thohlt/archtika
1
0
Fork 0
mirror of https://github.com/thiloho/archtika.git synced 2025-11-22 10:51:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add TypeScript definitions via pg-to-ts and refactor migrations

Browse Source
This commit is contained in:
thiloho
2024-09-10 17:29:57 +02:00
parent 8121be1d96
commit c5fbcdc8bd
50 changed files with 1525 additions and 1632 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
rest-api/db/migrations/20240720074103_user_management_roles_jwt.sql
View File

@@ -45,23 +45,21 @@ CREATE TRIGGER encrypt_pass
FOR EACH ROW
EXECUTE FUNCTION internal.encrypt_pass ();
CREATE FUNCTION internal.user_role (username TEXT, PASSWORD TEXT)
RETURNS NAME
AS $$
CREATE FUNCTION internal.user_role (username TEXT, pass TEXT, OUT role_name NAME)
AS $$
BEGIN
RETURN (
SELECT
ROLE
FROM
internal.user AS u
WHERE
u.username = user_role.username
AND u.password_hash = CRYPT(user_role.password, u.password_hash));
SELECT
ROLE INTO role_name
FROM
internal.user AS u
WHERE
u.username = user_role.username
AND u.password_hash = CRYPT(user_role.pass, u.password_hash);
END;
$$
LANGUAGE plpgsql;
CREATE FUNCTION api.register (username TEXT, PASSWORD TEXT, OUT user_id UUID)
CREATE FUNCTION api.register (username TEXT, pass TEXT, OUT user_id UUID)
AS $$
DECLARE
_username_length_min CONSTANT INT := 3;
@@ -69,52 +67,48 @@ DECLARE
_password_length_min CONSTANT INT := 12;
_password_length_max CONSTANT INT := 128;
BEGIN
IF LENGTH(register.username)
NOT BETWEEN _username_length_min AND _username_length_max THEN
RAISE string_data_length_mismatch
USING message = FORMAT('Username must be between %s and %s characters long', _username_length_min, _username_length_max);
END IF;
IF EXISTS (
SELECT
1
FROM
internal.user AS u
WHERE
u.username = register.username) THEN
CASE WHEN LENGTH(register.username)
NOT BETWEEN _username_length_min AND _username_length_max THEN
RAISE string_data_length_mismatch
USING message = FORMAT('Username must be between %s and %s characters long', _username_length_min, _username_length_max);
WHEN EXISTS (
SELECT
1
FROM
internal.user AS u
WHERE
u.username = register.username) THEN
RAISE unique_violation
USING message = 'Username is already taken';
END IF;
IF LENGTH(register.password)
NOT BETWEEN _password_length_min AND _password_length_max THEN
RAISE string_data_length_mismatch
USING message = FORMAT('Password must be between %s and %s characters long', _password_length_min, _password_length_max);
END IF;
IF register.password !~ '[a-z]' THEN
USING message = 'Username is already taken';
WHEN LENGTH(register.pass) NOT BETWEEN _password_length_min AND _password_length_max THEN
RAISE string_data_length_mismatch
USING message = FORMAT('Password must be between %s and %s characters long', _password_length_min, _password_length_max);
WHEN register.pass !~ '[a-z]' THEN
RAISE invalid_parameter_value
USING message = 'Password must contain at least one lowercase letter';
END IF;
IF register.password !~ '[A-Z]' THEN
RAISE invalid_parameter_value
USING message = 'Password must contain at least one uppercase letter';
END IF;
IF register.password !~ '[0-9]' THEN
RAISE invalid_parameter_value
USING message = 'Password must contain at least one number';
END IF;
IF register.password !~ '[!@#$%^&*(),.?":{}|<>]' THEN
RAISE invalid_parameter_value
USING message = 'Password must contain at least one special character';
END IF;
INSERT INTO internal.user (username, password_hash)
VALUES (register.username, register.password)
RETURNING
id INTO user_id;
END;
WHEN register.pass !~ '[A-Z]' THEN
RAISE invalid_parameter_value
USING message = 'Password must contain at least one uppercase letter';
WHEN register.pass !~ '[0-9]' THEN
RAISE invalid_parameter_value
USING message = 'Password must contain at least one number';
WHEN register.pass !~ '[!@#$%^&*(),.?":{}|<>]' THEN
RAISE invalid_parameter_value
USING message = 'Password must contain at least one special character';
ELSE
INSERT
INTO internal.user (username, password_hash)
VALUES (register.username, register.pass)
RETURNING
id INTO user_id;
END
CASE;
END;
$$
LANGUAGE plpgsql
SECURITY DEFINER;
CREATE FUNCTION api.login (username TEXT, PASSWORD TEXT, OUT token TEXT)
CREATE FUNCTION api.login (username TEXT, pass TEXT, OUT token TEXT)
AS $$
DECLARE
_role NAME;
@@ -122,7 +116,7 @@ DECLARE
_exp INTEGER;
BEGIN
SELECT
internal.user_role (login.username, login.password) INTO _role;
internal.user_role (login.username, login.pass) INTO _role;
IF _role IS NULL THEN
RAISE invalid_password
USING message = 'Invalid username or password';
@@ -141,14 +135,14 @@ $$
LANGUAGE plpgsql
SECURITY DEFINER;
CREATE FUNCTION api.delete_account (PASSWORD TEXT, OUT was_deleted BOOLEAN)
CREATE FUNCTION api.delete_account (pass TEXT, OUT was_deleted BOOLEAN)
AS $$
DECLARE
_username TEXT := CURRENT_SETTING('request.jwt.claims', TRUE)::JSON ->> 'username';
_role NAME;
BEGIN
SELECT
internal.user_role (_username, delete_account.password) INTO _role;
internal.user_role (_username, delete_account.pass) INTO _role;
IF _role IS NULL THEN
RAISE invalid_password
USING message = 'Invalid password';
@@ -165,7 +159,13 @@ GRANT EXECUTE ON FUNCTION api.register (TEXT, TEXT) TO anon;
GRANT EXECUTE ON FUNCTION api.login (TEXT, TEXT) TO anon;
GRANT EXECUTE ON FUNCTION api.delete_account (TEXT) TO authenticated_user;
-- migrate:down
DROP TRIGGER encrypt_pass ON internal.user;
DROP TRIGGER ensure_user_role_exists ON internal.user;
DROP FUNCTION api.register (TEXT, TEXT);
DROP FUNCTION api.login (TEXT, TEXT);
@@ -174,12 +174,8 @@ DROP FUNCTION api.delete_account (TEXT);
DROP FUNCTION internal.user_role (TEXT, TEXT);
DROP TRIGGER encrypt_pass ON internal.user;
DROP FUNCTION internal.encrypt_pass ();
DROP TRIGGER ensure_user_role_exists ON internal.user;
DROP FUNCTION internal.check_role_exists ();
DROP EXTENSION pgjwt;