From 1b149e770c87157293a8153789c9f1f8b209eb03 Mon Sep 17 00:00:00 2001 From: "J. King" Date: Thu, 12 Sep 2019 21:19:26 -0400 Subject: [PATCH] Add token data to database --- lib/Database.php | 9 +++++---- lib/REST/Microsub/Auth.php | 3 +++ sql/MySQL/5.sql | 9 +++++++++ sql/PostgreSQL/5.sql | 9 +++++++++ sql/SQLite3/5.sql | 10 ++++++++++ 5 files changed, 36 insertions(+), 4 deletions(-) create mode 100644 sql/MySQL/5.sql create mode 100644 sql/PostgreSQL/5.sql create mode 100644 sql/SQLite3/5.sql diff --git a/lib/Database.php b/lib/Database.php index 71febcc..97768a2 100644 --- a/lib/Database.php +++ b/lib/Database.php @@ -39,7 +39,7 @@ use JKingWeb\Arsse\Misc\URL; */ class Database { /** The version number of the latest schema the interface is aware of */ - const SCHEMA_VERSION = 5; + const SCHEMA_VERSION = 6; /** The size of a set of values beyond which the set will be embedded into the query text */ const LIMIT_SET_SIZE = 25; /** The length of a string in an embedded set beyond which a parameter placeholder will be used for the string */ @@ -404,8 +404,9 @@ class Database { * @param string $class The class of the token e.g. the protocol name * @param string|null $id The value of the token; if none is provided a UUID will be generated * @param \DateTimeInterface|null $expires An optional expiry date and time for the token + * @param string $data Application-specific data associated with a token */ - public function tokenCreate(string $user, string $class, string $id = null, \DateTimeInterface $expires = null): string { + public function tokenCreate(string $user, string $class, string $id = null, \DateTimeInterface $expires = null, string $data = null): string { // If the user isn't authorized to perform this action then throw an exception. if (!Arsse::$user->authorize($user, __FUNCTION__)) { throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); @@ -415,7 +416,7 @@ class Database { // generate a token if it's not provided $id = $id ?? UUID::mint()->hex; // save the token to the database - $this->db->prepare("INSERT INTO arsse_tokens(id,class,\"user\",expires) values(?,?,?,?)", "str", "str", "str", "datetime")->run($id, $class, $user, $expires); + $this->db->prepare("INSERT INTO arsse_tokens(id,class,\"user\",expires,data) values(?,?,?,?,?)", "str", "str", "str", "datetime", "str")->run($id, $class, $user, $expires, $data); // return the ID return $id; } @@ -441,7 +442,7 @@ class Database { /** Look up data associated with a token */ public function tokenLookup(string $class, string $id): array { - $out = $this->db->prepare("SELECT id,class,\"user\",created,expires from arsse_tokens where class = ? and id = ? and (expires is null or expires > CURRENT_TIMESTAMP)", "str", "str")->run($class, $id)->getRow(); + $out = $this->db->prepare("SELECT id,class,\"user\",created,expires,data from arsse_tokens where class = ? and id = ? and (expires is null or expires > CURRENT_TIMESTAMP)", "str", "str")->run($class, $id)->getRow(); if (!$out) { throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "token", 'id' => $id]); } diff --git a/lib/REST/Microsub/Auth.php b/lib/REST/Microsub/Auth.php index 4a85a11..6bda93e 100644 --- a/lib/REST/Microsub/Auth.php +++ b/lib/REST/Microsub/Auth.php @@ -89,4 +89,7 @@ class Auth extends \JKingWeb\Arsse\REST\AbstractHandler { } } } + + protected function doIssue(string $user, ServerRequestInterface $req): ResponseInterface { + } } diff --git a/sql/MySQL/5.sql b/sql/MySQL/5.sql new file mode 100644 index 0000000..e1cd871 --- /dev/null +++ b/sql/MySQL/5.sql @@ -0,0 +1,9 @@ +-- SPDX-License-Identifier: MIT +-- Copyright 2017 J. King, Dustin Wilson et al. +-- See LICENSE and AUTHORS files for details + +-- Please consult the SQLite 3 schemata for commented version + +alter table arsse_tokens add column data longtext default null; + +update arsse_meta set value = '6' where "key" = 'schema_version'; diff --git a/sql/PostgreSQL/5.sql b/sql/PostgreSQL/5.sql new file mode 100644 index 0000000..d552a06 --- /dev/null +++ b/sql/PostgreSQL/5.sql @@ -0,0 +1,9 @@ +-- SPDX-License-Identifier: MIT +-- Copyright 2017 J. King, Dustin Wilson et al. +-- See LICENSE and AUTHORS files for details + +-- Please consult the SQLite 3 schemata for commented version + +alter table arsse_tokens add column data text default null; + +update arsse_meta set value = '6' where "key" = 'schema_version'; diff --git a/sql/SQLite3/5.sql b/sql/SQLite3/5.sql new file mode 100644 index 0000000..54afcee --- /dev/null +++ b/sql/SQLite3/5.sql @@ -0,0 +1,10 @@ +-- SPDX-License-Identifier: MIT +-- Copyright 2017 J. King, Dustin Wilson et al. +-- See LICENSE and AUTHORS files for details + +-- add a column to the token table to hold arbitrary class-specific data +alter table arsse_tokens add column data text default null; + +-- set version marker +pragma user_version = 6; +update arsse_meta set value = '6' where "key" = 'schema_version';