[feature] Refactor tokens, allow multiple app redirect_uris (#3849)

* [feature] Refactor tokens, allow multiple app redirect_uris * move + tweak handlers a bit * return error for unset oauth2.ClientStore funcs * wrap UpdateToken with cache * panic handling * cheeky little time optimization * unlock on error
2025-11-18 10:27:30 -06:00 · 2025-03-03 16:03:36 +01:00 · 2025-03-03 16:03:36 +01:00 · 1b37944f8b
commit 1b37944f8b
parent c80810eae8
77 changed files with 963 additions and 594 deletions
--- a/internal/gtsmodel/token.go
+++ b/internal/gtsmodel/token.go
@ -22,22 +22,21 @@ import "time"
 // Token is a translation of the gotosocial token
 // with the ExpiresIn fields replaced with ExpiresAt.
 type Token struct {
-	ID                  string    `bun:"type:CHAR(26),pk,nullzero,notnull,unique"`                    // id of this item in the database
-	CreatedAt           time.Time `bun:"type:timestamptz,nullzero,notnull,default:current_timestamp"` // when was item created
-	UpdatedAt           time.Time `bun:"type:timestamptz,nullzero,notnull,default:current_timestamp"` // when was item last updated
-	ClientID            string    `bun:"type:CHAR(26),nullzero,notnull"`                              // ID of the client who owns this token
-	UserID              string    `bun:"type:CHAR(26),nullzero"`                                      // ID of the user who owns this token
-	RedirectURI         string    `bun:",nullzero,notnull"`                                           // Oauth redirect URI for this token
-	Scope               string    `bun:",notnull"`                                                    // Oauth scope
-	Code                string    `bun:",pk,nullzero,notnull,default:''"`                             // Code, if present
-	CodeChallenge       string    `bun:",nullzero"`                                                   // Code challenge, if code present
-	CodeChallengeMethod string    `bun:",nullzero"`                                                   // Code challenge method, if code present
-	CodeCreateAt        time.Time `bun:"type:timestamptz,nullzero"`                                   // Code created time, if code present
-	CodeExpiresAt       time.Time `bun:"type:timestamptz,nullzero"`                                   // Code expires at -- null means the code never expires
-	Access              string    `bun:",pk,nullzero,notnull,default:''"`                             // User level access token, if present
-	AccessCreateAt      time.Time `bun:"type:timestamptz,nullzero"`                                   // User level access token created time, if access present
-	AccessExpiresAt     time.Time `bun:"type:timestamptz,nullzero"`                                   // User level access token expires at -- null means the token never expires
-	Refresh             string    `bun:",pk,nullzero,notnull,default:''"`                             // Refresh token, if present
-	RefreshCreateAt     time.Time `bun:"type:timestamptz,nullzero"`                                   // Refresh created at, if refresh present
-	RefreshExpiresAt    time.Time `bun:"type:timestamptz,nullzero"`                                   // Refresh expires at -- null means the refresh token never expires
+	ID                  string    `bun:"type:CHAR(26),pk,nullzero,notnull,unique"` // id of this item in the database
+	LastUsed            time.Time `bun:"type:timestamptz,nullzero"`                // approximate time when this token was last used
+	ClientID            string    `bun:"type:CHAR(26),nullzero,notnull"`           // ID of the client who owns this token
+	UserID              string    `bun:"type:CHAR(26),nullzero"`                   // ID of the user who owns this token
+	RedirectURI         string    `bun:",nullzero,notnull"`                        // Oauth redirect URI for this token
+	Scope               string    `bun:",nullzero,notnull,default:'read'"`         // Oauth scope                                // Oauth scope
+	Code                string    `bun:",pk,nullzero,notnull,default:''"`          // Code, if present
+	CodeChallenge       string    `bun:",nullzero"`                                // Code challenge, if code present
+	CodeChallengeMethod string    `bun:",nullzero"`                                // Code challenge method, if code present
+	CodeCreateAt        time.Time `bun:"type:timestamptz,nullzero"`                // Code created time, if code present
+	CodeExpiresAt       time.Time `bun:"type:timestamptz,nullzero"`                // Code expires at -- null means the code never expires
+	Access              string    `bun:",pk,nullzero,notnull,default:''"`          // User level access token, if present
+	AccessCreateAt      time.Time `bun:"type:timestamptz,nullzero"`                // User level access token created time, if access present
+	AccessExpiresAt     time.Time `bun:"type:timestamptz,nullzero"`                // User level access token expires at -- null means the token never expires
+	Refresh             string    `bun:",pk,nullzero,notnull,default:''"`          // Refresh token, if present
+	RefreshCreateAt     time.Time `bun:"type:timestamptz,nullzero"`                // Refresh created at, if refresh present
+	RefreshExpiresAt    time.Time `bun:"type:timestamptz,nullzero"`                // Refresh expires at -- null means the refresh token never expires
 }