE cl.compat_sso_login_id = $1
"#,
Uuid::from(id),
@ -725,17 +645,12 @@ pub async fn get_paginated_user_compat_sso_logins(
cs.device_id AS "compat_session_device_id",
u.user_id AS "user_id",
u.username AS "user_username",
ue.user_email_id AS "user_email_id",
ue.email AS "user_email",
ue.created_at AS "user_email_created_at",
ue.confirmed_at AS "user_email_confirmed_at"
u.primary_user_email_id AS "user_primary_user_email_id?"
FROM compat_sso_logins cl
LEFT JOIN compat_sessions cs
USING (compat_session_id)
LEFT JOIN users u
USING (user_id)
LEFT JOIN user_emails ue
ON ue.user_email_id = u.primary_user_email_id
"#,
);
@ -781,17 +696,12 @@ pub async fn get_compat_sso_login_by_token(
cs.device_id AS "compat_session_device_id?",
u.user_id AS "user_id?",
u.username AS "user_username?",
ue.user_email_id AS "user_email_id?",
ue.email AS "user_email?",
ue.created_at AS "user_email_created_at?",
ue.confirmed_at AS "user_email_confirmed_at?"
u.primary_user_email_id AS "user_primary_user_email_id?"
FROM compat_sso_logins cl
LEFT JOIN compat_sessions cs
USING (compat_session_id)
LEFT JOIN users u
USING (user_id)
LEFT JOIN user_emails ue
ON ue.user_email_id = u.primary_user_email_id
WHERE cl.login_token = $1
"#,
token,

2
crates/storage/src/lib.rs
View File

@ -161,7 +161,7 @@ impl DatabaseInconsistencyError {
}
}
#[derive(Default, Debug, Clone, Copy)]
#[derive(Default, Debug, Clone)]
pub struct Clock {
_private: (),
}

64
crates/storage/src/oauth2/access_token.rs
View File

@ -13,7 +13,7 @@
// limitations under the License.
use chrono::{DateTime, Duration, Utc};
use mas_data_model::{AccessToken, Authentication, BrowserSession, Session, User, UserEmail};
use mas_data_model::{AccessToken, Authentication, BrowserSession, Session, User};
use rand::Rng;
use sqlx::{PgConnection, PgExecutor};
use ulid::Ulid;
@ -84,12 +84,9 @@ pub struct OAuth2AccessTokenLookup {
user_session_created_at: DateTime<Utc>,
user_id: Uuid,
user_username: String,
user_primary_user_email_id: Option<Uuid>,
user_session_last_authentication_id: Option<Uuid>,
user_session_last_authentication_created_at: Option<DateTime<Utc>>,
user_email_id: Option<Uuid>,
user_email: Option<String>,
user_email_created_at: Option<DateTime<Utc>>,
user_email_confirmed_at: Option<DateTime<Utc>>,
}
#[allow(clippy::too_many_lines)]
@ -100,24 +97,20 @@ pub async fn lookup_active_access_token(
let res = sqlx::query_as!(
OAuth2AccessTokenLookup,
r#"
SELECT
at.oauth2_access_token_id,
at.access_token AS "oauth2_access_token",
at.created_at AS "oauth2_access_token_created_at",
at.expires_at AS "oauth2_access_token_expires_at",
os.oauth2_session_id AS "oauth2_session_id!",
os.oauth2_client_id AS "oauth2_client_id!",
os.scope AS "scope!",
us.user_session_id AS "user_session_id!",
us.created_at AS "user_session_created_at!",
u.user_id AS "user_id!",
u.username AS "user_username!",
usa.user_session_authentication_id AS "user_session_last_authentication_id?",
usa.created_at AS "user_session_last_authentication_created_at?",
ue.user_email_id AS "user_email_id?",
ue.email AS "user_email?",
ue.created_at AS "user_email_created_at?",
ue.confirmed_at AS "user_email_confirmed_at?"
SELECT at.oauth2_access_token_id
, at.access_token AS "oauth2_access_token"
, at.created_at AS "oauth2_access_token_created_at"
, at.expires_at AS "oauth2_access_token_expires_at"
, os.oauth2_session_id AS "oauth2_session_id!"
, os.oauth2_client_id AS "oauth2_client_id!"
, os.scope AS "scope!"
, us.user_session_id AS "user_session_id!"
, us.created_at AS "user_session_created_at!"
, u.user_id AS "user_id!"
, u.username AS "user_username!"
, u.primary_user_email_id AS "user_primary_user_email_id"
, usa.user_session_authentication_id AS "user_session_last_authentication_id?"
, usa.created_at AS "user_session_last_authentication_created_at?"
FROM oauth2_access_tokens at
INNER JOIN oauth2_sessions os
@ -128,8 +121,6 @@ pub async fn lookup_active_access_token(
USING (user_id)
LEFT JOIN user_session_authentications usa
USING (user_session_id)
LEFT JOIN user_emails ue
ON ue.user_email_id = u.primary_user_email_id
WHERE at.access_token = $1
AND at.revoked_at IS NULL
@ -162,32 +153,11 @@ pub async fn lookup_active_access_token(
})?;
let user_id = Ulid::from(res.user_id);
let primary_email = match (
res.user_email_id,
res.user_email,
res.user_email_created_at,
res.user_email_confirmed_at,
) {
(Some(id), Some(email), Some(created_at), confirmed_at) => Some(UserEmail {
id: id.into(),
email,
created_at,
confirmed_at,
}),
(None, None, None, None) => None,
_ => {
return Err(DatabaseInconsistencyError::on("users")
.column("primary_user_email_id")
.row(user_id)
.into())
}
};
let user = User {
id: user_id,
username: res.user_username,
sub: user_id.to_string(),
primary_email,
primary_user_email_id: res.user_primary_user_email_id.map(Into::into),
};
let last_authentication = match (

51
crates/storage/src/oauth2/authorization_grant.rs
View File

@ -17,7 +17,7 @@ use std::num::NonZeroU32;
use chrono::{DateTime, Utc};
use mas_data_model::{
Authentication, AuthorizationCode, AuthorizationGrant, AuthorizationGrantStage, BrowserSession,
Client, Pkce, Session, User, UserEmail,
Client, Pkce, Session, User,
};
use mas_iana::oauth::PkceCodeChallengeMethod;
use oauth2_types::{requests::ResponseMode, scope::Scope};
@ -154,12 +154,9 @@ struct GrantLookup {
user_session_created_at: Option<DateTime<Utc>>,
user_id: Option<Uuid>,
user_username: Option<String>,
user_primary_user_email_id: Option<Uuid>,
user_session_last_authentication_id: Option<Uuid>,
user_session_last_authentication_created_at: Option<DateTime<Utc>>,
user_email_id: Option<Uuid>,
user_email: Option<String>,
user_email_created_at: Option<DateTime<Utc>>,
user_email_confirmed_at: Option<DateTime<Utc>>,
}
impl GrantLookup {
@ -197,34 +194,14 @@ impl GrantLookup {
_ => return Err(DatabaseInconsistencyError::on("user_session_authentications").into()),
};
let primary_email = match (
self.user_email_id,
self.user_email,
self.user_email_created_at,
self.user_email_confirmed_at,
) {
(Some(id), Some(email), Some(created_at), confirmed_at) => Some(UserEmail {
id: id.into(),
email,
created_at,
confirmed_at,
}),
(None, None, None, None) => None,
_ => {
return Err(DatabaseInconsistencyError::on("users")
.column("primary_user_email_id")
.into())
}
};
let session = match (
self.oauth2_session_id,
self.user_session_id,
self.user_session_created_at,
self.user_id,
self.user_username,
self.user_primary_user_email_id,
last_authentication,
primary_email,
) {
(
Some(session_id),
@ -232,15 +209,15 @@ impl GrantLookup {
Some(user_session_created_at),
Some(user_id),
Some(user_username),
user_primary_user_email_id,
last_authentication,
primary_email,
) => {
let user_id = Ulid::from(user_id);
let user = User {
id: user_id,
username: user_username,
sub: user_id.to_string(),
primary_email,
primary_user_email_id: user_primary_user_email_id.map(Into::into),
};
let browser_session = BrowserSession {
@ -439,12 +416,9 @@ pub async fn get_grant_by_id(
us.created_at AS "user_session_created_at?",
u.user_id AS "user_id?",
u.username AS "user_username?",
u.primary_user_email_id AS "user_primary_user_email_id?",
usa.user_session_authentication_id AS "user_session_last_authentication_id?",
usa.created_at AS "user_session_last_authentication_created_at?",
ue.user_email_id AS "user_email_id?",
ue.email AS "user_email?",
ue.created_at AS "user_email_created_at?",
ue.confirmed_at AS "user_email_confirmed_at?"
usa.created_at AS "user_session_last_authentication_created_at?"
FROM
oauth2_authorization_grants og
LEFT JOIN oauth2_sessions os
@ -455,8 +429,6 @@ pub async fn get_grant_by_id(
USING (user_id)
LEFT JOIN user_session_authentications usa
USING (user_session_id)
LEFT JOIN user_emails ue
ON ue.user_email_id = u.primary_user_email_id
WHERE og.oauth2_authorization_grant_id = $1
@ -508,12 +480,9 @@ pub async fn lookup_grant_by_code(
us.created_at AS "user_session_created_at?",
u.user_id AS "user_id?",
u.username AS "user_username?",
u.primary_user_email_id AS "user_primary_user_email_id?",
usa.user_session_authentication_id AS "user_session_last_authentication_id?",
usa.created_at AS "user_session_last_authentication_created_at?",
ue.user_email_id AS "user_email_id?",
ue.email AS "user_email?",
ue.created_at AS "user_email_created_at?",
ue.confirmed_at AS "user_email_confirmed_at?"
usa.created_at AS "user_session_last_authentication_created_at?"
FROM
oauth2_authorization_grants og
LEFT JOIN oauth2_sessions os
@ -524,8 +493,6 @@ pub async fn lookup_grant_by_code(
USING (user_id)
LEFT JOIN user_session_authentications usa
USING (user_session_id)
LEFT JOIN user_emails ue
ON ue.user_email_id = u.primary_user_email_id
WHERE og.authorization_code = $1

39
crates/storage/src/oauth2/refresh_token.rs
View File

@ -13,9 +13,7 @@
// limitations under the License.
use chrono::{DateTime, Utc};
use mas_data_model::{
AccessToken, Authentication, BrowserSession, RefreshToken, Session, User, UserEmail,
};
use mas_data_model::{AccessToken, Authentication, BrowserSession, RefreshToken, Session, User};
use rand::Rng;
use sqlx::{PgConnection, PgExecutor};
use ulid::Ulid;
@ -87,12 +85,9 @@ struct OAuth2RefreshTokenLookup {
user_session_created_at: DateTime<Utc>,
user_id: Uuid,
user_username: String,
user_primary_user_email_id: Option<Uuid>,
user_session_last_authentication_id: Option<Uuid>,
user_session_last_authentication_created_at: Option<DateTime<Utc>>,
user_email_id: Option<Uuid>,
user_email: Option<String>,
user_email_created_at: Option<DateTime<Utc>>,
user_email_confirmed_at: Option<DateTime<Utc>>,
}
#[tracing::instrument(skip_all, err)]
@ -119,12 +114,9 @@ pub async fn lookup_active_refresh_token(
us.created_at AS "user_session_created_at!",
u.user_id AS "user_id!",
u.username AS "user_username!",
u.primary_user_email_id AS "user_primary_user_email_id",
usa.user_session_authentication_id AS "user_session_last_authentication_id?",
usa.created_at AS "user_session_last_authentication_created_at?",
ue.user_email_id AS "user_email_id?",
ue.email AS "user_email?",
ue.created_at AS "user_email_created_at?",
ue.confirmed_at AS "user_email_confirmed_at?"
usa.created_at AS "user_session_last_authentication_created_at?"
FROM oauth2_refresh_tokens rt
INNER JOIN oauth2_sessions os
USING (oauth2_session_id)
@ -190,32 +182,11 @@ pub async fn lookup_active_refresh_token(
})?;
let user_id = Ulid::from(res.user_id);
let primary_email = match (
res.user_email_id,
res.user_email,
res.user_email_created_at,
res.user_email_confirmed_at,
) {
(Some(id), Some(email), Some(created_at), confirmed_at) => Some(UserEmail {
id: id.into(),
email,
created_at,
confirmed_at,
}),
(None, None, None, None) => None,
_ => {
return Err(DatabaseInconsistencyError::on("users")
.column("primary_user_email_id")
.row(user_id)
.into())
}
};
let user = User {
id: user_id,
username: res.user_username,
sub: user_id.to_string(),
primary_email,
primary_user_email_id: res.user_primary_user_email_id.map(Into::into),
};
let last_authentication = match (

39
crates/storage/src/repository.rs
View File

@ -14,9 +14,12 @@
use sqlx::{PgConnection, Postgres, Transaction};
use crate::upstream_oauth2::{
PgUpstreamOAuthLinkRepository, PgUpstreamOAuthProviderRepository,
PgUpstreamOAuthSessionRepository,
use crate::{
upstream_oauth2::{
PgUpstreamOAuthLinkRepository, PgUpstreamOAuthProviderRepository,
PgUpstreamOAuthSessionRepository,
},
user::{PgUserEmailRepository, PgUserRepository},
};
pub trait Repository {
@ -32,15 +35,27 @@ pub trait Repository {
where
Self: 'c;
type UserRepository<'c>
where
Self: 'c;
type UserEmailRepository<'c>
where
Self: 'c;
fn upstream_oauth_link(&mut self) -> Self::UpstreamOAuthLinkRepository<'_>;
fn upstream_oauth_provider(&mut self) -> Self::UpstreamOAuthProviderRepository<'_>;
fn upstream_oauth_session(&mut self) -> Self::UpstreamOAuthSessionRepository<'_>;
fn user(&mut self) -> Self::UserRepository<'_>;
fn user_email(&mut self) -> Self::UserEmailRepository<'_>;
}
impl Repository for PgConnection {
type UpstreamOAuthLinkRepository<'c> = PgUpstreamOAuthLinkRepository<'c> where Self: 'c;
type UpstreamOAuthProviderRepository<'c> = PgUpstreamOAuthProviderRepository<'c> where Self: 'c;
type UpstreamOAuthSessionRepository<'c> = PgUpstreamOAuthSessionRepository<'c> where Self: 'c;
type UserRepository<'c> = PgUserRepository<'c> where Self: 'c;
type UserEmailRepository<'c> = PgUserEmailRepository<'c> where Self: 'c;
fn upstream_oauth_link(&mut self) -> Self::UpstreamOAuthLinkRepository<'_> {
PgUpstreamOAuthLinkRepository::new(self)
@ -53,12 +68,22 @@ impl Repository for PgConnection {
fn upstream_oauth_session(&mut self) -> Self::UpstreamOAuthSessionRepository<'_> {
PgUpstreamOAuthSessionRepository::new(self)
}
fn user(&mut self) -> Self::UserRepository<'_> {
PgUserRepository::new(self)
}
fn user_email(&mut self) -> Self::UserEmailRepository<'_> {
PgUserEmailRepository::new(self)
}
}
impl<'t> Repository for Transaction<'t, Postgres> {
type UpstreamOAuthLinkRepository<'c> = PgUpstreamOAuthLinkRepository<'c> where Self: 'c;
type UpstreamOAuthProviderRepository<'c> = PgUpstreamOAuthProviderRepository<'c> where Self: 'c;
type UpstreamOAuthSessionRepository<'c> = PgUpstreamOAuthSessionRepository<'c> where Self: 'c;
type UserRepository<'c> = PgUserRepository<'c> where Self: 'c;
type UserEmailRepository<'c> = PgUserEmailRepository<'c> where Self: 'c;
fn upstream_oauth_link(&mut self) -> Self::UpstreamOAuthLinkRepository<'_> {
PgUpstreamOAuthLinkRepository::new(self)
@ -71,4 +96,12 @@ impl<'t> Repository for Transaction<'t, Postgres> {
fn upstream_oauth_session(&mut self) -> Self::UpstreamOAuthSessionRepository<'_> {
PgUpstreamOAuthSessionRepository::new(self)
}
fn user(&mut self) -> Self::UserRepository<'_> {
PgUserRepository::new(self)
}
fn user_email(&mut self) -> Self::UserEmailRepository<'_> {
PgUserEmailRepository::new(self)
}
}

555
crates/storage/src/user/email.rs Normal file
View File

@ -0,0 +1,555 @@
// Copyright 2022 The Matrix.org Foundation C.I.C.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
use async_trait::async_trait;
use chrono::{DateTime, Utc};
use mas_data_model::{User, UserEmail, UserEmailVerification, UserEmailVerificationState};
use rand::RngCore;
use sqlx::{PgConnection, QueryBuilder};
use ulid::Ulid;
use uuid::Uuid;
use crate::{
pagination::{process_page, Page, QueryBuilderExt},
Clock, DatabaseError, DatabaseInconsistencyError, LookupResultExt,
};
#[async_trait]
pub trait UserEmailRepository: Send + Sync {
type Error;
async fn lookup(&mut self, id: Ulid) -> Result<Option<UserEmail>, Self::Error>;
async fn find(&mut self, user: &User, email: &str) -> Result<Option<UserEmail>, Self::Error>;
async fn get_primary(&mut self, user: &User) -> Result<Option<UserEmail>, Self::Error>;
async fn all(&mut self, user: &User) -> Result<Vec<UserEmail>, Self::Error>;
async fn list_paginated(
&mut self,
user: &User,
before: Option<Ulid>,
after: Option<Ulid>,
first: Option<usize>,
last: Option<usize>,
) -> Result<Page<UserEmail>, Self::Error>;
async fn count(&mut self, user: &User) -> Result<usize, Self::Error>;
async fn add(
&mut self,
rng: &mut (dyn RngCore + Send),
clock: &Clock,
user: &User,
email: String,
) -> Result<UserEmail, Self::Error>;
async fn remove(&mut self, user_email: UserEmail) -> Result<(), Self::Error>;
async fn mark_as_verified(
&mut self,
clock: &Clock,
user_email: UserEmail,
) -> Result<UserEmail, Self::Error>;
async fn set_as_primary(&mut self, user_email: &UserEmail) -> Result<(), Self::Error>;
async fn add_verification_code(
&mut self,
rng: &mut (dyn RngCore + Send),
clock: &Clock,
user_email: &UserEmail,
max_age: chrono::Duration,
code: String,
) -> Result<UserEmailVerification, Self::Error>;
async fn find_verification_code(
&mut self,
clock: &Clock,
user_email: &UserEmail,
code: &str,
) -> Result<Option<UserEmailVerification>, Self::Error>;
async fn consume_verification_code(
&mut self,
clock: &Clock,
verification: UserEmailVerification,
) -> Result<UserEmailVerification, Self::Error>;
}
pub struct PgUserEmailRepository<'c> {
conn: &'c mut PgConnection,
}
impl<'c> PgUserEmailRepository<'c> {
pub fn new(conn: &'c mut PgConnection) -> Self {
Self { conn }
}
}
#[derive(Debug, Clone, sqlx::FromRow)]
struct UserEmailLookup {
user_email_id: Uuid,
user_id: Uuid,
email: String,
created_at: DateTime<Utc>,
confirmed_at: Option<DateTime<Utc>>,
}
impl From<UserEmailLookup> for UserEmail {
fn from(e: UserEmailLookup) -> UserEmail {
UserEmail {
id: e.user_email_id.into(),
user_id: e.user_id.into(),
email: e.email,
created_at: e.created_at,
confirmed_at: e.confirmed_at,
}
}
}
struct UserEmailConfirmationCodeLookup {
user_email_confirmation_code_id: Uuid,
user_email_id: Uuid,
code: String,
created_at: DateTime<Utc>,
expires_at: DateTime<Utc>,
consumed_at: Option<DateTime<Utc>>,
}
impl UserEmailConfirmationCodeLookup {
fn into_verification(self, clock: &Clock) -> UserEmailVerification {
let now = clock.now();
let state = if let Some(when) = self.consumed_at {
UserEmailVerificationState::AlreadyUsed { when }
} else if self.expires_at < now {
UserEmailVerificationState::Expired {
when: self.expires_at,
}
} else {
UserEmailVerificationState::Valid
};
UserEmailVerification {
id: self.user_email_confirmation_code_id.into(),
user_email_id: self.user_email_id.into(),
code: self.code,
state,
created_at: self.created_at,
}
}
}
#[async_trait]
impl<'c> UserEmailRepository for PgUserEmailRepository<'c> {
type Error = DatabaseError;
#[tracing::instrument(
skip_all,
fields(user_email.id = %id),
err,
)]
async fn lookup(&mut self, id: Ulid) -> Result<Option<UserEmail>, Self::Error> {
let res = sqlx::query_as!(
UserEmailLookup,
r#"
SELECT user_email_id
, user_id
, email
, created_at
, confirmed_at
FROM user_emails
WHERE user_email_id = $1
"#,
Uuid::from(id),
)
.fetch_one(&mut *self.conn)
.await
.to_option()?;
let Some(user_email) = res else { return Ok(None) };
Ok(Some(user_email.into()))
}
#[tracing::instrument(
skip_all,
fields(%user.id, user_email.email = email),
err,
)]
async fn find(&mut self, user: &User, email: &str) -> Result<Option<UserEmail>, Self::Error> {
let res = sqlx::query_as!(
UserEmailLookup,
r#"
SELECT user_email_id
, user_id
, email
, created_at
, confirmed_at
FROM user_emails
WHERE user_id = $1 AND email = $2
"#,
Uuid::from(user.id),
email,
)
.fetch_one(&mut *self.conn)
.await
.to_option()?;
let Some(user_email) = res else { return Ok(None) };
Ok(Some(user_email.into()))
}
#[tracing::instrument(
skip_all,
fields(%user.id),
err,
)]
async fn get_primary(&mut self, user: &User) -> Result<Option<UserEmail>, Self::Error> {
let Some(id) = user.primary_user_email_id else { return Ok(None) };
let user_email = self.lookup(id).await?.ok_or_else(|| {
DatabaseInconsistencyError::on("users")
.column("primary_user_email_id")
.row(user.id)
})?;
Ok(Some(user_email))
}
#[tracing::instrument(
skip_all,
fields(%user.id),
err,
)]
async fn all(&mut self, user: &User) -> Result<Vec<UserEmail>, Self::Error> {
let res = sqlx::query_as!(
UserEmailLookup,
r#"
SELECT user_email_id
, user_id
, email
, created_at
, confirmed_at
FROM user_emails
WHERE user_id = $1
ORDER BY email ASC
"#,
Uuid::from(user.id),
)
.fetch_all(&mut *self.conn)
.await?;
Ok(res.into_iter().map(Into::into).collect())
}
#[tracing::instrument(
skip_all,
fields(%user.id),
err,
)]
async fn list_paginated(
&mut self,
user: &User,
before: Option<Ulid>,
after: Option<Ulid>,
first: Option<usize>,
last: Option<usize>,
) -> Result<Page<UserEmail>, DatabaseError> {
let mut query = QueryBuilder::new(
r#"
SELECT user_email_id
, user_id
, email
, created_at
, confirmed_at
FROM user_emails
"#,
);
query
.push(" WHERE user_id = ")
.push_bind(Uuid::from(user.id))
.generate_pagination("ue.user_email_id", before, after, first, last)?;
let edges: Vec<UserEmailLookup> = query.build_query_as().fetch_all(&mut *self.conn).await?;
let (has_previous_page, has_next_page, edges) = process_page(edges, first, last)?;
let edges = edges.into_iter().map(Into::into).collect();
Ok(Page {
has_next_page,
has_previous_page,
edges,
})
}
#[tracing::instrument(
skip_all,
fields(%user.id),
err,
)]
async fn count(&mut self, user: &User) -> Result<usize, Self::Error> {
let res = sqlx::query_scalar!(
r#"
SELECT COUNT(*)
FROM user_emails
WHERE user_id = $1
"#,
Uuid::from(user.id),
)
.fetch_one(&mut *self.conn)
.await?;
let res = res.unwrap_or_default();
Ok(res
.try_into()
.map_err(DatabaseError::to_invalid_operation)?)
}
#[tracing::instrument(
skip_all,
fields(
%user.id,
user_email.id,
user_email.email = email,
),
err,
)]
async fn add(
&mut self,
rng: &mut (dyn RngCore + Send),
clock: &Clock,
user: &User,
email: String,
) -> Result<UserEmail, Self::Error> {
let created_at = clock.now();
let id = Ulid::from_datetime_with_source(created_at.into(), rng);
tracing::Span::current().record("user_email.id", tracing::field::display(id));
sqlx::query!(
r#"
INSERT INTO user_emails (user_email_id, user_id, email, created_at)
VALUES ($1, $2, $3, $4)
"#,
Uuid::from(id),
Uuid::from(user.id),
&email,
created_at,
)
.execute(&mut *self.conn)
.await?;
Ok(UserEmail {
id,
user_id: user.id,
email,
created_at,
confirmed_at: None,
})
}
#[tracing::instrument(
skip_all,
fields(
user.id = %user_email.user_id,
%user_email.id,
%user_email.email,
),
err,
)]
async fn remove(&mut self, user_email: UserEmail) -> Result<(), Self::Error> {
sqlx::query!(
r#"
DELETE FROM user_emails
WHERE user_email_id = $1
"#,
Uuid::from(user_email.id),
)
.execute(&mut *self.conn)
.await?;
Ok(())
}
async fn mark_as_verified(
&mut self,
clock: &Clock,
mut user_email: UserEmail,
) -> Result<UserEmail, Self::Error> {
let confirmed_at = clock.now();
sqlx::query!(
r#"
UPDATE user_emails
SET confirmed_at = $2
WHERE user_email_id = $1
"#,
Uuid::from(user_email.id),
confirmed_at,
)
.execute(&mut *self.conn)
.await?;
user_email.confirmed_at = Some(confirmed_at);
Ok(user_email)
}
async fn set_as_primary(&mut self, user_email: &UserEmail) -> Result<(), Self::Error> {
sqlx::query!(
r#"
UPDATE users
SET primary_user_email_id = user_emails.user_email_id
FROM user_emails
WHERE user_emails.user_email_id = $1
AND users.user_id = user_emails.user_id
"#,
Uuid::from(user_email.id),
)
.execute(&mut *self.conn)
.await?;
Ok(())
}
#[tracing::instrument(
skip_all,
fields(
%user_email.id,
%user_email.email,
user_email_verification.id,
user_email_verification.code = code,
),
err,
)]
async fn add_verification_code(
&mut self,
rng: &mut (dyn RngCore + Send),
clock: &Clock,
user_email: &UserEmail,
max_age: chrono::Duration,
code: String,
) -> Result<UserEmailVerification, Self::Error> {
let created_at = clock.now();
let id = Ulid::from_datetime_with_source(created_at.into(), rng);
tracing::Span::current().record("user_email_confirmation.id", tracing::field::display(id));
let expires_at = created_at + max_age;
sqlx::query!(
r#"
INSERT INTO user_email_confirmation_codes
(user_email_confirmation_code_id, user_email_id, code, created_at, expires_at)
VALUES ($1, $2, $3, $4, $5)
"#,
Uuid::from(id),
Uuid::from(user_email.id),
code,
created_at,
expires_at,
)
.execute(&mut *self.conn)
.await?;
let verification = UserEmailVerification {
id,
user_email_id: user_email.id,
code,
created_at,
state: UserEmailVerificationState::Valid,
};
Ok(verification)
}
#[tracing::instrument(
skip_all,
fields(
%user_email.id,
user.id = %user_email.user_id,
),
err,
)]
async fn find_verification_code(
&mut self,
clock: &Clock,
user_email: &UserEmail,
code: &str,
) -> Result<Option<UserEmailVerification>, Self::Error> {
let res = sqlx::query_as!(
UserEmailConfirmationCodeLookup,
r#"
SELECT user_email_confirmation_code_id
, user_email_id
, code
, created_at
, expires_at
, consumed_at
FROM user_email_confirmation_codes
WHERE code = $1
AND user_email_id = $2
"#,
code,
Uuid::from(user_email.id),
)
.fetch_one(&mut *self.conn)
.await
.to_option()?;
let Some(res) = res else { return Ok(None) };
Ok(Some(res.into_verification(clock)))
}
#[tracing::instrument(
skip_all,
fields(
%user_email_verification.id,
user_email.id = %user_email_verification.user_email_id,
),
err,
)]
async fn consume_verification_code(
&mut self,
clock: &Clock,
mut user_email_verification: UserEmailVerification,
) -> Result<UserEmailVerification, Self::Error> {
if !matches!(
user_email_verification.state,
UserEmailVerificationState::Valid
) {
return Err(DatabaseError::invalid_operation());
}
let consumed_at = clock.now();
sqlx::query!(
r#"
UPDATE user_email_confirmation_codes
SET consumed_at = $2
WHERE user_email_confirmation_code_id = $1
"#,
Uuid::from(user_email_verification.id),
consumed_at
)
.execute(&mut *self.conn)
.await?;
user_email_verification.state =
UserEmailVerificationState::AlreadyUsed { when: consumed_at };
Ok(user_email_verification)
}
}

928
crates/storage/src/user/mod.rs
View File

@ -12,13 +12,11 @@
// See the License for the specific language governing permissions and
// limitations under the License.
use async_trait::async_trait;
use chrono::{DateTime, Utc};
use mas_data_model::{
Authentication, BrowserSession, User, UserEmail, UserEmailVerification,
UserEmailVerificationState,
};
use rand::Rng;
use sqlx::{PgExecutor, QueryBuilder};
use mas_data_model::{Authentication, BrowserSession, User};
use rand::{Rng, RngCore};
use sqlx::{PgConnection, PgExecutor, QueryBuilder};
use tracing::{info_span, Instrument};
use ulid::Ulid;
use uuid::Uuid;
@ -29,35 +27,188 @@ use crate::{
};
mod authentication;
mod email;
mod password;
pub use self::{
authentication::{authenticate_session_with_password, authenticate_session_with_upstream},
email::{PgUserEmailRepository, UserEmailRepository},
password::{add_user_password, lookup_user_password},
};
#[async_trait]
pub trait UserRepository: Send + Sync {
type Error;
async fn lookup(&mut self, id: Ulid) -> Result<Option<User>, Self::Error>;
async fn find_by_username(&mut self, username: &str) -> Result<Option<User>, Self::Error>;
async fn add(
&mut self,
rng: &mut (dyn RngCore + Send),
clock: &Clock,
username: String,
) -> Result<User, Self::Error>;
async fn exists(&mut self, username: &str) -> Result<bool, Self::Error>;
}
pub struct PgUserRepository<'c> {
conn: &'c mut PgConnection,
}
impl<'c> PgUserRepository<'c> {
pub fn new(conn: &'c mut PgConnection) -> Self {
Self { conn }
}
}
#[derive(Debug, Clone)]
struct UserLookup {
user_id: Uuid,
user_username: String,
user_email_id: Option<Uuid>,
user_email: Option<String>,
user_email_created_at: Option<DateTime<Utc>>,
user_email_confirmed_at: Option<DateTime<Utc>>,
username: String,
primary_user_email_id: Option<Uuid>,
#[allow(dead_code)]
created_at: DateTime<Utc>,
}
impl From<UserLookup> for User {
fn from(value: UserLookup) -> Self {
let id = value.user_id.into();
Self {
id,
username: value.username,
sub: id.to_string(),
primary_user_email_id: value.primary_user_email_id.map(Into::into),
}
}
}
#[async_trait]
impl<'c> UserRepository for PgUserRepository<'c> {
type Error = DatabaseError;
#[tracing::instrument(
skip_all,
fields(user.id = %id),
err,
)]
async fn lookup(&mut self, id: Ulid) -> Result<Option<User>, Self::Error> {
let res = sqlx::query_as!(
UserLookup,
r#"
SELECT user_id
, username
, primary_user_email_id
, created_at
FROM users
WHERE user_id = $1
"#,
Uuid::from(id),
)
.fetch_one(&mut *self.conn)
.await
.to_option()?;
let Some(res) = res else { return Ok(None) };
Ok(Some(res.into()))
}
#[tracing::instrument(
skip_all,
fields(user.username = username),
err,
)]
async fn find_by_username(&mut self, username: &str) -> Result<Option<User>, Self::Error> {
let res = sqlx::query_as!(
UserLookup,
r#"
SELECT user_id
, username
, primary_user_email_id
, created_at
FROM users
WHERE username = $1
"#,
username,
)
.fetch_one(&mut *self.conn)
.await
.to_option()?;
let Some(res) = res else { return Ok(None) };
Ok(Some(res.into()))
}
#[tracing::instrument(
skip_all,
fields(
user.username = username,
user.id,
),
err,
)]
async fn add(
&mut self,
rng: &mut (dyn RngCore + Send),
clock: &Clock,
username: String,
) -> Result<User, Self::Error> {
let created_at = clock.now();
let id = Ulid::from_datetime_with_source(created_at.into(), rng);
tracing::Span::current().record("user.id", tracing::field::display(id));
sqlx::query!(
r#"
INSERT INTO users (user_id, username, created_at)
VALUES ($1, $2, $3)
"#,
Uuid::from(id),
username,
created_at,
)
.execute(&mut *self.conn)
.await?;
Ok(User {
id,
username,
sub: id.to_string(),
primary_user_email_id: None,
})
}
#[tracing::instrument(
skip_all,
fields(user.username = username),
err,
)]
async fn exists(&mut self, username: &str) -> Result<bool, Self::Error> {
let exists = sqlx::query_scalar!(
r#"
SELECT EXISTS(
SELECT 1 FROM users WHERE username = $1
) AS "exists!"
"#,
username
)
.fetch_one(&mut *self.conn)
.await?;
Ok(exists)
}
}
#[derive(sqlx::FromRow)]
struct SessionLookup {
user_session_id: Uuid,
user_session_created_at: DateTime<Utc>,
user_id: Uuid,
username: String,
created_at: DateTime<Utc>,
user_username: String,
user_primary_user_email_id: Option<Uuid>,
last_authentication_id: Option<Uuid>,
last_authd_at: Option<DateTime<Utc>>,
user_email_id: Option<Uuid>,
user_email: Option<String>,
user_email_created_at: Option<DateTime<Utc>>,
user_email_confirmed_at: Option<DateTime<Utc>>,
}
impl TryInto<BrowserSession> for SessionLookup {
@ -65,31 +216,11 @@ impl TryInto<BrowserSession> for SessionLookup {
fn try_into(self) -> Result<BrowserSession, Self::Error> {
let id = Ulid::from(self.user_id);
let primary_email = match (
self.user_email_id,
self.user_email,
self.user_email_created_at,
self.user_email_confirmed_at,
) {
(Some(id), Some(email), Some(created_at), confirmed_at) => Some(UserEmail {
id: id.into(),
email,
created_at,
confirmed_at,
}),
(None, None, None, None) => None,
_ => {
return Err(DatabaseInconsistencyError::on("users")
.column("primary_user_email_id")
.row(id))
}
};
let user = User {
id,
username: self.username,
username: self.user_username,
sub: id.to_string(),
primary_email,
primary_user_email_id: self.user_primary_user_email_id.map(Into::into),
};
let last_authentication = match (self.last_authentication_id, self.last_authd_at) {
@ -108,7 +239,7 @@ impl TryInto<BrowserSession> for SessionLookup {
Ok(BrowserSession {
id: self.user_session_id.into(),
user,
created_at: self.created_at,
created_at: self.user_session_created_at,
last_authentication,
})
}
@ -126,24 +257,18 @@ pub async fn lookup_active_session(
let res = sqlx::query_as!(
SessionLookup,
r#"
SELECT
s.user_session_id,
u.user_id,
u.username,
s.created_at,
a.user_session_authentication_id AS "last_authentication_id?",
a.created_at AS "last_authd_at?",
ue.user_email_id AS "user_email_id?",
ue.email AS "user_email?",
ue.created_at AS "user_email_created_at?",
ue.confirmed_at AS "user_email_confirmed_at?"
SELECT s.user_session_id
, s.created_at AS "user_session_created_at"
, u.user_id
, u.username AS "user_username"
, u.primary_user_email_id AS "user_primary_user_email_id"
, a.user_session_authentication_id AS "last_authentication_id?"
, a.created_at AS "last_authd_at?"
FROM user_sessions s
INNER JOIN users u
USING (user_id)
LEFT JOIN user_session_authentications a
USING (user_session_id)
LEFT JOIN user_emails ue
ON ue.user_email_id = u.primary_user_email_id
WHERE s.user_session_id = $1 AND s.finished_at IS NULL
ORDER BY a.created_at DESC
LIMIT 1
@ -279,44 +404,6 @@ pub async fn count_active_sessions(
Ok(res)
}
#[tracing::instrument(
skip_all,
fields(
user.username = username,
user.id,
),
err,
)]
pub async fn add_user(
executor: impl PgExecutor<'_>,
mut rng: impl Rng + Send,
clock: &Clock,
username: &str,
) -> Result<User, sqlx::Error> {
let created_at = clock.now();
let id = Ulid::from_datetime_with_source(created_at.into(), &mut rng);
tracing::Span::current().record("user.id", tracing::field::display(id));
sqlx::query!(
r#"
INSERT INTO users (user_id, username, created_at)
VALUES ($1, $2, $3)
"#,
Uuid::from(id),
username,
created_at,
)
.execute(executor)
.await?;
Ok(User {
id,
username: username.to_owned(),
sub: id.to_string(),
primary_email: None,
})
}
#[tracing::instrument(
skip_all,
fields(%user_session.id),
@ -343,662 +430,3 @@ pub async fn end_session(
DatabaseError::ensure_affected_rows(&res, 1)
}
#[tracing::instrument(
skip_all,
fields(user.username = username),
err,
)]
pub async fn lookup_user_by_username(
executor: impl PgExecutor<'_>,
username: &str,
) -> Result<Option<User>, DatabaseError> {
let res = sqlx::query_as!(
UserLookup,
r#"
SELECT
u.user_id,
u.username AS user_username,
ue.user_email_id AS "user_email_id?",
ue.email AS "user_email?",
ue.created_at AS "user_email_created_at?",
ue.confirmed_at AS "user_email_confirmed_at?"
FROM users u
LEFT JOIN user_emails ue
USING (user_id)
WHERE u.username = $1
"#,
username,
)
.fetch_one(executor)
.instrument(info_span!("Fetch user"))
.await
.to_option()?;
let Some(res) = res else { return Ok(None) };
let id = Ulid::from(res.user_id);
let primary_email = match (
res.user_email_id,
res.user_email,
res.user_email_created_at,
res.user_email_confirmed_at,
) {
(Some(id), Some(email), Some(created_at), confirmed_at) => Some(UserEmail {
id: id.into(),
email,
created_at,
confirmed_at,
}),
(None, None, None, None) => None,
_ => {
return Err(DatabaseInconsistencyError::on("users")
.column("primary_user_email_id")
.row(id)
.into())
}
};
Ok(Some(User {
id,
username: res.user_username,
sub: id.to_string(),
primary_email,
}))
}
#[tracing::instrument(
skip_all,
fields(user.id = %id),
err,
)]
pub async fn lookup_user(executor: impl PgExecutor<'_>, id: Ulid) -> Result<User, DatabaseError> {
let res = sqlx::query_as!(
UserLookup,
r#"
SELECT
u.user_id,
u.username AS user_username,
ue.user_email_id AS "user_email_id?",
ue.email AS "user_email?",
ue.created_at AS "user_email_created_at?",
ue.confirmed_at AS "user_email_confirmed_at?"
FROM users u
LEFT JOIN user_emails ue
USING (user_id)
WHERE u.user_id = $1
"#,
Uuid::from(id),
)
.fetch_one(executor)
.instrument(info_span!("Fetch user"))
.await?;
let id = Ulid::from(res.user_id);
let primary_email = match (
res.user_email_id,
res.user_email,
res.user_email_created_at,
res.user_email_confirmed_at,
) {
(Some(id), Some(email), Some(created_at), confirmed_at) => Some(UserEmail {
id: id.into(),
email,
created_at,
confirmed_at,
}),
(None, None, None, None) => None,
_ => {
return Err(DatabaseInconsistencyError::on("users")
.column("primary_user_email_id")
.row(id)
.into())
}
};
Ok(User {
id,
username: res.user_username,
sub: id.to_string(),
primary_email,
})
}
#[tracing::instrument(
skip_all,
fields(user.username = username),
err,
)]
pub async fn username_exists(
executor: impl PgExecutor<'_>,
username: &str,
) -> Result<bool, sqlx::Error> {
sqlx::query_scalar!(
r#"
SELECT EXISTS(
SELECT 1 FROM users WHERE username = $1
) AS "exists!"
"#,
username
)
.fetch_one(executor)
.await
}
#[derive(Debug, Clone, sqlx::FromRow)]
struct UserEmailLookup {
user_email_id: Uuid,
user_email: String,
user_email_created_at: DateTime<Utc>,
user_email_confirmed_at: Option<DateTime<Utc>>,
}
impl From<UserEmailLookup> for UserEmail {
fn from(e: UserEmailLookup) -> UserEmail {
UserEmail {
id: e.user_email_id.into(),
email: e.user_email,
created_at: e.user_email_created_at,
confirmed_at: e.user_email_confirmed_at,
}
}
}
#[tracing::instrument(
skip_all,
fields(%user.id, %user.username),
err,
)]
pub async fn get_user_emails(
executor: impl PgExecutor<'_>,
user: &User,
) -> Result<Vec<UserEmail>, sqlx::Error> {
let res = sqlx::query_as!(
UserEmailLookup,
r#"
SELECT
ue.user_email_id,
ue.email AS "user_email",
ue.created_at AS "user_email_created_at",
ue.confirmed_at AS "user_email_confirmed_at"
FROM user_emails ue
WHERE ue.user_id = $1
ORDER BY ue.email ASC
"#,
Uuid::from(user.id),
)
.fetch_all(executor)
.instrument(info_span!("Fetch user emails"))
.await?;
Ok(res.into_iter().map(Into::into).collect())
}
#[tracing::instrument(
skip_all,
fields(%user.id, %user.username),
err,
)]
pub async fn count_user_emails(
executor: impl PgExecutor<'_>,
user: &User,
) -> Result<i64, sqlx::Error> {
let res = sqlx::query_scalar!(
r#"
SELECT COUNT(*)
FROM user_emails ue
WHERE ue.user_id = $1
"#,
Uuid::from(user.id),
)
.fetch_one(executor)
.instrument(info_span!("Count user emails"))
.await?;
Ok(res.unwrap_or_default())
}
#[tracing::instrument(
skip_all,
fields(%user.id, %user.username),
err,
)]
pub async fn get_paginated_user_emails(
executor: impl PgExecutor<'_>,
user: &User,
before: Option<Ulid>,
after: Option<Ulid>,
first: Option<usize>,
last: Option<usize>,
) -> Result<(bool, bool, Vec<UserEmail>), DatabaseError> {
let mut query = QueryBuilder::new(
r#"
SELECT
ue.user_email_id,
ue.email AS "user_email",
ue.created_at AS "user_email_created_at",
ue.confirmed_at AS "user_email_confirmed_at"
FROM user_emails ue
"#,
);
query
.push(" WHERE ue.user_id = ")
.push_bind(Uuid::from(user.id))
.generate_pagination("ue.user_email_id", before, after, first, last)?;
let span = info_span!("Fetch paginated user sessions", db.statement = query.sql());
let page: Vec<UserEmailLookup> = query
.build_query_as()
.fetch_all(executor)
.instrument(span)
.await?;
let (has_previous_page, has_next_page, page) = process_page(page, first, last)?;
Ok((
has_previous_page,
has_next_page,
page.into_iter().map(Into::into).collect(),
))
}
#[tracing::instrument(
skip_all,
fields(
%user.id,
%user.username,
user_email.id = %id,
),
err,
)]
pub async fn get_user_email(
executor: impl PgExecutor<'_>,
user: &User,
id: Ulid,
) -> Result<UserEmail, sqlx::Error> {
let res = sqlx::query_as!(
UserEmailLookup,
r#"
SELECT
ue.user_email_id,
ue.email AS "user_email",
ue.created_at AS "user_email_created_at",
ue.confirmed_at AS "user_email_confirmed_at"
FROM user_emails ue
WHERE ue.user_id = $1
AND ue.user_email_id = $2
"#,
Uuid::from(user.id),
Uuid::from(id),
)
.fetch_one(executor)
.instrument(info_span!("Fetch user emails"))
.await?;
Ok(res.into())
}
#[tracing::instrument(
skip_all,
fields(
%user.id,
%user.username,
user_email.id,
user_email.email = %email,
),
err,
)]
pub async fn add_user_email(
executor: impl PgExecutor<'_>,
mut rng: impl Rng + Send,
clock: &Clock,
user: &User,
email: String,
) -> Result<UserEmail, sqlx::Error> {
let created_at = clock.now();
let id = Ulid::from_datetime_with_source(created_at.into(), &mut rng);
tracing::Span::current().record("user_email.id", tracing::field::display(id));
sqlx::query!(
r#"
INSERT INTO user_emails (user_email_id, user_id, email, created_at)
VALUES ($1, $2, $3, $4)
"#,
Uuid::from(id),
Uuid::from(user.id),
&email,
created_at,
)
.execute(executor)
.instrument(info_span!("Add user email"))
.await?;
Ok(UserEmail {
id,
email,
created_at,
confirmed_at: None,
})
}
#[tracing::instrument(
skip_all,
fields(
%user_email.id,
%user_email.email,
),
err,
)]
pub async fn set_user_email_as_primary(
executor: impl PgExecutor<'_>,
user_email: &UserEmail,
) -> Result<(), sqlx::Error> {
sqlx::query!(
r#"
UPDATE users
SET primary_user_email_id = user_emails.user_email_id
FROM user_emails
WHERE user_emails.user_email_id = $1
AND users.user_id = user_emails.user_id
"#,
Uuid::from(user_email.id),
)
.execute(executor)
.instrument(info_span!("Add user email"))
.await?;
Ok(())
}
#[tracing::instrument(
skip_all,
fields(
%user_email.id,
%user_email.email,
),
err,
)]
pub async fn remove_user_email(
executor: impl PgExecutor<'_>,
user_email: UserEmail,
) -> Result<(), sqlx::Error> {
sqlx::query!(
r#"
DELETE FROM user_emails
WHERE user_emails.user_email_id = $1
"#,
Uuid::from(user_email.id),
)
.execute(executor)
.instrument(info_span!("Remove user email"))
.await?;
Ok(())
}
#[tracing::instrument(
skip_all,
fields(
%user.id,
user_email.email = email,
),
err,
)]
pub async fn lookup_user_email(
executor: impl PgExecutor<'_>,
user: &User,
email: &str,
) -> Result<Option<UserEmail>, sqlx::Error> {
let res = sqlx::query_as!(
UserEmailLookup,
r#"
SELECT
ue.user_email_id,
ue.email AS "user_email",
ue.created_at AS "user_email_created_at",
ue.confirmed_at AS "user_email_confirmed_at"
FROM user_emails ue
WHERE ue.user_id = $1
AND ue.email = $2
"#,
Uuid::from(user.id),
email,
)
.fetch_one(executor)
.instrument(info_span!("Lookup user email"))
.await
.to_option()?;
let Some(res) = res else { return Ok(None) };
Ok(Some(res.into()))
}
#[tracing::instrument(
skip_all,
fields(
%user.id,
user_email.id = %id,
),
err,
)]
pub async fn lookup_user_email_by_id(
executor: impl PgExecutor<'_>,
user: &User,
id: Ulid,
) -> Result<Option<UserEmail>, DatabaseError> {
let res = sqlx::query_as!(
UserEmailLookup,
r#"
SELECT
ue.user_email_id,
ue.email AS "user_email",
ue.created_at AS "user_email_created_at",
ue.confirmed_at AS "user_email_confirmed_at"
FROM user_emails ue
WHERE ue.user_id = $1
AND ue.user_email_id = $2
"#,
Uuid::from(user.id),
Uuid::from(id),
)
.fetch_one(executor)
.instrument(info_span!("Lookup user email"))
.await
.to_option()?;
let Some(res) = res else { return Ok(None) };
Ok(Some(res.into()))
}
#[tracing::instrument(
skip_all,
fields(%user_email.id),
err,
)]
pub async fn mark_user_email_as_verified(
executor: impl PgExecutor<'_>,
clock: &Clock,
mut user_email: UserEmail,
) -> Result<UserEmail, sqlx::Error> {
let confirmed_at = clock.now();
sqlx::query!(
r#"
UPDATE user_emails
SET confirmed_at = $2
WHERE user_email_id = $1
"#,
Uuid::from(user_email.id),
confirmed_at,
)
.execute(executor)
.instrument(info_span!("Confirm user email"))
.await?;
user_email.confirmed_at = Some(confirmed_at);
Ok(user_email)
}
struct UserEmailConfirmationCodeLookup {
user_email_confirmation_code_id: Uuid,
code: String,
created_at: DateTime<Utc>,
expires_at: DateTime<Utc>,
consumed_at: Option<DateTime<Utc>>,
}
#[tracing::instrument(
skip_all,
fields(%user_email.id),
err,
)]
pub async fn lookup_user_email_verification_code(
executor: impl PgExecutor<'_>,
clock: &Clock,
user_email: UserEmail,
code: &str,
) -> Result<Option<UserEmailVerification>, DatabaseError> {
let now = clock.now();
let res = sqlx::query_as!(
UserEmailConfirmationCodeLookup,
r#"
SELECT
ec.user_email_confirmation_code_id,
ec.code,
ec.created_at,
ec.expires_at,
ec.consumed_at
FROM user_email_confirmation_codes ec
WHERE ec.code = $1
AND ec.user_email_id = $2
"#,
code,
Uuid::from(user_email.id),
)
.fetch_one(executor)
.instrument(info_span!("Lookup user email verification"))
.await
.to_option()?;
let Some(res) = res else { return Ok(None) };
let state = if let Some(when) = res.consumed_at {
UserEmailVerificationState::AlreadyUsed { when }
} else if res.expires_at < now {
UserEmailVerificationState::Expired {
when: res.expires_at,
}
} else {
UserEmailVerificationState::Valid
};
Ok(Some(UserEmailVerification {
id: res.user_email_confirmation_code_id.into(),
code: res.code,
email: user_email,
state,
created_at: res.created_at,
}))
}
#[tracing::instrument(
skip_all,
fields(
%user_email_verification.id,
),
err,
)]
pub async fn consume_email_verification(
executor: impl PgExecutor<'_>,
clock: &Clock,
mut user_email_verification: UserEmailVerification,
) -> Result<UserEmailVerification, DatabaseError> {
if !matches!(
user_email_verification.state,
UserEmailVerificationState::Valid
) {
return Err(DatabaseError::invalid_operation());
}
let consumed_at = clock.now();
sqlx::query!(
r#"
UPDATE user_email_confirmation_codes
SET consumed_at = $2
WHERE user_email_confirmation_code_id = $1
"#,
Uuid::from(user_email_verification.id),
consumed_at
)
.execute(executor)
.instrument(info_span!("Consume user email verification"))
.await?;
user_email_verification.state = UserEmailVerificationState::AlreadyUsed { when: consumed_at };
Ok(user_email_verification)
}
#[tracing::instrument(
skip_all,
fields(
%user_email.id,
%user_email.email,
user_email_confirmation.id,
user_email_confirmation.code = code,
),
err,
)]
pub async fn add_user_email_verification_code(
executor: impl PgExecutor<'_>,
mut rng: impl Rng + Send,
clock: &Clock,
user_email: UserEmail,
max_age: chrono::Duration,
code: String,
) -> Result<UserEmailVerification, sqlx::Error> {
let created_at = clock.now();
let id = Ulid::from_datetime_with_source(created_at.into(), &mut rng);
tracing::Span::current().record("user_email_confirmation.id", tracing::field::display(id));
let expires_at = created_at + max_age;
sqlx::query!(
r#"
INSERT INTO user_email_confirmation_codes
(user_email_confirmation_code_id, user_email_id, code, created_at, expires_at)
VALUES ($1, $2, $3, $4, $5)
"#,
Uuid::from(id),
Uuid::from(user_email.id),
code,
created_at,
expires_at,
)
.execute(executor)
.instrument(info_span!("Add user email verification code"))
.await?;
let verification = UserEmailVerification {
id,
email: user_email,
code,
created_at,
state: UserEmailVerificationState::Valid,
};
Ok(verification)
}