summaryrefslogtreecommitdiff
path: root/db/rest/login
diff options
context:
space:
mode:
Diffstat (limited to 'db/rest/login')
-rw-r--r--db/rest/login/_api_sign_jwt.sql33
-rw-r--r--db/rest/login/_api_validate_role.sql30
-rw-r--r--db/rest/login/_api_verify_jwt.sql38
-rw-r--r--db/rest/login/api_login.sql41
4 files changed, 0 insertions, 142 deletions
diff --git a/db/rest/login/_api_sign_jwt.sql b/db/rest/login/_api_sign_jwt.sql
deleted file mode 100644
index dc8e920..0000000
--- a/db/rest/login/_api_sign_jwt.sql
+++ /dev/null
@@ -1,33 +0,0 @@
-CREATE FUNCTION _api.sign_jwt(
- _role TEXT,
- _user_id INTEGER
-)
-RETURNS sys.JWT
-LANGUAGE plpgsql VOLATILE
-AS $BODY$
-DECLARE
- _jwt_secret TEXT;
- _token sys.JWT;
-BEGIN
- SELECT jwt_secret INTO _jwt_secret
- FROM sys.database_info
- WHERE name = current_database();
-
- SELECT public.sign(
- row_to_json(r), _jwt_secret
- ) INTO _token
- FROM (
- SELECT
- _role AS role,
- _user_id AS user_id,
- extract(epoch FROM now())::integer + (60 * 60 * 24) AS exp
- ) r;
-
- RETURN _token;
-END
-$BODY$;
-
-GRANT EXECUTE ON FUNCTION _api.sign_jwt(TEXT, INTEGER)
- TO rest_anon, rest_user;
-GRANT SELECT ON TABLE sys.database_info
- TO rest_anon, rest_user;
diff --git a/db/rest/login/_api_validate_role.sql b/db/rest/login/_api_validate_role.sql
deleted file mode 100644
index 9f1e54f..0000000
--- a/db/rest/login/_api_validate_role.sql
+++ /dev/null
@@ -1,30 +0,0 @@
-CREATE FUNCTION _api.validate_role()
-RETURNS TRIGGER
-LANGUAGE plpgsql VOLATILE
-AS $BODY$
-BEGIN
- IF NOT EXISTS (
- SELECT TRUE
- FROM pg_catalog.pg_roles AS r
- WHERE r.rolname = NEW.role
- ) THEN
- PERFORM _api.raise(
- _err => 500
- );
- RETURN NULL;
- END IF;
-
- RETURN NEW;
-END
-$BODY$;
-
-CREATE CONSTRAINT TRIGGER api_validate_role_trgr
- AFTER INSERT OR UPDATE
- ON admin.user
- FOR EACH ROW
- EXECUTE PROCEDURE _api.validate_role();
-
-GRANT EXECUTE ON FUNCTION _api.validate_role()
- TO rest_anon, rest_user;
-GRANT SELECT ON TABLE pg_catalog.pg_roles
- TO rest_anon, rest_user;
diff --git a/db/rest/login/_api_verify_jwt.sql b/db/rest/login/_api_verify_jwt.sql
deleted file mode 100644
index f5a6daf..0000000
--- a/db/rest/login/_api_verify_jwt.sql
+++ /dev/null
@@ -1,38 +0,0 @@
-CREATE FUNCTION _api.verify_jwt(
- _token TEXT
-)
-RETURNS INTEGER
-LANGUAGE plpgsql VOLATILE
-AS $BODY$
-DECLARE
- _payload JSON;
- _valid BOOLEAN;
- _jwt_secret TEXT;
-BEGIN
- SELECT jwt_secret INTO _jwt_secret
- FROM sys.database_info
- WHERE name = current_database();
-
- SELECT payload, valid
- INTO _payload, _valid
- FROM public.verify(
- _token,
- _jwt_secret
- );
-
- IF NOT FOUND THEN
- RETURN NULL;
- END IF;
-
- IF _valid <> TRUE THEN
- RETURN NULL;
- END IF;
-
- RETURN _payload->>'user_id';
-END
-$BODY$;
-
-GRANT EXECUTE ON FUNCTION _api.verify_jwt(TEXT)
- TO rest_anon, rest_user;
-GRANT SELECT ON TABLE sys.database_info
- TO rest_anon, rest_user;
diff --git a/db/rest/login/api_login.sql b/db/rest/login/api_login.sql
deleted file mode 100644
index 0cf0535..0000000
--- a/db/rest/login/api_login.sql
+++ /dev/null
@@ -1,41 +0,0 @@
-CREATE FUNCTION api.login(
- username TEXT,
- password TEXT
-)
-RETURNS sys.JWT
-LANGUAGE plpgsql VOLATILE
-AS $BODY$
-DECLARE
- _role NAME;
- _user_id INTEGER;
- _token sys.JWT;
-BEGIN
- SELECT role INTO _role
- FROM admin.user u
- WHERE u.username = login.username
- AND u.password = login.password;
-
- IF _role IS NULL THEN
- PERFORM _api.raise(
- _msg => 'api_invalid_login'
- );
- RETURN NULL;
- END IF;
-
- SELECT id INTO _user_id
- FROM admin.user u
- WHERE u.username = login.username;
-
- _token = _api.sign_jwt(
- _role,
- _user_id
- );
-
- RETURN _token;
-END
-$BODY$;
-
-GRANT EXECUTE ON FUNCTION api.login(TEXT, TEXT)
- TO rest_anon, rest_user;
-GRANT SELECT ON TABLE admin.user
- TO rest_anon, rest_user;
generated by cgit v1.2.3-freya (git 2.51.1) at 2025-12-30 12:57:18 +0000