authelia/internal/storage/migrations/V0006.ConsentPreConfigurati...

206 lines
9.5 KiB
MySQL
Raw Permalink Normal View History

CREATE TABLE IF NOT EXISTS oauth2_consent_preconfiguration (
id SERIAL CONSTRAINT oauth2_consent_preconfiguration_pkey PRIMARY KEY,
client_id VARCHAR(255) NOT NULL,
subject CHAR(36) NOT NULL,
created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP,
expires_at TIMESTAMP WITH TIME ZONE NULL DEFAULT NULL,
revoked BOOLEAN NOT NULL DEFAULT FALSE,
scopes TEXT NOT NULL,
audience TEXT NULL
);
ALTER TABLE oauth2_consent_preconfiguration
ADD CONSTRAINT oauth2_consent_preconfiguration_subjct_fkey
FOREIGN KEY (subject)
REFERENCES user_opaque_identifier (identifier) ON UPDATE RESTRICT ON DELETE RESTRICT;
INSERT INTO oauth2_consent_preconfiguration (client_id, subject, created_at, expires_at, scopes, audience)
SELECT client_id, subject, responded_at, expires_at, granted_scopes, granted_audience
FROM oauth2_consent_session
WHERE expires_at IS NOT NULL AND responded_at IS NOT NULL
ORDER BY responded_at;
DROP TABLE IF EXISTS oauth2_access_token_session;
DROP TABLE IF EXISTS oauth2_authorization_code_session;
DROP TABLE IF EXISTS oauth2_openid_connect_session;
DROP TABLE IF EXISTS oauth2_pkce_request_session;
DROP TABLE IF EXISTS oauth2_refresh_token_session;
DROP TABLE IF EXISTS oauth2_consent_session;
CREATE TABLE IF NOT EXISTS oauth2_consent_session (
id SERIAL CONSTRAINT oauth2_consent_session_pkey PRIMARY KEY,
challenge_id CHAR(36) NOT NULL,
client_id VARCHAR(255) NOT NULL,
subject CHAR(36) NOT NULL,
authorized BOOLEAN NOT NULL DEFAULT FALSE,
granted BOOLEAN NOT NULL DEFAULT FALSE,
requested_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP,
responded_at TIMESTAMP WITH TIME ZONE NULL DEFAULT NULL,
form_data TEXT NOT NULL,
requested_scopes TEXT NOT NULL,
granted_scopes TEXT NOT NULL,
requested_audience TEXT NULL,
granted_audience TEXT NULL,
preconfiguration INTEGER NULL DEFAULT NULL
);
CREATE UNIQUE INDEX oauth2_consent_session_challenge_id_key ON oauth2_consent_session (challenge_id);
ALTER TABLE oauth2_consent_session
ADD CONSTRAINT oauth2_consent_session_subject_fkey
FOREIGN KEY (subject)
REFERENCES user_opaque_identifier (identifier) ON UPDATE RESTRICT ON DELETE RESTRICT,
ADD CONSTRAINT oauth2_consent_session_preconfiguration_fkey
FOREIGN KEY (preconfiguration)
REFERENCES oauth2_consent_preconfiguration (id) ON UPDATE CASCADE ON DELETE CASCADE;
CREATE TABLE IF NOT EXISTS oauth2_access_token_session (
id SERIAL CONSTRAINT oauth2_access_token_session_pkey PRIMARY KEY,
challenge_id CHAR(36) NOT NULL,
request_id VARCHAR(40) NOT NULL,
client_id VARCHAR(255) NOT NULL,
signature VARCHAR(255) NOT NULL,
subject CHAR(36) NOT NULL,
requested_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP,
requested_scopes TEXT NOT NULL,
granted_scopes TEXT NOT NULL,
requested_audience TEXT NULL DEFAULT '',
granted_audience TEXT NULL DEFAULT '',
active BOOLEAN NOT NULL DEFAULT FALSE,
revoked BOOLEAN NOT NULL DEFAULT FALSE,
form_data TEXT NOT NULL,
session_data BYTEA NOT NULL
);
CREATE INDEX oauth2_access_token_session_request_id_idx ON oauth2_access_token_session (request_id);
CREATE INDEX oauth2_access_token_session_client_id_idx ON oauth2_access_token_session (client_id);
CREATE INDEX oauth2_access_token_session_client_id_subject_idx ON oauth2_access_token_session (client_id, subject);
ALTER TABLE oauth2_access_token_session
ADD CONSTRAINT oauth2_access_token_session_challenge_id_fkey
FOREIGN KEY (challenge_id)
REFERENCES oauth2_consent_session (challenge_id) ON UPDATE CASCADE ON DELETE CASCADE,
ADD CONSTRAINT oauth2_access_token_session_subject_fkey
FOREIGN KEY (subject)
REFERENCES user_opaque_identifier (identifier) ON UPDATE RESTRICT ON DELETE RESTRICT;
CREATE TABLE IF NOT EXISTS oauth2_authorization_code_session (
id SERIAL CONSTRAINT oauth2_authorization_code_session_pkey PRIMARY KEY,
challenge_id CHAR(36) NOT NULL,
request_id VARCHAR(40) NOT NULL,
client_id VARCHAR(255) NOT NULL,
signature VARCHAR(255) NOT NULL,
subject CHAR(36) NOT NULL,
requested_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP,
requested_scopes TEXT NOT NULL,
granted_scopes TEXT NOT NULL,
requested_audience TEXT NULL DEFAULT '',
granted_audience TEXT NULL DEFAULT '',
active BOOLEAN NOT NULL DEFAULT FALSE,
revoked BOOLEAN NOT NULL DEFAULT FALSE,
form_data TEXT NOT NULL,
session_data BYTEA NOT NULL
);
CREATE INDEX oauth2_authorization_code_session_request_id_idx ON oauth2_authorization_code_session (request_id);
CREATE INDEX oauth2_authorization_code_session_client_id_idx ON oauth2_authorization_code_session (client_id);
CREATE INDEX oauth2_authorization_code_session_client_id_subject_idx ON oauth2_authorization_code_session (client_id, subject);
ALTER TABLE oauth2_authorization_code_session
ADD CONSTRAINT oauth2_authorization_code_session_challenge_id_fkey
FOREIGN KEY (challenge_id)
REFERENCES oauth2_consent_session (challenge_id) ON UPDATE CASCADE ON DELETE CASCADE,
ADD CONSTRAINT oauth2_authorization_code_session_subject_fkey
FOREIGN KEY (subject)
REFERENCES user_opaque_identifier (identifier) ON UPDATE RESTRICT ON DELETE RESTRICT;
CREATE TABLE IF NOT EXISTS oauth2_openid_connect_session (
id SERIAL CONSTRAINT oauth2_openid_connect_session_pkey PRIMARY KEY,
challenge_id CHAR(36) NOT NULL,
request_id VARCHAR(40) NOT NULL,
client_id VARCHAR(255) NOT NULL,
signature VARCHAR(255) NOT NULL,
subject CHAR(36) NOT NULL,
requested_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP,
requested_scopes TEXT NOT NULL,
granted_scopes TEXT NOT NULL,
requested_audience TEXT NULL DEFAULT '',
granted_audience TEXT NULL DEFAULT '',
active BOOLEAN NOT NULL DEFAULT FALSE,
revoked BOOLEAN NOT NULL DEFAULT FALSE,
form_data TEXT NOT NULL,
session_data BYTEA NOT NULL
);
CREATE INDEX oauth2_openid_connect_session_request_id_idx ON oauth2_openid_connect_session (request_id);
CREATE INDEX oauth2_openid_connect_session_client_id_idx ON oauth2_openid_connect_session (client_id);
CREATE INDEX oauth2_openid_connect_session_client_id_subject_idx ON oauth2_openid_connect_session (client_id, subject);
ALTER TABLE oauth2_openid_connect_session
ADD CONSTRAINT oauth2_openid_connect_session_challenge_id_fkey
FOREIGN KEY (challenge_id)
REFERENCES oauth2_consent_session (challenge_id) ON UPDATE CASCADE ON DELETE CASCADE,
ADD CONSTRAINT oauth2_openid_connect_session_subject_fkey
FOREIGN KEY (subject)
REFERENCES user_opaque_identifier (identifier) ON UPDATE RESTRICT ON DELETE RESTRICT;
CREATE TABLE IF NOT EXISTS oauth2_pkce_request_session (
id SERIAL CONSTRAINT oauth2_pkce_request_session_pkey PRIMARY KEY,
challenge_id CHAR(36) NOT NULL,
request_id VARCHAR(40) NOT NULL,
client_id VARCHAR(255) NOT NULL,
signature VARCHAR(255) NOT NULL,
subject CHAR(36) NOT NULL,
requested_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP,
requested_scopes TEXT NOT NULL,
granted_scopes TEXT NOT NULL,
requested_audience TEXT NULL DEFAULT '',
granted_audience TEXT NULL DEFAULT '',
active BOOLEAN NOT NULL DEFAULT FALSE,
revoked BOOLEAN NOT NULL DEFAULT FALSE,
form_data TEXT NOT NULL,
session_data BYTEA NOT NULL
);
CREATE INDEX oauth2_pkce_request_session_request_id_idx ON oauth2_pkce_request_session (request_id);
CREATE INDEX oauth2_pkce_request_session_client_id_idx ON oauth2_pkce_request_session (client_id);
CREATE INDEX oauth2_pkce_request_session_client_id_subject_idx ON oauth2_pkce_request_session (client_id, subject);
ALTER TABLE oauth2_pkce_request_session
ADD CONSTRAINT oauth2_pkce_request_session_challenge_id_fkey
FOREIGN KEY (challenge_id)
REFERENCES oauth2_consent_session (challenge_id) ON UPDATE CASCADE ON DELETE CASCADE,
ADD CONSTRAINT oauth2_pkce_request_session_subject_fkey
FOREIGN KEY (subject)
REFERENCES user_opaque_identifier (identifier) ON UPDATE RESTRICT ON DELETE RESTRICT;
CREATE TABLE IF NOT EXISTS oauth2_refresh_token_session (
id SERIAL CONSTRAINT oauth2_refresh_token_session_pkey PRIMARY KEY,
challenge_id CHAR(36) NOT NULL,
request_id VARCHAR(40) NOT NULL,
client_id VARCHAR(255) NOT NULL,
signature VARCHAR(255) NOT NULL,
subject CHAR(36) NOT NULL,
requested_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP,
requested_scopes TEXT NOT NULL,
granted_scopes TEXT NOT NULL,
requested_audience TEXT NULL DEFAULT '',
granted_audience TEXT NULL DEFAULT '',
active BOOLEAN NOT NULL DEFAULT FALSE,
revoked BOOLEAN NOT NULL DEFAULT FALSE,
form_data TEXT NOT NULL,
session_data BYTEA NOT NULL
);
CREATE INDEX oauth2_refresh_token_session_request_id_idx ON oauth2_refresh_token_session (request_id);
CREATE INDEX oauth2_refresh_token_session_client_id_idx ON oauth2_refresh_token_session (client_id);
CREATE INDEX oauth2_refresh_token_session_client_id_subject_idx ON oauth2_refresh_token_session (client_id, subject);
ALTER TABLE oauth2_refresh_token_session
ADD CONSTRAINT oauth2_refresh_token_session_challenge_id_fkey
FOREIGN KEY (challenge_id)
REFERENCES oauth2_consent_session (challenge_id) ON UPDATE CASCADE ON DELETE CASCADE,
ADD CONSTRAINT oauth2_refresh_token_session_subject_fkey
FOREIGN KEY (subject)
REFERENCES user_opaque_identifier (identifier) ON UPDATE RESTRICT ON DELETE RESTRICT;