Refactor DB interactions for OAuth code and tokens

This ensures complex types like scopes are properly parsed back from the database.
2025-07-29 22:01:14 +03:00 · 2021-10-19 19:18:25 +02:00
parent 617ab83ab2
commit 4307276b0e
16 changed files with 947 additions and 529 deletions
--- a/crates/data-model/Cargo.toml
+++ b/crates/data-model/Cargo.toml
@ -9,5 +9,6 @@ license = "Apache-2.0"
 chrono = "0.4.19"
 thiserror = "1.0.30"
 serde = "1.0.130"
+url = { version = "2.2.2", features = ["serde"] }

 oauth2-types = { path = "../oauth2-types" }
--- a/crates/data-model/src/lib.rs
+++ b/crates/data-model/src/lib.rs
@ -15,6 +15,7 @@
 use chrono::{DateTime, Duration, Utc};
 use oauth2_types::{pkce::CodeChallengeMethod, scope::Scope};
 use serde::Serialize;
+use url::Url;

 pub mod errors;

@ -28,6 +29,7 @@ pub trait StorageBackend {
    type SessionData: Clone + std::fmt::Debug + PartialEq;
    type AuthorizationCodeData: Clone + std::fmt::Debug + PartialEq;
    type AccessTokenData: Clone + std::fmt::Debug + PartialEq;
+    type RefreshTokenData: Clone + std::fmt::Debug + PartialEq;
 }

 impl StorageBackend for () {
@ -36,6 +38,7 @@ impl StorageBackend for () {
    type AuthorizationCodeData = ();
    type BrowserSessionData = ();
    type ClientData = ();
+    type RefreshTokenData = ();
    type SessionData = ();
    type UserData = ();
 }
@ -153,6 +156,8 @@ pub struct Session<T: StorageBackend> {
    pub browser_session: Option<BrowserSession<T>>,
    pub client: Client<T>,
    pub scope: Scope,
+    pub redirect_uri: Url,
+    pub nonce: Option<String>,
 }

 impl<S: StorageBackendMarker> From<Session<S>> for Session<()> {
@ -162,6 +167,8 @@ impl<S: StorageBackendMarker> From<Session<S>> for Session<()> {
            browser_session: s.browser_session.map(Into::into),
            client: s.client.into(),
            scope: s.scope,
+            redirect_uri: s.redirect_uri,
+            nonce: s.nonce,
        }
    }
 }
@ -191,7 +198,7 @@ pub struct AuthorizationCode<T: StorageBackend> {
    #[serde(skip_serializing)]
    pub data: T::AuthorizationCodeData,
    pub code: String,
-    pub pkce: Pkce,
+    pub pkce: Option<Pkce>,
 }

 impl<S: StorageBackendMarker> From<AuthorizationCode<S>> for AuthorizationCode<()> {
@ -224,3 +231,28 @@ impl<S: StorageBackendMarker> From<AccessToken<S>> for AccessToken<()> {
        }
    }
 }
+
+impl<T: StorageBackend> AccessToken<T> {
+    pub fn exp(&self) -> DateTime<Utc> {
+        self.created_at + self.expires_after
+    }
+}
+
+#[derive(Debug, Clone, PartialEq)]
+pub struct RefreshToken<T: StorageBackend> {
+    pub data: T::RefreshTokenData,
+    pub token: String,
+    pub created_at: DateTime<Utc>,
+    pub access_token: Option<AccessToken<T>>,
+}
+
+impl<S: StorageBackendMarker> From<RefreshToken<S>> for RefreshToken<()> {
+    fn from(t: RefreshToken<S>) -> Self {
+        RefreshToken {
+            data: (),
+            token: t.token,
+            created_at: t.created_at,
+            access_token: t.access_token.map(Into::into),
+        }
+    }
+}