matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-29 22:01:14 +03:00
Code Activity

Better DB operations tracing

Browse Source
This commit is contained in:
Quentin Gliech
2022-10-21 14:36:58 +02:00
parent 5580179537
commit 770541eb38
8 changed files with 206 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
crates/storage/sqlx-data.json
View File

@ -291,19 +291,6 @@
}, },
"query": "\n INSERT INTO oauth2_client_redirect_uris\n (oauth2_client_redirect_uri_id, oauth2_client_id, redirect_uri)\n VALUES ($1, $2, $3)\n " "query": "\n INSERT INTO oauth2_client_redirect_uris\n (oauth2_client_redirect_uri_id, oauth2_client_id, redirect_uri)\n VALUES ($1, $2, $3)\n "
}, },
"1a10e6189300563e79684eb7ccc6c29b0418aadfdeea6f8bc5a700a411409c73": {
"describe": {
"columns": [],
"nullable": [],
"parameters": {
"Left": [
"Text",
"Timestamptz"
]
}
},
"query": "\n UPDATE compat_sessions cs\n SET finished_at = $2\n FROM compat_access_tokens ca\n WHERE ca.access_token = $1\n AND ca.compat_session_id = cs.compat_session_id\n AND cs.finished_at IS NULL\n "
},
"1eb6d13e75d8f526c2785749a020731c18012f03e07995213acd38ab560ce497": { "1eb6d13e75d8f526c2785749a020731c18012f03e07995213acd38ab560ce497": {
"describe": { "describe": {
"columns": [], "columns": [],
@ -1023,6 +1010,27 @@
}, },
"query": "\n SELECT scope_token\n FROM oauth2_consents\n WHERE user_id = $1 AND oauth2_client_id = $2\n " "query": "\n SELECT scope_token\n FROM oauth2_consents\n WHERE user_id = $1 AND oauth2_client_id = $2\n "
}, },
"559a486756d08d101eb7188ef6637b9d24c024d056795b8121f7f04a7f9db6a3": {
"describe": {
"columns": [
{
"name": "compat_session_id",
"ordinal": 0,
"type_info": "Uuid"
}
],
"nullable": [
false
],
"parameters": {
"Left": [
"Text",
"Timestamptz"
]
}
},
"query": "\n UPDATE compat_sessions cs\n SET finished_at = $2\n FROM compat_access_tokens ca\n WHERE ca.access_token = $1\n AND ca.compat_session_id = cs.compat_session_id\n AND cs.finished_at IS NULL\n RETURNING cs.compat_session_id\n "
},
"5b5d5c82da37c6f2d8affacfb02119965c04d1f2a9cc53dbf5bd4c12584969a0": { "5b5d5c82da37c6f2d8affacfb02119965c04d1f2a9cc53dbf5bd4c12584969a0": {
"describe": { "describe": {
"columns": [], "columns": [],

129
crates/storage/src/compat.rs
View File

@ -300,7 +300,16 @@ pub async fn lookup_active_compat_refresh_token(
Ok((refresh_token, access_token, session)) Ok((refresh_token, access_token, session))
} }
#[tracing::instrument(skip(conn, password), err)] #[tracing::instrument(
skip_all,
fields(
user.username = username,
user.id,
compat_session.id,
compat_session.device.id = device.as_str(),
),
err(Display),
)]
pub async fn compat_login( pub async fn compat_login(
conn: impl Acquire<'_, Database = Postgres>, conn: impl Acquire<'_, Database = Postgres>,
username: &str, username: &str,
@ -311,6 +320,7 @@ pub async fn compat_login(
// First, lookup the user // First, lookup the user
let user = lookup_user_by_username(&mut txn, username).await?; let user = lookup_user_by_username(&mut txn, username).await?;
tracing::Span::current().record("user.id", tracing::field::display(user.data));
// Now, fetch the hashed password from the user associated with that session // Now, fetch the hashed password from the user associated with that session
let hashed_password: String = sqlx::query_scalar!( let hashed_password: String = sqlx::query_scalar!(
@ -340,6 +350,8 @@ pub async fn compat_login(
let created_at = Utc::now(); let created_at = Utc::now();
let id = Ulid::from_datetime(created_at.into()); let id = Ulid::from_datetime(created_at.into());
tracing::Span::current().record("compat_session.id", tracing::field::display(id));
sqlx::query!( sqlx::query!(
r#" r#"
INSERT INTO compat_sessions INSERT INTO compat_sessions
@ -368,7 +380,16 @@ pub async fn compat_login(
Ok(session) Ok(session)
} }
#[tracing::instrument(skip(executor, token), err)] #[tracing::instrument(
skip_all,
fields(
compat_session.id = %session.data,
compat_session.device.id = session.device.as_str(),
compat_access_token.id,
user.id = %session.user.data,
),
err(Display),
)]
pub async fn add_compat_access_token( pub async fn add_compat_access_token(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
session: &CompatSession<PostgresqlBackend>, session: &CompatSession<PostgresqlBackend>,
@ -377,6 +398,8 @@ pub async fn add_compat_access_token(
) -> Result<CompatAccessToken<PostgresqlBackend>, anyhow::Error> { ) -> Result<CompatAccessToken<PostgresqlBackend>, anyhow::Error> {
let created_at = Utc::now(); let created_at = Utc::now();
let id = Ulid::from_datetime(created_at.into()); let id = Ulid::from_datetime(created_at.into());
tracing::Span::current().record("compat_access_token.id", tracing::field::display(id));
let expires_at = expires_after.map(|expires_after| created_at + expires_after); let expires_at = expires_after.map(|expires_after| created_at + expires_after);
sqlx::query!( sqlx::query!(
@ -404,10 +427,17 @@ pub async fn add_compat_access_token(
}) })
} }
#[tracing::instrument(
skip_all,
fields(
compat_access_token.id = %access_token.data,
),
err(Display),
)]
pub async fn expire_compat_access_token( pub async fn expire_compat_access_token(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
access_token: CompatAccessToken<PostgresqlBackend>, access_token: CompatAccessToken<PostgresqlBackend>,
) -> anyhow::Result<()> { ) -> Result<(), anyhow::Error> {
let expires_at = Utc::now(); let expires_at = Utc::now();
let res = sqlx::query!( let res = sqlx::query!(
r#" r#"
@ -431,6 +461,17 @@ pub async fn expire_compat_access_token(
} }
} }
#[tracing::instrument(
skip_all,
fields(
compat_session.id = %session.data,
compat_session.device.id = session.device.as_str(),
compat_access_token.id = %access_token.data,
compat_refresh_token.id,
user.id = %session.user.data,
),
err(Display),
)]
pub async fn add_compat_refresh_token( pub async fn add_compat_refresh_token(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
session: &CompatSession<PostgresqlBackend>, session: &CompatSession<PostgresqlBackend>,
@ -439,6 +480,8 @@ pub async fn add_compat_refresh_token(
) -> Result<CompatRefreshToken<PostgresqlBackend>, anyhow::Error> { ) -> Result<CompatRefreshToken<PostgresqlBackend>, anyhow::Error> {
let created_at = Utc::now(); let created_at = Utc::now();
let id = Ulid::from_datetime(created_at.into()); let id = Ulid::from_datetime(created_at.into());
tracing::Span::current().record("compat_refresh_token.id", tracing::field::display(id));
sqlx::query!( sqlx::query!(
r#" r#"
INSERT INTO compat_refresh_tokens INSERT INTO compat_refresh_tokens
@ -464,14 +507,18 @@ pub async fn add_compat_refresh_token(
}) })
} }
#[tracing::instrument(skip_all, err)] #[tracing::instrument(
skip_all,
fields(compat_session.id),
err(Display),
)]
pub async fn compat_logout( pub async fn compat_logout(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
token: &str, token: &str,
) -> Result<(), anyhow::Error> { ) -> Result<(), anyhow::Error> {
let finished_at = Utc::now(); let finished_at = Utc::now();
// TODO: this does not check for token expiration // TODO: this does not check for token expiration
let res = sqlx::query!( let compat_session_id = sqlx::query_scalar!(
r#" r#"
UPDATE compat_sessions cs UPDATE compat_sessions cs
SET finished_at = $2 SET finished_at = $2
@ -479,25 +526,34 @@ pub async fn compat_logout(
WHERE ca.access_token = $1 WHERE ca.access_token = $1
AND ca.compat_session_id = cs.compat_session_id AND ca.compat_session_id = cs.compat_session_id
AND cs.finished_at IS NULL AND cs.finished_at IS NULL
RETURNING cs.compat_session_id
"#, "#,
token, token,
finished_at, finished_at,
) )
.execute(executor) .fetch_one(executor)
.await .await
.context("could not update compat access token")?; .context("could not update compat access token")?;
match res.rows_affected() { tracing::Span::current().record(
1 => Ok(()), "compat_session.id",
0 => anyhow::bail!("no row affected"), tracing::field::display(compat_session_id),
_ => anyhow::bail!("too many row affected"), );
}
Ok(())
} }
#[tracing::instrument(
skip_all,
fields(
compat_refresh_token.id = %refresh_token.data,
),
err(Display),
)]
pub async fn consume_compat_refresh_token( pub async fn consume_compat_refresh_token(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
refresh_token: CompatRefreshToken<PostgresqlBackend>, refresh_token: CompatRefreshToken<PostgresqlBackend>,
) -> anyhow::Result<()> { ) -> Result<(), anyhow::Error> {
let consumed_at = Utc::now(); let consumed_at = Utc::now();
let res = sqlx::query!( let res = sqlx::query!(
r#" r#"
@ -521,13 +577,23 @@ pub async fn consume_compat_refresh_token(
} }
} }
#[tracing::instrument(
skip_all,
fields(
compat_sso_login.id,
compat_sso_login.redirect_uri = %redirect_uri,
),
err(Display),
)]
pub async fn insert_compat_sso_login( pub async fn insert_compat_sso_login(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
login_token: String, login_token: String,
redirect_uri: Url, redirect_uri: Url,
) -> anyhow::Result<CompatSsoLogin<PostgresqlBackend>> { ) -> Result<CompatSsoLogin<PostgresqlBackend>, anyhow::Error> {
let created_at = Utc::now(); let created_at = Utc::now();
let id = Ulid::from_datetime(created_at.into()); let id = Ulid::from_datetime(created_at.into());
tracing::Span::current().record("compat_sso_login.id", tracing::field::display(id));
sqlx::query!( sqlx::query!(
r#" r#"
INSERT INTO compat_sso_logins INSERT INTO compat_sso_logins
@ -675,8 +741,13 @@ impl CompatSsoLoginLookupError {
} }
} }
#[allow(clippy::too_many_lines)] #[tracing::instrument(
#[tracing::instrument(skip(executor), err)] skip_all,
fields(
compat_sso_login.id = %id,
),
err,
)]
pub async fn get_compat_sso_login_by_id( pub async fn get_compat_sso_login_by_id(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
id: Ulid, id: Ulid,
@ -719,8 +790,7 @@ pub async fn get_compat_sso_login_by_id(
Ok(res.try_into()?) Ok(res.try_into()?)
} }
#[allow(clippy::too_many_lines)] #[tracing::instrument(skip_all, err)]
#[tracing::instrument(skip(executor), err)]
pub async fn get_compat_sso_login_by_token( pub async fn get_compat_sso_login_by_token(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
token: &str, token: &str,
@ -763,12 +833,23 @@ pub async fn get_compat_sso_login_by_token(
Ok(res.try_into()?) Ok(res.try_into()?)
} }
#[tracing::instrument(
skip_all,
fields(
user.id = %user.data,
compat_sso_login.id = %login.data,
compat_sso_login.redirect_uri = %login.redirect_uri,
compat_session.id,
compat_session.device.id = device.as_str(),
),
err(Display),
)]
pub async fn fullfill_compat_sso_login( pub async fn fullfill_compat_sso_login(
conn: impl Acquire<'_, Database = Postgres>, conn: impl Acquire<'_, Database = Postgres>,
user: User<PostgresqlBackend>, user: User<PostgresqlBackend>,
mut login: CompatSsoLogin<PostgresqlBackend>, mut login: CompatSsoLogin<PostgresqlBackend>,
device: Device, device: Device,
) -> anyhow::Result<CompatSsoLogin<PostgresqlBackend>> { ) -> Result<CompatSsoLogin<PostgresqlBackend>, anyhow::Error> {
if !matches!(login.state, CompatSsoLoginState::Pending) { if !matches!(login.state, CompatSsoLoginState::Pending) {
bail!("sso login in wrong state"); bail!("sso login in wrong state");
}; };
@ -777,6 +858,8 @@ pub async fn fullfill_compat_sso_login(
let created_at = Utc::now(); let created_at = Utc::now();
let id = Ulid::from_datetime(created_at.into()); let id = Ulid::from_datetime(created_at.into());
tracing::Span::current().record("user.id", tracing::field::display(user.data));
sqlx::query!( sqlx::query!(
r#" r#"
INSERT INTO compat_sessions (compat_session_id, user_id, device_id, created_at) INSERT INTO compat_sessions (compat_session_id, user_id, device_id, created_at)
@ -831,10 +914,18 @@ pub async fn fullfill_compat_sso_login(
Ok(login) Ok(login)
} }
#[tracing::instrument(
skip_all,
fields(
compat_sso_login.id = %login.data,
compat_sso_login.redirect_uri = %login.redirect_uri,
),
err(Display),
)]
pub async fn mark_compat_sso_login_as_exchanged( pub async fn mark_compat_sso_login_as_exchanged(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
mut login: CompatSsoLogin<PostgresqlBackend>, mut login: CompatSsoLogin<PostgresqlBackend>,
) -> anyhow::Result<CompatSsoLogin<PostgresqlBackend>> { ) -> Result<CompatSsoLogin<PostgresqlBackend>, anyhow::Error> {
let (fulfilled_at, session) = match login.state { let (fulfilled_at, session) = match login.state {
CompatSsoLoginState::Fulfilled { CompatSsoLoginState::Fulfilled {
fulfilled_at, fulfilled_at,

2
crates/storage/src/oauth2/access_token.rs
View File

@ -38,7 +38,7 @@ pub async fn add_access_token(
session: &Session<PostgresqlBackend>, session: &Session<PostgresqlBackend>,
access_token: String, access_token: String,
expires_after: Duration, expires_after: Duration,
) -> anyhow::Result<AccessToken<PostgresqlBackend>> { ) -> Result<AccessToken<PostgresqlBackend>, anyhow::Error> {
let created_at = Utc::now(); let created_at = Utc::now();
let expires_at = created_at + expires_after; let expires_at = created_at + expires_after;
let id = Ulid::from_datetime(created_at.into()); let id = Ulid::from_datetime(created_at.into());

12
crates/storage/src/oauth2/authorization_grant.rs
View File

@ -54,7 +54,7 @@ pub async fn new_authorization_grant(
response_mode: ResponseMode, response_mode: ResponseMode,
response_type_id_token: bool, response_type_id_token: bool,
requires_consent: bool, requires_consent: bool,
) -> anyhow::Result<AuthorizationGrant<PostgresqlBackend>> { ) -> Result<AuthorizationGrant<PostgresqlBackend>, anyhow::Error> {
let code_challenge = code let code_challenge = code
.as_ref() .as_ref()
.and_then(|c| c.pkce.as_ref()) .and_then(|c| c.pkce.as_ref())
@ -359,7 +359,7 @@ impl GrantLookup {
pub async fn get_grant_by_id( pub async fn get_grant_by_id(
conn: &mut PgConnection, conn: &mut PgConnection,
id: Ulid, id: Ulid,
) -> anyhow::Result<AuthorizationGrant<PostgresqlBackend>> { ) -> Result<AuthorizationGrant<PostgresqlBackend>, anyhow::Error> {
// TODO: handle "not found" cases // TODO: handle "not found" cases
let res = sqlx::query_as!( let res = sqlx::query_as!(
GrantLookup, GrantLookup,
@ -427,7 +427,7 @@ pub async fn get_grant_by_id(
pub async fn lookup_grant_by_code( pub async fn lookup_grant_by_code(
conn: &mut PgConnection, conn: &mut PgConnection,
code: &str, code: &str,
) -> anyhow::Result<AuthorizationGrant<PostgresqlBackend>> { ) -> Result<AuthorizationGrant<PostgresqlBackend>, anyhow::Error> {
// TODO: handle "not found" cases // TODO: handle "not found" cases
let res = sqlx::query_as!( let res = sqlx::query_as!(
GrantLookup, GrantLookup,
@ -506,7 +506,7 @@ pub async fn derive_session(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
grant: &AuthorizationGrant<PostgresqlBackend>, grant: &AuthorizationGrant<PostgresqlBackend>,
browser_session: BrowserSession<PostgresqlBackend>, browser_session: BrowserSession<PostgresqlBackend>,
) -> anyhow::Result<Session<PostgresqlBackend>> { ) -> Result<Session<PostgresqlBackend>, anyhow::Error> {
let created_at = Utc::now(); let created_at = Utc::now();
let id = Ulid::from_datetime(created_at.into()); let id = Ulid::from_datetime(created_at.into());
tracing::Span::current().record("session.id", tracing::field::display(id)); tracing::Span::current().record("session.id", tracing::field::display(id));
@ -558,7 +558,7 @@ pub async fn fulfill_grant(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
mut grant: AuthorizationGrant<PostgresqlBackend>, mut grant: AuthorizationGrant<PostgresqlBackend>,
session: Session<PostgresqlBackend>, session: Session<PostgresqlBackend>,
) -> anyhow::Result<AuthorizationGrant<PostgresqlBackend>> { ) -> Result<AuthorizationGrant<PostgresqlBackend>, anyhow::Error> {
let fulfilled_at = sqlx::query_scalar!( let fulfilled_at = sqlx::query_scalar!(
r#" r#"
UPDATE oauth2_authorization_grants AS og UPDATE oauth2_authorization_grants AS og
@ -624,7 +624,7 @@ pub async fn give_consent_to_grant(
pub async fn exchange_grant( pub async fn exchange_grant(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
mut grant: AuthorizationGrant<PostgresqlBackend>, mut grant: AuthorizationGrant<PostgresqlBackend>,
) -> anyhow::Result<AuthorizationGrant<PostgresqlBackend>> { ) -> Result<AuthorizationGrant<PostgresqlBackend>, anyhow::Error> {
let exchanged_at = Utc::now(); let exchanged_at = Utc::now();
sqlx::query!( sqlx::query!(
r#" r#"

19
crates/storage/src/oauth2/client.rs
View File

@ -248,6 +248,11 @@ impl TryInto<Client<PostgresqlBackend>> for OAuth2ClientLookup {
} }
} }
#[tracing::instrument(
skip_all,
fields(client.id = %id),
err,
)]
pub async fn lookup_client( pub async fn lookup_client(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
id: Ulid, id: Ulid,
@ -291,6 +296,11 @@ pub async fn lookup_client(
Ok(client) Ok(client)
} }
#[tracing::instrument(
skip_all,
fields(client.id = client_id),
err,
)]
pub async fn lookup_client_by_client_id( pub async fn lookup_client_by_client_id(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
client_id: &str, client_id: &str,
@ -299,6 +309,11 @@ pub async fn lookup_client_by_client_id(
lookup_client(executor, id).await lookup_client(executor, id).await
} }
#[tracing::instrument(
skip_all,
fields(client.id = %client_id, client.name = client_name),
err,
)]
#[allow(clippy::too_many_arguments)] #[allow(clippy::too_many_arguments)]
pub async fn insert_client( pub async fn insert_client(
conn: &mut PgConnection, conn: &mut PgConnection,
@ -403,7 +418,7 @@ pub async fn insert_client_from_config(
jwks: Option<&PublicJsonWebKeySet>, jwks: Option<&PublicJsonWebKeySet>,
jwks_uri: Option<&Url>, jwks_uri: Option<&Url>,
redirect_uris: &[Url], redirect_uris: &[Url],
) -> anyhow::Result<()> { ) -> Result<(), anyhow::Error> {
let jwks = jwks.map(serde_json::to_value).transpose()?; let jwks = jwks.map(serde_json::to_value).transpose()?;
let jwks_uri = jwks_uri.map(Url::as_str); let jwks_uri = jwks_uri.map(Url::as_str);
@ -452,7 +467,7 @@ pub async fn insert_client_from_config(
Ok(()) Ok(())
} }
pub async fn truncate_clients(executor: impl PgExecutor<'_>) -> anyhow::Result<()> { pub async fn truncate_clients(executor: impl PgExecutor<'_>) -> Result<(), anyhow::Error> {
sqlx::query!("TRUNCATE oauth2_client_redirect_uris, oauth2_clients CASCADE") sqlx::query!("TRUNCATE oauth2_client_redirect_uris, oauth2_clients CASCADE")
.execute(executor) .execute(executor)
.await?; .await?;

21
crates/storage/src/oauth2/consent.rs
View File

@ -23,11 +23,19 @@ use uuid::Uuid;
use crate::PostgresqlBackend; use crate::PostgresqlBackend;
#[tracing::instrument(
skip_all,
fields(
user.id = %user.data,
client.id = %client.data,
),
err(Debug),
)]
pub async fn fetch_client_consent( pub async fn fetch_client_consent(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
user: &User<PostgresqlBackend>, user: &User<PostgresqlBackend>,
client: &Client<PostgresqlBackend>, client: &Client<PostgresqlBackend>,
) -> anyhow::Result<Scope> { ) -> Result<Scope, anyhow::Error> {
let scope_tokens: Vec<String> = sqlx::query_scalar!( let scope_tokens: Vec<String> = sqlx::query_scalar!(
r#" r#"
SELECT scope_token SELECT scope_token
@ -48,12 +56,21 @@ pub async fn fetch_client_consent(
Ok(scope?) Ok(scope?)
} }
#[tracing::instrument(
skip_all,
fields(
user.id = %user.data,
client.id = %client.data,
scope = scope.to_string(),
),
err(Debug),
)]
pub async fn insert_client_consent( pub async fn insert_client_consent(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
user: &User<PostgresqlBackend>, user: &User<PostgresqlBackend>,
client: &Client<PostgresqlBackend>, client: &Client<PostgresqlBackend>,
scope: &Scope, scope: &Scope,
) -> anyhow::Result<()> { ) -> Result<(), anyhow::Error> {
let now = Utc::now(); let now = Utc::now();
let (tokens, ids): (Vec<String>, Vec<Uuid>) = scope let (tokens, ids): (Vec<String>, Vec<Uuid>) = scope
.iter() .iter()

12
crates/storage/src/oauth2/mod.rs
View File

@ -25,10 +25,20 @@ pub mod client;
pub mod consent; pub mod consent;
pub mod refresh_token; pub mod refresh_token;
#[tracing::instrument(
skip_all,
fields(
session.id = %session.data,
user.id = %session.browser_session.user.data,
user_session.id = %session.browser_session.data,
client.id = %session.client.data,
),
err(Debug),
)]
pub async fn end_oauth_session( pub async fn end_oauth_session(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
session: Session<PostgresqlBackend>, session: Session<PostgresqlBackend>,
) -> anyhow::Result<()> { ) -> Result<(), anyhow::Error> {
let finished_at = Utc::now(); let finished_at = Utc::now();
let res = sqlx::query!( let res = sqlx::query!(
r#" r#"

22
crates/storage/src/oauth2/refresh_token.rs
View File

@ -25,6 +25,17 @@ use uuid::Uuid;
use super::client::{lookup_client, ClientFetchError}; use super::client::{lookup_client, ClientFetchError};
use crate::{DatabaseInconsistencyError, PostgresqlBackend}; use crate::{DatabaseInconsistencyError, PostgresqlBackend};
#[tracing::instrument(
skip_all,
fields(
session.id = %session.data,
user.id = %session.browser_session.user.data,
user_session.id = %session.browser_session.data,
client.id = %session.client.data,
refresh_token.id,
),
err(Debug),
)]
pub async fn add_refresh_token( pub async fn add_refresh_token(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
session: &Session<PostgresqlBackend>, session: &Session<PostgresqlBackend>,
@ -33,6 +44,7 @@ pub async fn add_refresh_token(
) -> anyhow::Result<RefreshToken<PostgresqlBackend>> { ) -> anyhow::Result<RefreshToken<PostgresqlBackend>> {
let created_at = Utc::now(); let created_at = Utc::now();
let id = Ulid::from_datetime(created_at.into()); let id = Ulid::from_datetime(created_at.into());
tracing::Span::current().record("refresh_token.id", tracing::field::display(id));
sqlx::query!( sqlx::query!(
r#" r#"
@ -98,6 +110,7 @@ impl RefreshTokenLookupError {
} }
} }
#[tracing::instrument(skip_all, err)]
#[allow(clippy::too_many_lines)] #[allow(clippy::too_many_lines)]
pub async fn lookup_active_refresh_token( pub async fn lookup_active_refresh_token(
conn: &mut PgConnection, conn: &mut PgConnection,
@ -241,10 +254,17 @@ pub async fn lookup_active_refresh_token(
Ok((refresh_token, session)) Ok((refresh_token, session))
} }
#[tracing::instrument(
skip_all,
fields(
refresh_token.id = %refresh_token.data,
),
err(Debug),
)]
pub async fn consume_refresh_token( pub async fn consume_refresh_token(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
refresh_token: &RefreshToken<PostgresqlBackend>, refresh_token: &RefreshToken<PostgresqlBackend>,
) -> anyhow::Result<()> { ) -> Result<(), anyhow::Error> {
let consumed_at = Utc::now(); let consumed_at = Utc::now();
let res = sqlx::query!( let res = sqlx::query!(
r#" r#"