Database refactoring

2025-11-20 12:02:22 +03:00 · 2022-10-21 11:25:38 +02:00
parent 0571c36da9
commit e2142f9cd4
79 changed files with 3070 additions and 3833 deletions
--- a/crates/handlers/src/oauth2/authorization/complete.rs
+++ b/crates/handlers/src/oauth2/authorization/complete.rs
@@ -38,6 +38,7 @@ use mas_templates::Templates;
 use oauth2_types::requests::{AccessTokenResponse, AuthorizationResponse};
 use sqlx::{PgPool, Postgres, Transaction};
 use thiserror::Error;
+use ulid::Ulid;

 use super::callback::{
    CallbackDestination, CallbackDestinationError, IntoCallbackDestinationError,
@@ -109,7 +110,7 @@ pub(crate) async fn get(
    State(templates): State<Templates>,
    State(pool): State<PgPool>,
    cookie_jar: PrivateCookieJar<Encrypter>,
-    Path(grant_id): Path<i64>,
+    Path(grant_id): Path<Ulid>,
 ) -> Result<Response, RouteError> {
    let mut txn = pool.begin().await?;

--- a/crates/handlers/src/oauth2/consent.rs
+++ b/crates/handlers/src/oauth2/consent.rs
@@ -36,6 +36,7 @@ use mas_storage::oauth2::{
 use mas_templates::{ConsentContext, PolicyViolationContext, TemplateContext, Templates};
 use sqlx::PgPool;
 use thiserror::Error;
+use ulid::Ulid;

 #[derive(Debug, Error)]
 pub enum RouteError {
@@ -54,7 +55,7 @@ pub(crate) async fn get(
    State(templates): State<Templates>,
    State(pool): State<PgPool>,
    cookie_jar: PrivateCookieJar<Encrypter>,
-    Path(grant_id): Path<i64>,
+    Path(grant_id): Path<Ulid>,
 ) -> Result<Response, RouteError> {
    let mut conn = pool
        .acquire()
@@ -115,7 +116,7 @@ pub(crate) async fn post(
    State(policy_factory): State<Arc<PolicyFactory>>,
    State(pool): State<PgPool>,
    cookie_jar: PrivateCookieJar<Encrypter>,
-    Path(grant_id): Path<i64>,
+    Path(grant_id): Path<Ulid>,
    Form(form): Form<ProtectedForm<()>>,
 ) -> Result<Response, RouteError> {
    let mut txn = pool
--- a/crates/handlers/src/oauth2/registration.rs
+++ b/crates/handlers/src/oauth2/registration.rs
@@ -24,10 +24,10 @@ use oauth2_types::{
        ClientMetadata, ClientMetadataVerificationError, ClientRegistrationResponse, Localized,
    },
 };
-use rand::{distributions::Alphanumeric, thread_rng, Rng};
 use sqlx::PgPool;
 use thiserror::Error;
 use tracing::info;
+use ulid::Ulid;

 #[derive(Debug, Error)]
 pub(crate) enum RouteError {
@@ -127,18 +127,14 @@ pub(crate) async fn post(
    let mut txn = pool.begin().await?;

    // Let's generate a random client ID
-    let client_id: String = thread_rng()
-        .sample_iter(&Alphanumeric)
-        .take(10)
-        .map(char::from)
-        .collect();
+    let client_id = Ulid::new();

    insert_client(
        &mut txn,
-        &client_id,
+        client_id,
        metadata.redirect_uris(),
        None,
-        &metadata.response_types(),
+        //&metadata.response_types(),
        metadata.grant_types(),
        contacts,
        metadata
@@ -162,7 +158,7 @@ pub(crate) async fn post(
    txn.commit().await?;

    let response = ClientRegistrationResponse {
-        client_id,
+        client_id: client_id.to_string(),
        client_secret: None,
        client_id_issued_at: None,
        client_secret_expires_at: None,
--- a/crates/handlers/src/oauth2/token.rs
+++ b/crates/handlers/src/oauth2/token.rs
@@ -36,7 +36,7 @@ use mas_storage::{
        client::ClientFetchError,
        end_oauth_session,
        refresh_token::{
-            add_refresh_token, lookup_active_refresh_token, replace_refresh_token,
+            add_refresh_token, consume_refresh_token, lookup_active_refresh_token,
            RefreshTokenLookupError,
        },
    },
@@ -311,10 +311,10 @@ async fn authorization_code_grant(
        )
    };

-    let access_token = add_access_token(&mut txn, session, &access_token_str, ttl).await?;
+    let access_token = add_access_token(&mut txn, session, access_token_str.clone(), ttl).await?;

    let _refresh_token =
-        add_refresh_token(&mut txn, session, access_token, &refresh_token_str).await?;
+        add_refresh_token(&mut txn, session, access_token, refresh_token_str.clone()).await?;

    let id_token = if session.scope.contains(&scope::OPENID) {
        let mut claims = HashMap::new();
@@ -391,20 +391,21 @@ async fn refresh_token_grant(
        )
    };

-    let new_access_token = add_access_token(&mut txn, &session, &access_token_str, ttl).await?;
+    let new_access_token =
+        add_access_token(&mut txn, &session, access_token_str.clone(), ttl).await?;

    let new_refresh_token =
-        add_refresh_token(&mut txn, &session, new_access_token, &refresh_token_str).await?;
+        add_refresh_token(&mut txn, &session, new_access_token, refresh_token_str).await?;

-    replace_refresh_token(&mut txn, &refresh_token, &new_refresh_token).await?;
+    consume_refresh_token(&mut txn, &refresh_token).await?;

    if let Some(access_token) = refresh_token.access_token {
-        revoke_access_token(&mut txn, &access_token).await?;
+        revoke_access_token(&mut txn, access_token).await?;
    }

    let params = AccessTokenResponse::new(access_token_str)
        .with_expires_in(ttl)
-        .with_refresh_token(refresh_token_str)
+        .with_refresh_token(new_refresh_token.refresh_token)
        .with_scope(session.scope);

    txn.commit().await?;