storj/satellite/satellitedb/dbx/oauth.dbx

103 lines
2.1 KiB
Plaintext
Raw Normal View History

// oauth_client stores information about known clients developed against stroj.
model oauth_client (
key id
index ( fields user_id )
field id blob
field encrypted_secret blob ( updatable ) // encrypted
field redirect_url text ( updatable )
field user_id blob
field app_name text ( updatable )
field app_logo_url text ( updatable )
)
create oauth_client (
noreturn
)
read one (
select oauth_client
where oauth_client.id = ?
)
update oauth_client (
where oauth_client.id = ?
noreturn
)
delete oauth_client (
where oauth_client.id = ?
)
// oauth_code are single use tokens that are handed off to the third party applications.
// they're exchanged for an access_token (and maybe a refresh_token).
// they can only be claimed once.
model oauth_code (
key code
index ( fields user_id )
index ( fields client_id )
field client_id blob
field user_id blob
field scope text
field redirect_url text
field challenge text
field challenge_method text
field code text
field created_at timestamp
field expires_at timestamp
field claimed_at timestamp ( nullable, updatable )
)
create oauth_code (
noreturn
)
read one (
select oauth_code
where oauth_code.code = ?
where oauth_code.claimed_at = null
)
update oauth_code (
where oauth_code.code = ?
where oauth_code.claimed_at = null
noreturn
)
// oauth_token can be an access or refresh token
model oauth_token (
key token
index ( fields user_id )
index ( fields client_id )
field client_id blob
field user_id blob
field scope text
field kind int // access or refresh
field token blob // encrypted macaroon
field created_at timestamp
field expires_at timestamp ( updatable )
)
create oauth_token (
noreturn
)
read one (
select oauth_token
where oauth_token.kind = ?
where oauth_token.token = ?
)
update oauth_token (
where oauth_token.token = ?
where oauth_token.kind = ?
noreturn
)