storj/satellite/satellitedb/dbx/oauth.dbx

// oauth_client stores information about known clients developed against stroj.
model oauth_client (
    key id

    index ( fields user_id )

    field id                blob
    field encrypted_secret  blob ( updatable ) // encrypted
    field redirect_url      text ( updatable )
    field user_id           blob
    field app_name          text ( updatable )
    field app_logo_url      text ( updatable )
)

create oauth_client (
	noreturn
)

read one (
    select oauth_client
    where oauth_client.id = ?
)

update oauth_client (
    where oauth_client.id = ?
    noreturn
)

delete oauth_client (
    where oauth_client.id = ?
)

// oauth_code are single use tokens that are handed off to the third party applications.
// they're exchanged for an access_token (and maybe a refresh_token).
// they can only be claimed once.
model oauth_code (
    key code

    index ( fields user_id )
    index ( fields client_id )

    field client_id     blob
    field user_id       blob
    field scope         text
    field redirect_url  text

    field challenge         text
    field challenge_method  text

    field code              text
    field created_at        timestamp
    field expires_at        timestamp
    field claimed_at        timestamp ( nullable, updatable )
)

create oauth_code (
	noreturn
)

read one (
    select oauth_code
    where oauth_code.code = ?
    where oauth_code.claimed_at = null
)

update oauth_code (
    where oauth_code.code       = ?
    where oauth_code.claimed_at = null
    noreturn
)

// oauth_token can be an access or refresh token
model oauth_token (
    key token

    index ( fields user_id )
    index ( fields client_id )

    field client_id     blob
    field user_id       blob
    field scope         text

    field kind          int     // access or refresh
    field token         blob    // encrypted macaroon
    field created_at    timestamp
    field expires_at    timestamp ( updatable )
)

create oauth_token (
	noreturn
)

read one (
    select oauth_token
    where oauth_token.kind = ?
    where oauth_token.token = ?
)

update oauth_token (
	where oauth_token.token = ?
	where oauth_token.kind = ?
	noreturn
)
satellite/satellitedb/dbx: split into multiple files The current satellitedb.dbx has grown quite big over time. Split the single file into multiple smaller ones. Change-Id: I8d6ca851b834ac60820aff565906f04aab661875 2023-01-06 16:27:42 +00:00			`// oauth_client stores information about known clients developed against stroj.`
			`model oauth_client (`
			`key id`

			`index ( fields user_id )`

			`field id blob`
			`field encrypted_secret blob ( updatable ) // encrypted`
			`field redirect_url text ( updatable )`
			`field user_id blob`
			`field app_name text ( updatable )`
			`field app_logo_url text ( updatable )`
			`)`

			`create oauth_client (`
			`noreturn`
			`)`

			`read one (`
			`select oauth_client`
			`where oauth_client.id = ?`
			`)`

			`update oauth_client (`
			`where oauth_client.id = ?`
			`noreturn`
			`)`

			`delete oauth_client (`
			`where oauth_client.id = ?`
			`)`

			`// oauth_code are single use tokens that are handed off to the third party applications.`
			`// they're exchanged for an access_token (and maybe a refresh_token).`
			`// they can only be claimed once.`
			`model oauth_code (`
			`key code`

			`index ( fields user_id )`
			`index ( fields client_id )`

			`field client_id blob`
			`field user_id blob`
			`field scope text`
			`field redirect_url text`

			`field challenge text`
			`field challenge_method text`

			`field code text`
			`field created_at timestamp`
			`field expires_at timestamp`
			`field claimed_at timestamp ( nullable, updatable )`
			`)`

			`create oauth_code (`
			`noreturn`
			`)`

			`read one (`
			`select oauth_code`
			`where oauth_code.code = ?`
			`where oauth_code.claimed_at = null`
			`)`

			`update oauth_code (`
			`where oauth_code.code = ?`
			`where oauth_code.claimed_at = null`
			`noreturn`
			`)`

			`// oauth_token can be an access or refresh token`
			`model oauth_token (`
			`key token`

			`index ( fields user_id )`
			`index ( fields client_id )`

			`field client_id blob`
			`field user_id blob`
			`field scope text`

			`field kind int // access or refresh`
			`field token blob // encrypted macaroon`
			`field created_at timestamp`
			`field expires_at timestamp ( updatable )`
			`)`

			`create oauth_token (`
			`noreturn`
			`)`

			`read one (`
			`select oauth_token`
			`where oauth_token.kind = ?`
			`where oauth_token.token = ?`
			`)`

			`update oauth_token (`
			`where oauth_token.token = ?`
			`where oauth_token.kind = ?`
			`noreturn`
			`)`