Merge pull request #994 from ellemouton/sql21Sessions13

[sql-21] sessions: SQL schemas & queries

Author: ellemouton

db/migrations.go

@@ -22,7 +22,7 @@ const (
 	// daemon.
 	//
 	// NOTE: This MUST be updated when a new migration is added.
-	LatestMigrationVersion = 1
+	LatestMigrationVersion = 2
 )
 
 // MigrationTarget is a functional option that can be passed to applyMigrations

db/sqlc/migrations/000002_sessions.down.sql

@@ -0,0 +1,12 @@
+DROP INDEX IF EXISTS sessions_type_idx;
+DROP INDEX IF EXISTS sessions_group_id_idx;
+DROP INDEX IF EXISTS session_feature_configs_unique;
+DROP INDEX IF EXISTS session_priv_flags_unique;
+DROP INDEX IF EXISTS session_mac_perms_idx;
+DROP INDEX IF EXISTS sessions_mac_caveats_idx;
+DROP INDEX IF EXISTS sessions_state_idx;
+DROP TABLE IF EXISTS session_macaroon_permissions;
+DROP TABLE IF EXISTS session_macaroon_caveats;
+DROP TABLE IF EXISTS session_feature_configs;
+DROP TABLE IF EXISTS session_privacy_flags;
+DROP TABLE IF EXISTS sessions;

db/sqlc/migrations/000002_sessions.up.sql

@@ -0,0 +1,144 @@
+-- The sessions table contains LNC session related information.
+CREATE TABLE IF NOT EXISTS sessions (
+    -- The auto incrementing primary key.
+    id INTEGER PRIMARY KEY,
+
+    -- The ID that was used to identify the session in the legacy KVDB store.
+    -- This is derived directly from the local_public_key. In order to avoid
+    -- breaking the API, we keep this field here so that we can still look up
+    -- sessions by this ID.
+    alias BLOB NOT NULL UNIQUE,
+
+    -- The session's given label.
+    label TEXT NOT NULL,
+
+    -- The session's current state.
+    state SMALLINT NOT NULL,
+
+    -- The session type.
+    type SMALLINT NOT NULL,
+
+    -- expiry is the time that the session will expire.
+    expiry TIMESTAMP NOT NULL,
+
+    -- The session's creation time.
+    created_at TIMESTAMP NOT NULL,
+
+    -- The time at which the session was revoked.
+    revoked_at TIMESTAMP,
+
+    -- The mailbox server address.
+    server_address TEXT NOT NULL,
+
+    -- Whether the connection to the server should not use TLS.
+    dev_server BOOLEAN NOT NULL,
+
+    -- The root key ID to use when baking a macaroon for this session.
+    macaroon_root_key BIGINT NOT NULL,
+
+    -- The passphrase entropy to use when deriving the mnemonic for this LNC
+    -- session.
+    pairing_secret BLOB NOT NULL,
+
+    -- The private key of the long term local static key for this LNC session.
+    local_private_key BLOB NOT NULL,
+
+    -- The public key of the long term local static key for this LNC session.
+    -- This is derivable from the local_private_key but is stored here since
+    -- the local public key was used to identify a session when the DB was KVDB
+    -- based and so to keep the API consistent, we store it here so that we can
+    -- still look up sessions by this public key.
+    local_public_key BLOB NOT NULL UNIQUE,
+
+    -- The public key of the long term remote static key for this LNC session.
+    remote_public_key BLOB,
+
+    -- Whether the privacy mapper should be used for this session.
+    privacy BOOLEAN NOT NULL,
+
+    -- An optional account ID that this session is linked to.
+    account_id BIGINT REFERENCES accounts(id) ON DELETE CASCADE,
+
+    -- The session ID of the first session in this linked session group. This
+    -- is nullable for the case where the first session in the group is being
+    -- inserted, and so we first need to insert the session before we know the
+    -- ID to use for the group ID.
+    group_id BIGINT REFERENCES sessions(id) ON DELETE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS sessions_type_idx ON sessions(type);
+CREATE INDEX IF NOT EXISTS sessions_state_idx ON sessions(state);
+CREATE INDEX IF NOT EXISTS sessions_group_id_idx ON sessions(group_id);
+
+-- The session_macaroon_permissions table contains the macaroon permissions
+-- that are associated with a session.
+CREATE TABLE IF NOT EXISTS session_macaroon_permissions (
+    -- The auto incrementing primary key.
+    id INTEGER PRIMARY KEY,
+
+    -- The ID of the session in the sessions table that this permission is
+    -- associated with.
+    session_id BIGINT NOT NULL REFERENCES sessions(id) ON DELETE CASCADE,
+
+    -- The entity that this permission is for.
+    entity TEXT NOT NULL,
+
+    -- The action that this permission is for.
+    action TEXT NOT NULL
+);
+CREATE INDEX IF NOT EXISTS sessions_mac_perms_idx ON session_macaroon_permissions(session_id);
+
+-- The session_macaroon_caveats table contains the macaroon caveats that are
+-- associated with a session.
+CREATE TABLE IF NOT EXISTS session_macaroon_caveats (
+    -- The auto incrementing primary key.
+    id INTEGER PRIMARY KEY,
+
+    -- The ID of the session in the sessions table that this caveat is
+    -- associated with.
+    session_id BIGINT NOT NULL REFERENCES sessions(id) ON DELETE CASCADE,
+
+    -- The caveat ID.
+    caveat_id BLOB NOT NULL,
+
+    -- The verification ID. If this is not-null, it's a third party caveat.
+    verification_id BLOB,
+
+    -- The location hint for third party caveats.
+    location TEXT
+);
+
+CREATE INDEX IF NOT EXISTS sessions_mac_caveats_idx ON session_macaroon_caveats(session_id);
+
+-- The session_feature_configs table contains the feature configs that are
+-- associated with a session.
+CREATE TABLE IF NOT EXISTS session_feature_configs (
+    -- The ID of the session in the sessions table that this feature config is
+    -- associated with.
+    session_id BIGINT NOT NULL REFERENCES sessions(id) ON DELETE CASCADE,
+
+    -- The feature name.
+    feature_name TEXT NOT NULL,
+
+    -- The feature config blob.
+    config BLOB
+);
+
+CREATE UNIQUE INDEX session_feature_configs_unique ON session_feature_configs (
+    session_id, feature_name
+);
+
+-- The session_privacy_flags table contains the privacy flags that are
+-- associated with a session.
+CREATE TABLE IF NOT EXISTS session_privacy_flags (
+    -- The ID of the session in the sessions table that this privacy bit is
+    -- associated with.
+    session_id BIGINT NOT NULL REFERENCES sessions(id) ON DELETE CASCADE,
+
+    -- The privacy flag bit.
+    flag INTEGER NOT NULL
+);
+
+CREATE UNIQUE INDEX session_priv_flags_unique ON session_privacy_flags (
+    session_id, flag
+);

db/sqlc/models.go

@@ -0,0 +1,120 @@
+-- name: InsertSession :one
+INSERT INTO sessions (
+    alias, label, state, type, expiry, created_at,
+    server_address, dev_server, macaroon_root_key, pairing_secret,
+    local_private_key, local_public_key, remote_public_key, privacy, group_id, account_id
+) VALUES (
+    $1, $2, $3, $4, $5, $6, $7,
+    $8, $9, $10, $11, $12,
+    $13, $14, $15, $16
+) RETURNING id;
+
+-- name: SetSessionGroupID :exec
+UPDATE sessions
+SET group_id = $1
+WHERE id = $2;
+
+-- name: DeleteSessionsWithState :exec
+DELETE FROM sessions
+WHERE state = $1;
+
+-- name: GetSessionByLocalPublicKey :one
+SELECT * FROM sessions
+WHERE local_public_key = $1;
+
+-- name: GetSessionsInGroup :many
+SELECT * FROM sessions
+WHERE group_id = $1;
+
+-- name: GetSessionAliasesInGroup :many
+SELECT alias FROM sessions
+WHERE group_id = $1;
+
+-- name: GetSessionByID :one
+SELECT * FROM sessions
+WHERE id = $1;
+
+-- name: GetSessionIDByAlias :one
+SELECT id FROM sessions
+WHERE alias = $1;
+
+-- name: GetAliasBySessionID :one
+SELECT alias FROM sessions
+WHERE id = $1;
+
+-- name: GetSessionByAlias :one
+SELECT * FROM sessions
+WHERE alias = $1;
+
+-- name: ListSessions :many
+SELECT * FROM sessions
+ORDER BY created_at;
+
+-- name: ListSessionsByType :many
+SELECT * FROM sessions
+WHERE type = $1
+ORDER BY created_at;
+
+-- name: ListSessionsByState :many
+SELECT * FROM sessions
+WHERE state = $1
+ORDER BY created_at;
+
+-- name: SetSessionRevokedAt :exec
+UPDATE sessions
+SET revoked_at = $1
+WHERE id = $2;
+
+-- name: UpdateSessionState :exec
+UPDATE sessions
+SET state = $1
+WHERE id = $2;
+
+-- name: SetSessionRemotePublicKey :exec
+UPDATE sessions
+SET remote_public_key = $1
+WHERE id = $2;
+
+-- name: InsertSessionMacaroonPermission :exec
+INSERT INTO session_macaroon_permissions (
+    session_id, entity, action
+) VALUES (
+    $1, $2, $3
+);
+
+-- name: GetSessionMacaroonPermissions :many
+SELECT * FROM session_macaroon_permissions
+WHERE session_id = $1;
+
+-- name: InsertSessionMacaroonCaveat :exec
+INSERT INTO session_macaroon_caveats (
+    session_id, caveat_id, verification_id, location
+) VALUES (
+    $1, $2, $3, $4
+);
+
+-- name: GetSessionMacaroonCaveats :many
+SELECT * FROM session_macaroon_caveats
+WHERE session_id = $1;
+
+-- name: InsertSessionFeatureConfig :exec
+INSERT INTO session_feature_configs (
+    session_id, feature_name, config
+) VALUES (
+    $1, $2, $3
+);
+
+-- name: GetSessionFeatureConfigs :many
+SELECT * FROM session_feature_configs
+WHERE session_id = $1;
+
+-- name: InsertSessionPrivacyFlag :exec
+INSERT INTO session_privacy_flags (
+    session_id, flag
+) VALUES (
+    $1, $2
+);
+
+-- name: GetSessionPrivacyFlags :many
+SELECT * FROM session_privacy_flags
+WHERE session_id = $1;