refresh_tokens: add app inside each refresh token
This commit is contained in:
parent
2caf584cb7
commit
956f28f7e5
11 changed files with 109 additions and 75 deletions
|
|
@ -4,6 +4,7 @@ create table if not exists refresh_tokens
|
||||||
token TEXT not null primary key,
|
token TEXT not null primary key,
|
||||||
ip_address TEXT not null,
|
ip_address TEXT not null,
|
||||||
user TEXT not null references users (id),
|
user TEXT not null references users (id),
|
||||||
|
app TEXT not null references apps (id),
|
||||||
|
|
||||||
-- timings
|
-- timings
|
||||||
created_at TEXT not null default CURRENT_TIMESTAMP,
|
created_at TEXT not null default CURRENT_TIMESTAMP,
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@ select
|
||||||
token,
|
token,
|
||||||
ip_address,
|
ip_address,
|
||||||
user,
|
user,
|
||||||
|
app,
|
||||||
|
|
||||||
-- timings
|
-- timings
|
||||||
created_at as "created_at: DateTime<Utc>",
|
created_at as "created_at: DateTime<Utc>",
|
||||||
|
|
|
||||||
|
|
@ -1,2 +1,2 @@
|
||||||
insert into refresh_tokens (token, ip_address, user, expires_at)
|
insert into refresh_tokens (token, ip_address, user, app, expires_at)
|
||||||
values (?, ?, ?, datetime(?, 'unixepoch'))
|
values (?, ?, ?, ?, datetime(?, 'unixepoch'))
|
||||||
|
|
|
||||||
|
|
@ -100,6 +100,66 @@
|
||||||
},
|
},
|
||||||
"query": "update apps\n\nset secret = ?\n\nwhere id is ?"
|
"query": "update apps\n\nset secret = ?\n\nwhere id is ?"
|
||||||
},
|
},
|
||||||
|
"37681902a5f5d87492812a525a6488e75d20c1c436a3ba2c5aa3f54da62fe861": {
|
||||||
|
"describe": {
|
||||||
|
"columns": [
|
||||||
|
{
|
||||||
|
"name": "token",
|
||||||
|
"ordinal": 0,
|
||||||
|
"type_info": "Text"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "ip_address",
|
||||||
|
"ordinal": 1,
|
||||||
|
"type_info": "Text"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "user",
|
||||||
|
"ordinal": 2,
|
||||||
|
"type_info": "Text"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "app",
|
||||||
|
"ordinal": 3,
|
||||||
|
"type_info": "Text"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "created_at: DateTime<Utc>",
|
||||||
|
"ordinal": 4,
|
||||||
|
"type_info": "Text"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "expires_at: DateTime<Utc>",
|
||||||
|
"ordinal": 5,
|
||||||
|
"type_info": "Text"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "used_at: DateTime<Utc>",
|
||||||
|
"ordinal": 6,
|
||||||
|
"type_info": "Text"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "revoked_at: DateTime<Utc>",
|
||||||
|
"ordinal": 7,
|
||||||
|
"type_info": "Text"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"nullable": [
|
||||||
|
false,
|
||||||
|
false,
|
||||||
|
false,
|
||||||
|
false,
|
||||||
|
false,
|
||||||
|
false,
|
||||||
|
true,
|
||||||
|
true
|
||||||
|
],
|
||||||
|
"parameters": {
|
||||||
|
"Right": 1
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"query": "select\n -- info\n token,\n ip_address,\n user,\n app,\n\n -- timings\n created_at as \"created_at: DateTime<Utc>\",\n expires_at as \"expires_at: DateTime<Utc>\",\n used_at as \"used_at: DateTime<Utc>\",\n revoked_at as \"revoked_at: DateTime<Utc>\"\nfrom refresh_tokens\n\nwhere token is (?)"
|
||||||
|
},
|
||||||
"3c8e31ffa5cbfd4dded8a272777cb320fb51fd2e53ed25054d24e9801df0c358": {
|
"3c8e31ffa5cbfd4dded8a272777cb320fb51fd2e53ed25054d24e9801df0c358": {
|
||||||
"describe": {
|
"describe": {
|
||||||
"columns": [],
|
"columns": [],
|
||||||
|
|
@ -468,70 +528,6 @@
|
||||||
},
|
},
|
||||||
"query": "insert into authorization_codes (code, app, user, expires_at)\nvalues (?, ?, ?, datetime(?, 'unixepoch'))\n"
|
"query": "insert into authorization_codes (code, app, user, expires_at)\nvalues (?, ?, ?, datetime(?, 'unixepoch'))\n"
|
||||||
},
|
},
|
||||||
"a7405a0479b551ce8e3ea7451fd781214e049a0f12551146ace1e9a2f2f0c06d": {
|
|
||||||
"describe": {
|
|
||||||
"columns": [
|
|
||||||
{
|
|
||||||
"name": "token",
|
|
||||||
"ordinal": 0,
|
|
||||||
"type_info": "Text"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "ip_address",
|
|
||||||
"ordinal": 1,
|
|
||||||
"type_info": "Text"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "user",
|
|
||||||
"ordinal": 2,
|
|
||||||
"type_info": "Text"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "created_at: DateTime<Utc>",
|
|
||||||
"ordinal": 3,
|
|
||||||
"type_info": "Text"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "expires_at: DateTime<Utc>",
|
|
||||||
"ordinal": 4,
|
|
||||||
"type_info": "Text"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "used_at: DateTime<Utc>",
|
|
||||||
"ordinal": 5,
|
|
||||||
"type_info": "Text"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "revoked_at: DateTime<Utc>",
|
|
||||||
"ordinal": 6,
|
|
||||||
"type_info": "Text"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"nullable": [
|
|
||||||
false,
|
|
||||||
false,
|
|
||||||
false,
|
|
||||||
false,
|
|
||||||
false,
|
|
||||||
true,
|
|
||||||
true
|
|
||||||
],
|
|
||||||
"parameters": {
|
|
||||||
"Right": 1
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"query": "select\n -- info\n token,\n ip_address,\n user,\n\n -- timings\n created_at as \"created_at: DateTime<Utc>\",\n expires_at as \"expires_at: DateTime<Utc>\",\n used_at as \"used_at: DateTime<Utc>\",\n revoked_at as \"revoked_at: DateTime<Utc>\"\nfrom refresh_tokens\n\nwhere token is (?)"
|
|
||||||
},
|
|
||||||
"aa88eb27d38ba4cfb539e4b4d7a86770c24221109e8fcc188a7d38f41e674817": {
|
|
||||||
"describe": {
|
|
||||||
"columns": [],
|
|
||||||
"nullable": [],
|
|
||||||
"parameters": {
|
|
||||||
"Right": 4
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"query": "insert into refresh_tokens (token, ip_address, user, expires_at)\nvalues (?, ?, ?, datetime(?, 'unixepoch'))\n"
|
|
||||||
},
|
|
||||||
"aae93a39c5a9f46235b5ef871b45ba76d7efa1677bfe8291a62b8cbf9cd9e0d5": {
|
"aae93a39c5a9f46235b5ef871b45ba76d7efa1677bfe8291a62b8cbf9cd9e0d5": {
|
||||||
"describe": {
|
"describe": {
|
||||||
"columns": [],
|
"columns": [],
|
||||||
|
|
@ -542,6 +538,16 @@
|
||||||
},
|
},
|
||||||
"query": "update settings\n\nset first_admin = ?\n\nwhere id is 0\n"
|
"query": "update settings\n\nset first_admin = ?\n\nwhere id is 0\n"
|
||||||
},
|
},
|
||||||
|
"b3936ae237f02cc048ca084372f7975921c79aef8fcd6d15a4d63c10f2377d24": {
|
||||||
|
"describe": {
|
||||||
|
"columns": [],
|
||||||
|
"nullable": [],
|
||||||
|
"parameters": {
|
||||||
|
"Right": 5
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"query": "insert into refresh_tokens (token, ip_address, user, app, expires_at)\nvalues (?, ?, ?, ?, datetime(?, 'unixepoch'))\n"
|
||||||
|
},
|
||||||
"b652e67e8e1cd0e2b55c830c5569eb1c6caf73857215b4298265cce5c5462902": {
|
"b652e67e8e1cd0e2b55c830c5569eb1c6caf73857215b4298265cce5c5462902": {
|
||||||
"describe": {
|
"describe": {
|
||||||
"columns": [
|
"columns": [
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@ pub struct RefreshTokens {
|
||||||
pub token: String,
|
pub token: String,
|
||||||
pub ip_address: String,
|
pub ip_address: String,
|
||||||
pub user: String,
|
pub user: String,
|
||||||
|
pub app: String,
|
||||||
|
|
||||||
// Timings
|
// Timings
|
||||||
pub created_at: DateTime<Utc>,
|
pub created_at: DateTime<Utc>,
|
||||||
|
|
@ -23,6 +24,7 @@ impl RefreshTokens {
|
||||||
token: &str,
|
token: &str,
|
||||||
ip_address: &str,
|
ip_address: &str,
|
||||||
user: &str,
|
user: &str,
|
||||||
|
app: &str,
|
||||||
expires_at: i64,
|
expires_at: i64,
|
||||||
) -> Result<Option<()>, Error> {
|
) -> Result<Option<()>, Error> {
|
||||||
let query: SqliteQueryResult = sqlx::query_file!(
|
let query: SqliteQueryResult = sqlx::query_file!(
|
||||||
|
|
@ -30,6 +32,7 @@ impl RefreshTokens {
|
||||||
token,
|
token,
|
||||||
ip_address,
|
ip_address,
|
||||||
user,
|
user,
|
||||||
|
app,
|
||||||
expires_at
|
expires_at
|
||||||
)
|
)
|
||||||
.execute(conn)
|
.execute(conn)
|
||||||
|
|
|
||||||
|
|
@ -275,6 +275,7 @@ pub async fn use_refresh_token(
|
||||||
new_refresh_token.as_ref(),
|
new_refresh_token.as_ref(),
|
||||||
ip_address,
|
ip_address,
|
||||||
user.id(),
|
user.id(),
|
||||||
|
refresh_token.app(),
|
||||||
REFRESH_TOKEN_DURATION_DAYS,
|
REFRESH_TOKEN_DURATION_DAYS,
|
||||||
)
|
)
|
||||||
.await
|
.await
|
||||||
|
|
|
||||||
|
|
@ -120,9 +120,15 @@ pub async fn settings_security_form(
|
||||||
RefreshToken::revoke_all(&mut transaction).await?;
|
RefreshToken::revoke_all(&mut transaction).await?;
|
||||||
|
|
||||||
// Generate refresh token
|
// Generate refresh token
|
||||||
generate_refresh_token(&mut transaction, ip_address, user.id(), cookie_jar)
|
generate_refresh_token(
|
||||||
.await
|
&mut transaction,
|
||||||
.map_err(Error::internal_server_error)?;
|
ip_address,
|
||||||
|
user.id(),
|
||||||
|
app.id(),
|
||||||
|
cookie_jar,
|
||||||
|
)
|
||||||
|
.await
|
||||||
|
.map_err(Error::internal_server_error)?;
|
||||||
|
|
||||||
// Get base url
|
// Get base url
|
||||||
let settings = Settings::get(&mut transaction).await?;
|
let settings = Settings::get(&mut transaction).await?;
|
||||||
|
|
|
||||||
|
|
@ -79,9 +79,15 @@ pub async fn redirect_page(
|
||||||
// TODO: refactor for "code" route
|
// TODO: refactor for "code" route
|
||||||
|
|
||||||
// Generate refresh token
|
// Generate refresh token
|
||||||
generate_refresh_token(&mut transaction, ip_address, user.id(), cookie_jar)
|
generate_refresh_token(
|
||||||
.await
|
&mut transaction,
|
||||||
.map_err(Error::internal_server_error)?;
|
ip_address,
|
||||||
|
user.id(),
|
||||||
|
app.id(),
|
||||||
|
cookie_jar,
|
||||||
|
)
|
||||||
|
.await
|
||||||
|
.map_err(Error::internal_server_error)?;
|
||||||
|
|
||||||
// Get latest key from database
|
// Get latest key from database
|
||||||
let key = Key::get_most_recent(&mut transaction)
|
let key = Key::get_most_recent(&mut transaction)
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
use hash::SecretString;
|
use hash::SecretString;
|
||||||
use id::UserID;
|
use id::{AppID, UserID};
|
||||||
use jwt::{JwtClaims, PrivateKey};
|
use jwt::{JwtClaims, PrivateKey};
|
||||||
use refresh_tokens::RefreshToken;
|
use refresh_tokens::RefreshToken;
|
||||||
use rocket::http::{Cookie, CookieJar, SameSite};
|
use rocket::http::{Cookie, CookieJar, SameSite};
|
||||||
|
|
@ -16,6 +16,7 @@ pub async fn generate_refresh_token(
|
||||||
conn: impl SqliteExecutor<'_>,
|
conn: impl SqliteExecutor<'_>,
|
||||||
ip_address: IpAddr,
|
ip_address: IpAddr,
|
||||||
user_id: &UserID,
|
user_id: &UserID,
|
||||||
|
app_id: &AppID,
|
||||||
cookie_jar: &CookieJar<'_>,
|
cookie_jar: &CookieJar<'_>,
|
||||||
) -> Result<(), String> {
|
) -> Result<(), String> {
|
||||||
// Generate refresh token
|
// Generate refresh token
|
||||||
|
|
@ -29,6 +30,7 @@ pub async fn generate_refresh_token(
|
||||||
refresh_token.as_ref(),
|
refresh_token.as_ref(),
|
||||||
ip_address.to_string(),
|
ip_address.to_string(),
|
||||||
user_id,
|
user_id,
|
||||||
|
app_id,
|
||||||
REFRESH_TOKEN_DURATION_DAYS,
|
REFRESH_TOKEN_DURATION_DAYS,
|
||||||
)
|
)
|
||||||
.await
|
.await
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@ use crate::RefreshToken;
|
||||||
use chrono::{Duration, Utc};
|
use chrono::{Duration, Utc};
|
||||||
use database::sqlx::SqliteExecutor;
|
use database::sqlx::SqliteExecutor;
|
||||||
use database::RefreshTokens as DatabaseRefreshTokens;
|
use database::RefreshTokens as DatabaseRefreshTokens;
|
||||||
use id::UserID;
|
use id::{AppID, UserID};
|
||||||
|
|
||||||
impl From<DatabaseRefreshTokens> for RefreshToken {
|
impl From<DatabaseRefreshTokens> for RefreshToken {
|
||||||
fn from(db: DatabaseRefreshTokens) -> Self {
|
fn from(db: DatabaseRefreshTokens) -> Self {
|
||||||
|
|
@ -12,6 +12,7 @@ impl From<DatabaseRefreshTokens> for RefreshToken {
|
||||||
token: db.token,
|
token: db.token,
|
||||||
ip_address: db.ip_address,
|
ip_address: db.ip_address,
|
||||||
user: UserID(db.user),
|
user: UserID(db.user),
|
||||||
|
app: AppID(db.app),
|
||||||
|
|
||||||
// Timings
|
// Timings
|
||||||
created_at: db.created_at,
|
created_at: db.created_at,
|
||||||
|
|
@ -28,6 +29,7 @@ impl RefreshToken {
|
||||||
token: &str,
|
token: &str,
|
||||||
ip_address: String,
|
ip_address: String,
|
||||||
user: &UserID,
|
user: &UserID,
|
||||||
|
app: &AppID,
|
||||||
duration_days: i64,
|
duration_days: i64,
|
||||||
) -> Result<Option<()>, Error> {
|
) -> Result<Option<()>, Error> {
|
||||||
let expires_at = Utc::now() + Duration::days(duration_days);
|
let expires_at = Utc::now() + Duration::days(duration_days);
|
||||||
|
|
@ -37,6 +39,7 @@ impl RefreshToken {
|
||||||
token,
|
token,
|
||||||
ip_address.as_str(),
|
ip_address.as_str(),
|
||||||
user.as_ref(),
|
user.as_ref(),
|
||||||
|
app.as_ref(),
|
||||||
expires_at.timestamp(),
|
expires_at.timestamp(),
|
||||||
)
|
)
|
||||||
.await?)
|
.await?)
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@ mod database;
|
||||||
mod error;
|
mod error;
|
||||||
|
|
||||||
use chrono::{DateTime, Utc};
|
use chrono::{DateTime, Utc};
|
||||||
use id::UserID;
|
use id::{AppID, UserID};
|
||||||
|
|
||||||
pub use crate::error::Error;
|
pub use crate::error::Error;
|
||||||
|
|
||||||
|
|
@ -12,6 +12,7 @@ pub struct RefreshToken {
|
||||||
token: String,
|
token: String,
|
||||||
ip_address: String,
|
ip_address: String,
|
||||||
user: UserID,
|
user: UserID,
|
||||||
|
app: AppID,
|
||||||
|
|
||||||
// Timings
|
// Timings
|
||||||
created_at: DateTime<Utc>,
|
created_at: DateTime<Utc>,
|
||||||
|
|
@ -36,4 +37,8 @@ impl RefreshToken {
|
||||||
pub fn user(&self) -> &UserID {
|
pub fn user(&self) -> &UserID {
|
||||||
&self.user
|
&self.user
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn app(&self) -> &AppID {
|
||||||
|
&self.app
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue