2019-11-16 19:50:58 +00:00
|
|
|
package storage
|
|
|
|
|
2020-07-16 05:56:08 +00:00
|
|
|
import (
|
2021-11-23 09:45:38 +00:00
|
|
|
"regexp"
|
2020-07-16 05:56:08 +00:00
|
|
|
)
|
|
|
|
|
2021-11-23 09:45:38 +00:00
|
|
|
const (
|
2022-04-07 05:33:53 +00:00
|
|
|
tableAuthenticationLogs = "authentication_logs"
|
|
|
|
tableDuoDevices = "duo_devices"
|
2021-11-30 06:58:21 +00:00
|
|
|
tableIdentityVerification = "identity_verification"
|
2023-04-23 10:59:15 +00:00
|
|
|
tableOneTimePassword = "one_time_password"
|
2021-11-23 09:45:38 +00:00
|
|
|
tableTOTPConfigurations = "totp_configurations"
|
2022-04-07 05:33:53 +00:00
|
|
|
tableUserOpaqueIdentifier = "user_opaque_identifier"
|
|
|
|
tableUserPreferences = "user_preferences"
|
2023-04-11 04:40:09 +00:00
|
|
|
tableWebAuthnDevices = "webauthn_devices"
|
|
|
|
tableWebAuthnUsers = "webauthn_users"
|
2022-04-07 05:33:53 +00:00
|
|
|
|
2023-03-06 03:58:50 +00:00
|
|
|
tableOAuth2BlacklistedJTI = "oauth2_blacklisted_jti"
|
2022-10-20 02:16:36 +00:00
|
|
|
tableOAuth2ConsentSession = "oauth2_consent_session"
|
|
|
|
tableOAuth2ConsentPreConfiguration = "oauth2_consent_preconfiguration"
|
2022-11-25 12:44:55 +00:00
|
|
|
|
2023-03-06 03:58:50 +00:00
|
|
|
tableOAuth2AccessTokenSession = "oauth2_access_token_session" //nolint:gosec // This is not a hardcoded credential.
|
2022-11-25 12:44:55 +00:00
|
|
|
tableOAuth2AuthorizeCodeSession = "oauth2_authorization_code_session"
|
|
|
|
tableOAuth2OpenIDConnectSession = "oauth2_openid_connect_session"
|
2023-03-06 03:58:50 +00:00
|
|
|
tableOAuth2PARContext = "oauth2_par_context"
|
|
|
|
tableOAuth2PKCERequestSession = "oauth2_pkce_request_session"
|
|
|
|
tableOAuth2RefreshTokenSession = "oauth2_refresh_token_session" //nolint:gosec // This is not a hardcoded credential.
|
2022-04-07 05:33:53 +00:00
|
|
|
|
|
|
|
tableMigrations = "migrations"
|
|
|
|
tableEncryption = "encryption"
|
2021-11-23 09:45:38 +00:00
|
|
|
)
|
|
|
|
|
2022-04-07 05:33:53 +00:00
|
|
|
// OAuth2SessionType represents the potential OAuth 2.0 session types.
|
2022-11-13 03:26:10 +00:00
|
|
|
type OAuth2SessionType int
|
2022-04-07 05:33:53 +00:00
|
|
|
|
|
|
|
// Representation of specific OAuth 2.0 session types.
|
|
|
|
const (
|
2023-03-06 03:58:50 +00:00
|
|
|
OAuth2SessionTypeAccessToken OAuth2SessionType = iota
|
|
|
|
OAuth2SessionTypeAuthorizeCode
|
2022-11-13 03:26:10 +00:00
|
|
|
OAuth2SessionTypeOpenIDConnect
|
2023-03-06 03:58:50 +00:00
|
|
|
OAuth2SessionTypePAR
|
|
|
|
OAuth2SessionTypePKCEChallenge
|
|
|
|
OAuth2SessionTypeRefreshToken
|
2022-04-07 05:33:53 +00:00
|
|
|
)
|
|
|
|
|
2022-11-13 03:26:10 +00:00
|
|
|
// String returns a string representation of this OAuth2SessionType.
|
|
|
|
func (s OAuth2SessionType) String() string {
|
|
|
|
switch s {
|
|
|
|
case OAuth2SessionTypeAccessToken:
|
|
|
|
return "access token"
|
2023-03-06 03:58:50 +00:00
|
|
|
case OAuth2SessionTypeAuthorizeCode:
|
|
|
|
return "authorization code"
|
2022-11-13 03:26:10 +00:00
|
|
|
case OAuth2SessionTypeOpenIDConnect:
|
|
|
|
return "openid connect"
|
2023-03-06 03:58:50 +00:00
|
|
|
case OAuth2SessionTypePAR:
|
|
|
|
return "pushed authorization request context"
|
|
|
|
case OAuth2SessionTypePKCEChallenge:
|
|
|
|
return "pkce challenge"
|
|
|
|
case OAuth2SessionTypeRefreshToken:
|
|
|
|
return "refresh token"
|
2022-11-13 03:26:10 +00:00
|
|
|
default:
|
|
|
|
return "invalid"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-11-25 12:44:55 +00:00
|
|
|
// Table returns the table name for this session type.
|
|
|
|
func (s OAuth2SessionType) Table() string {
|
|
|
|
switch s {
|
|
|
|
case OAuth2SessionTypeAccessToken:
|
|
|
|
return tableOAuth2AccessTokenSession
|
2023-03-06 03:58:50 +00:00
|
|
|
case OAuth2SessionTypeAuthorizeCode:
|
|
|
|
return tableOAuth2AuthorizeCodeSession
|
2022-11-25 12:44:55 +00:00
|
|
|
case OAuth2SessionTypeOpenIDConnect:
|
|
|
|
return tableOAuth2OpenIDConnectSession
|
2023-03-06 03:58:50 +00:00
|
|
|
case OAuth2SessionTypePAR:
|
|
|
|
return tableOAuth2PARContext
|
|
|
|
case OAuth2SessionTypePKCEChallenge:
|
|
|
|
return tableOAuth2PKCERequestSession
|
|
|
|
case OAuth2SessionTypeRefreshToken:
|
|
|
|
return tableOAuth2RefreshTokenSession
|
2022-11-25 12:44:55 +00:00
|
|
|
default:
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-10-22 04:25:12 +00:00
|
|
|
const (
|
2022-10-22 05:41:27 +00:00
|
|
|
sqlNetworkTypeTCP = "tcp"
|
|
|
|
sqlNetworkTypeUnixSocket = "unix"
|
2022-10-22 04:25:12 +00:00
|
|
|
)
|
|
|
|
|
2021-11-25 01:56:58 +00:00
|
|
|
const (
|
|
|
|
encryptionNameCheck = "check"
|
|
|
|
)
|
|
|
|
|
2021-11-23 09:45:38 +00:00
|
|
|
// WARNING: Do not change/remove these consts. They are used for Pre1 migrations.
|
|
|
|
const (
|
2021-12-03 00:04:11 +00:00
|
|
|
tablePre1TOTPSecrets = "totp_secrets"
|
|
|
|
tablePre1IdentityVerificationTokens = "identity_verification_tokens"
|
2022-03-03 11:20:43 +00:00
|
|
|
tablePre1U2FDevices = "u2f_devices"
|
2021-11-23 09:45:38 +00:00
|
|
|
)
|
|
|
|
|
2021-12-03 00:04:11 +00:00
|
|
|
var tablesPre1 = []string{
|
|
|
|
tablePre1TOTPSecrets,
|
|
|
|
tablePre1IdentityVerificationTokens,
|
2022-03-03 11:20:43 +00:00
|
|
|
tablePre1U2FDevices,
|
2021-12-03 00:04:11 +00:00
|
|
|
|
|
|
|
tableUserPreferences,
|
|
|
|
tableAuthenticationLogs,
|
|
|
|
}
|
|
|
|
|
2021-11-23 09:45:38 +00:00
|
|
|
const (
|
|
|
|
providerAll = "all"
|
|
|
|
providerMySQL = "mysql"
|
|
|
|
providerPostgres = "postgres"
|
|
|
|
providerSQLite = "sqlite"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
// SchemaLatest represents the value expected for a "migrate to latest" migration. It's the maximum 32bit signed integer.
|
|
|
|
SchemaLatest = 2147483647
|
|
|
|
)
|
|
|
|
|
2022-04-07 05:33:53 +00:00
|
|
|
type ctxKey int
|
|
|
|
|
|
|
|
const (
|
|
|
|
ctxKeyTransaction ctxKey = iota
|
|
|
|
)
|
|
|
|
|
2021-11-23 09:45:38 +00:00
|
|
|
var (
|
2023-03-06 03:58:50 +00:00
|
|
|
reMigration = regexp.MustCompile(`^V(?P<Version>\d{4})\.(?P<Name>[^.]+)\.(?P<Provider>(all|sqlite|postgres|mysql))\.(?P<Direction>(up|down))\.sql$`)
|
2021-11-23 09:45:38 +00:00
|
|
|
)
|
2022-11-25 12:44:55 +00:00
|
|
|
|
|
|
|
const (
|
|
|
|
na = "N/A"
|
|
|
|
invalid = "invalid"
|
|
|
|
)
|