auth
auth/profile_postgres.go
Implement postgres clientStore. Stop requiring the client ID be passed to clientStore.addEndpoints and context.AddEndpoints. The Endpoints themselves contain the client ID. When using the authd server, set the log flags to include the file path and line number. Add an ErrEndpointAlreadyExists error, to return when creating an endpoint and its ID already exists in the database. Add a Deleted property to Clients and remove the clientStore.deleteClient and context.DeleteClient methods. We're not going to actually remove that data, and we want to be able to restore it, so include it in the ClientChange type and call it using UpdateClient. Create a ClientChange.Empty helper method that will return whether the ClientChange has any changes to perform. Return ErrClientNotFound from clientStore.getClient if the Client's Deleted property is set to true. This also requires us to ignore ErrClientNotFound errors when calling memstore.listClientsByOwner, as they should just be skipped instead of returning an error. Add the postgres type methods needed to implement clientStore. Include postgres as a clientStore if the testing.Short() flag is not set. Generate a new ID for the Client on every run in the tests, now that we can't actually remove it from the database/memstore in code. We really just need a *Store.Reset() function that erases all the data and starts over again, to give the tests a clean execution environment (and so they can clean up after themselves). Add the CREATE TABLE statements for the Clients table and the Endpoints table to sql/postgres_init.sql.
1 package auth
3 import (
4 "time"
6 "code.secondbit.org/uuid.hg"
7 "github.com/lib/pq"
8 "github.com/secondbit/pan"
9 )
11 func (p Profile) GetSQLTableName() string {
12 return "profiles"
13 }
15 func (l Login) GetSQLTableName() string {
16 return "logins"
17 }
19 func (p *postgres) getProfileByIDSQL(id uuid.ID) *pan.Query {
20 var profile Profile
21 fields, _ := pan.GetFields(profile)
22 query := pan.New(pan.POSTGRES, "SELECT "+pan.QueryList(fields)+" FROM "+pan.GetTableName(profile))
23 query.IncludeWhere()
24 query.Include(pan.GetUnquotedColumn(profile, "ID")+" = ? AND "+pan.GetUnquotedColumn(profile, "Deleted")+" = ?", id, false)
25 return query.FlushExpressions(" ")
26 }
28 func (p *postgres) getProfileByID(id uuid.ID) (Profile, error) {
29 query := p.getProfileByIDSQL(id)
30 rows, err := p.db.Query(query.String(), query.Args...)
31 if err != nil {
32 return Profile{}, err
33 }
34 var profile Profile
35 var found bool
36 for rows.Next() {
37 err := pan.Unmarshal(rows, &profile)
38 if err != nil {
39 return Profile{}, err
40 }
41 found = true
42 }
43 if err := rows.Err(); err != nil {
44 return Profile{}, err
45 }
46 if !found {
47 return profile, ErrProfileNotFound
48 }
49 return profile, nil
50 }
52 func (p *postgres) getProfileByLoginSQL(value string) *pan.Query {
53 var profile Profile
54 var login Login
55 fields, _ := pan.GetUnquotedAbsoluteFields(profile)
56 query := pan.New(pan.POSTGRES, "SELECT "+pan.QueryList(fields)+" FROM "+pan.GetTableName(profile))
57 query.Include("INNER JOIN " + pan.GetTableName(login))
58 query.Include("ON " + pan.GetUnquotedAbsoluteColumn(profile, "ID") + " = " + pan.GetUnquotedAbsoluteColumn(login, "ProfileID"))
59 query.IncludeWhere()
60 query.Include(pan.GetUnquotedAbsoluteColumn(login, "Value")+" = ? AND "+pan.GetUnquotedAbsoluteColumn(profile, "Deleted")+" = ?", value, false)
61 return query.FlushExpressions(" ")
62 }
64 func (p *postgres) getProfileByLogin(value string) (Profile, error) {
65 query := p.getProfileByLoginSQL(value)
66 rows, err := p.db.Query(query.String(), query.Args...)
67 if err != nil {
68 return Profile{}, err
69 }
70 var profile Profile
71 var found bool
72 for rows.Next() {
73 err := pan.Unmarshal(rows, &profile)
74 if err != nil {
75 return Profile{}, err
76 }
77 found = true
78 }
79 if err := rows.Err(); err != nil {
80 return Profile{}, err
81 }
82 if !found {
83 return profile, ErrProfileNotFound
84 }
85 return profile, nil
86 }
88 func (p *postgres) saveProfileSQL(profile Profile) *pan.Query {
89 fields, values := pan.GetFields(profile)
90 query := pan.New(pan.POSTGRES, "INSERT INTO "+pan.GetTableName(profile))
91 query.Include("(" + pan.QueryList(fields) + ")")
92 query.Include("VALUES")
93 query.Include("("+pan.VariableList(len(values))+")", values...)
94 return query.FlushExpressions(" ")
95 }
97 func (p *postgres) saveProfile(profile Profile) error {
98 query := p.saveProfileSQL(profile)
99 _, err := p.db.Exec(query.String(), query.Args...)
100 if e, ok := err.(*pq.Error); ok && e.Constraint == "profiles_pkey" {
101 err = ErrProfileAlreadyExists
102 }
103 return err
104 }
106 func (p *postgres) updateProfileSQL(id uuid.ID, change ProfileChange) *pan.Query {
107 var profile Profile
108 query := pan.New(pan.POSTGRES, "UPDATE "+pan.GetTableName(profile)+" SET ")
109 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "Name")+" = ?", change.Name)
110 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "Passphrase")+" = ?", change.Passphrase)
111 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "Iterations")+" = ?", change.Iterations)
112 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "Salt")+" = ?", change.Salt)
113 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "PassphraseScheme")+" = ?", change.PassphraseScheme)
114 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "Compromised")+" = ?", change.Compromised)
115 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "LockedUntil")+" = ?", change.LockedUntil)
116 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "PassphraseReset")+" = ?", change.PassphraseReset)
117 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "PassphraseResetCreated")+" = ?", change.PassphraseResetCreated)
118 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "LastSeen")+" = ?", change.LastSeen)
119 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "Deleted")+" = ?", change.Deleted)
120 query.FlushExpressions(", ")
121 query.IncludeWhere()
122 query.Include(pan.GetUnquotedColumn(profile, "ID")+" = ?", id)
123 return query.FlushExpressions(" ")
124 }
126 func (p *postgres) updateProfile(id uuid.ID, change ProfileChange) error {
127 if change.Empty() {
128 return nil
129 }
130 query := p.updateProfileSQL(id, change)
131 _, err := p.db.Exec(query.String(), query.Args...)
132 return err
133 }
135 func (p *postgres) updateProfilesSQL(ids []uuid.ID, change BulkProfileChange) *pan.Query {
136 if change.Empty() {
137 return nil
138 }
139 var profile Profile
140 query := pan.New(pan.POSTGRES, "UPDATE "+pan.GetTableName(profile)+" SET ")
141 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "Compromised")+" = ?", change.Compromised)
142 query.FlushExpressions(", ")
143 query.IncludeWhere()
144 intids := make([]interface{}, len(ids))
145 for pos, id := range ids {
146 intids[pos] = id
147 }
148 query.Include(pan.GetUnquotedColumn(profile, "ID")+" IN ("+pan.VariableList(len(ids))+")", intids...)
149 return query.FlushExpressions(" ")
150 }
152 func (p *postgres) updateProfiles(ids []uuid.ID, change BulkProfileChange) error {
153 query := p.updateProfilesSQL(ids, change)
154 _, err := p.db.Exec(query.String(), query.Args...)
155 return err
156 }
158 func (p *postgres) addLoginSQL(login Login) *pan.Query {
159 fields, values := pan.GetFields(login)
160 query := pan.New(pan.POSTGRES, "INSERT INTO "+pan.GetTableName(login))
161 query.Include("(" + pan.QueryList(fields) + ")")
162 query.Include("VALUES")
163 query.Include("("+pan.VariableList(len(values))+")", values...)
164 return query.FlushExpressions(" ")
165 }
167 func (p *postgres) addLogin(login Login) error {
168 query := p.addLoginSQL(login)
169 _, err := p.db.Exec(query.String(), query.Args...)
170 if e, ok := err.(*pq.Error); ok && e.Constraint == "logins_pkey" {
171 return ErrLoginAlreadyExists
172 }
173 return err
174 }
176 func (p *postgres) removeLoginSQL(value string, profile uuid.ID) *pan.Query {
177 var login Login
178 query := pan.New(pan.POSTGRES, "DELETE FROM "+pan.GetTableName(login))
179 query.IncludeWhere()
180 query.Include(pan.GetUnquotedColumn(login, "Value")+" = ? AND "+pan.GetUnquotedColumn(login, "ProfileID")+" = ?", value, profile)
181 return query.FlushExpressions(" ")
182 }
184 func (p *postgres) removeLogin(value string, profile uuid.ID) error {
185 query := p.removeLoginSQL(value, profile)
186 res, err := p.db.Exec(query.String(), query.Args...)
187 if err != nil {
188 return err
189 }
190 rows, err := res.RowsAffected()
191 if err != nil {
192 return err
193 }
194 if rows == 0 {
195 return ErrLoginNotFound
196 }
197 return nil
198 }
200 func (p *postgres) recordLoginUseSQL(value string, when time.Time) *pan.Query {
201 var login Login
202 query := pan.New(pan.POSTGRES, "UPDATE "+pan.GetTableName(login)+" SET ")
203 query.Include(pan.GetUnquotedColumn(login, "LastUsed")+" = ?", when)
204 query.IncludeWhere()
205 query.Include(pan.GetUnquotedColumn(login, "Value")+" = ?", value)
206 return query.FlushExpressions(" ")
207 }
209 func (p *postgres) recordLoginUse(value string, when time.Time) error {
210 query := p.recordLoginUseSQL(value, when)
211 _, err := p.db.Exec(query.String(), query.Args...)
212 return err
213 }
215 func (p *postgres) listLoginsSQL(profile uuid.ID, num, offset int) *pan.Query {
216 var login Login
217 fields, _ := pan.GetFields(login)
218 query := pan.New(pan.POSTGRES, "SELECT "+pan.QueryList(fields)+" FROM "+pan.GetTableName(login))
219 query.IncludeWhere()
220 query.Include(pan.GetUnquotedColumn(login, "ProfileID")+" = ?", profile)
221 query.IncludeLimit(int64(num))
222 query.IncludeOffset(int64(offset))
223 return query.FlushExpressions(" ")
224 }
226 func (p *postgres) listLogins(profile uuid.ID, num, offset int) ([]Login, error) {
227 query := p.listLoginsSQL(profile, num, offset)
228 rows, err := p.db.Query(query.String(), query.Args...)
229 if err != nil {
230 return []Login{}, err
231 }
232 var logins []Login
233 for rows.Next() {
234 var login Login
235 err = pan.Unmarshal(rows, &login)
236 if err != nil {
237 return logins, err
238 }
239 logins = append(logins, login)
240 }
241 if err := rows.Err(); err != nil {
242 return logins, err
243 }
244 return logins, nil
245 }