Merge pull request #119 from /issues/116

API Tokens repository

Author: madhead

entity/src/main/kotlin/me/madhead/tyzenhaus/entity/api/token/APIToken.kt

@@ -0,0 +1,24 @@
+package me.madhead.tyzenhaus.entity.api.token
+
+import java.time.Instant
+import java.util.UUID
+
+/**
+ * Scope of API tokens for Mini Apps.
+ *
+ * Available scopes:
+ * - HISTORY: Allows to read group's transaction history.
+ */
+enum class Scope {
+    HISTORY,
+}
+
+/**
+ * Security token used to access API from the Mini Apps.
+ */
+data class APIToken(
+    val token: UUID,
+    val groupId: Long,
+    val scope: Scope,
+    val validUntil: Instant,
+)

repository/postgresql/src/main/kotlin/me/madhead/tyzenhaus/repository/postgresql/api/token/APITokenExtensions.kt

@@ -0,0 +1,19 @@
+package me.madhead.tyzenhaus.repository.postgresql.api.token
+
+import java.sql.ResultSet
+import java.util.UUID
+import me.madhead.tyzenhaus.entity.api.token.APIToken
+import me.madhead.tyzenhaus.entity.api.token.Scope
+
+internal fun ResultSet.toAPIToken(): APIToken? {
+    return if (this.next()) {
+        APIToken(
+            token = this.getObject("token", UUID::class.java),
+            groupId = this.getLong("group_id"),
+            scope = Scope.valueOf(this.getString("scope")),
+            validUntil = this.getTimestamp("valid_until").toInstant(),
+        )
+    } else {
+        null
+    }
+}

repository/postgresql/src/main/kotlin/me/madhead/tyzenhaus/repository/postgresql/api/token/APITokenRepository.kt

@@ -0,0 +1,56 @@
+package me.madhead.tyzenhaus.repository.postgresql.api.token
+
+import java.sql.Timestamp
+import java.util.UUID
+import javax.sql.DataSource
+import me.madhead.tyzenhaus.entity.api.token.APIToken
+import me.madhead.tyzenhaus.entity.balance.Balance
+import me.madhead.tyzenhaus.repository.postgresql.PostgreSqlRepository
+import org.apache.logging.log4j.LogManager
+
+/**
+ * PostgreSQL repository for [balances][Balance].
+ */
+class APITokenRepository(dataSource: DataSource)
+    : me.madhead.tyzenhaus.repository.APITokenRepository, PostgreSqlRepository(dataSource) {
+    companion object {
+        private val logger = LogManager.getLogger(APITokenRepository::class.java)!!
+    }
+
+    override fun get(id: UUID): APIToken? {
+        logger.debug("get {}", id)
+
+        dataSource.connection.use { connection ->
+            connection
+                .prepareStatement("""SELECT * FROM "api_token" WHERE "token" = ?;""")
+                .use { preparedStatement ->
+                    preparedStatement.setObject(@Suppress("MagicNumber") 1, id)
+                    preparedStatement.executeQuery().use { resultSet ->
+                        return@get resultSet.toAPIToken()
+                    }
+                }
+        }
+    }
+
+    @Suppress("DuplicatedCode")
+    override fun save(entity: APIToken) {
+        logger.debug("save {}", entity)
+
+        dataSource
+            .connection
+            .use { connection ->
+                connection
+                    .prepareStatement("""
+                                INSERT INTO "api_token" ("token", "group_id", "scope", "valid_until")
+                                VALUES (?, ?, ?, ?)
+                            """.trimIndent())
+                    .use { preparedStatement ->
+                        preparedStatement.setObject(@Suppress("MagicNumber") 1, entity.token)
+                        preparedStatement.setLong(@Suppress("MagicNumber") 2, entity.groupId)
+                        preparedStatement.setString(@Suppress("MagicNumber") 3, entity.scope.name)
+                        preparedStatement.setTimestamp(@Suppress("MagicNumber") 4, Timestamp.from(entity.validUntil))
+                        preparedStatement.executeUpdate()
+                    }
+            }
+    }
+}

repository/postgresql/src/main/liquibase/changelog.yml

@@ -65,3 +65,14 @@ databaseChangeLog:
         - sqlFile:
             path: ../sql/transaction-remove-title-column.sql
             relativeToChangelogFile: true
+  - changeSet:
+      id: 7
+      author: madhead
+      changes:
+        - sqlFile:
+            path: ../sql/api-token.init.sql
+            relativeToChangelogFile: true
+      rollback:
+        - sqlFile:
+            path: ../sql/api-token.deinit.sql
+            relativeToChangelogFile: true

repository/postgresql/src/main/sql/api-token.deinit.sql

@@ -0,0 +1 @@
+DROP TABLE api_token;

repository/postgresql/src/main/sql/api-token.init.sql

@@ -0,0 +1,7 @@
+CREATE TABLE api_token
+(
+    token       UUID PRIMARY KEY,
+    group_id    BIGINT                   NOT NULL,
+    scope       VARCHAR(128)             NOT NULL,
+    valid_until TIMESTAMP WITH TIME ZONE NOT NULL
+);

repository/postgresql/src/test/kotlin/me/madhead/tyzenhaus/repository/postgresql/api/token/APITokenRepositoryTest.kt

@@ -0,0 +1,58 @@
+package me.madhead.tyzenhaus.repository.postgresql.api.token
+
+import java.net.URI
+import java.time.Instant
+import java.util.UUID
+import me.madhead.tyzenhaus.entity.api.token.APIToken
+import me.madhead.tyzenhaus.entity.api.token.Scope
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.Assertions.assertNull
+import org.junit.jupiter.api.BeforeAll
+import org.junit.jupiter.api.Tag
+import org.junit.jupiter.api.Test
+import org.junit.jupiter.api.TestInstance
+import org.postgresql.ds.PGSimpleDataSource
+
+@TestInstance(TestInstance.Lifecycle.PER_CLASS)
+@Tag("db")
+class APITokenRepositoryTest {
+    private lateinit var apiTokenRepository: APITokenRepository
+
+    @BeforeAll
+    fun setUp() {
+        val databaseUri = URI(System.getenv("DATABASE_URL")!!)
+
+        apiTokenRepository = APITokenRepository(
+            PGSimpleDataSource().apply {
+                setUrl("jdbc:postgresql://${databaseUri.host}:${databaseUri.port}${databaseUri.path}")
+                user = databaseUri.userInfo.split(":")[0]
+                password = databaseUri.userInfo.split(":")[1]
+            }
+        )
+    }
+
+    @Test
+    fun get() {
+        assertEquals(
+            APIToken(UUID.fromString("00000000-0000-0000-0000-000000000000"), 1, Scope.HISTORY, Instant.ofEpochMilli(253400572800000)),
+            apiTokenRepository.get(UUID.fromString("00000000-0000-0000-0000-000000000000"))
+        )
+    }
+
+    @Test
+    fun getNonExisting() {
+        assertNull(apiTokenRepository.get(UUID.fromString("FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF")))
+    }
+
+    @Test
+    fun save() {
+        apiTokenRepository.save(
+            APIToken(UUID.fromString("00000000-0000-0000-0000-000000000001"), 2, Scope.HISTORY, Instant.ofEpochMilli(808174800000)),
+        )
+
+        assertEquals(
+            APIToken(UUID.fromString("00000000-0000-0000-0000-000000000001"), 2, Scope.HISTORY, Instant.ofEpochMilli(808174800000)),
+            apiTokenRepository.get(UUID.fromString("00000000-0000-0000-0000-000000000001"))
+        )
+    }
+}

repository/postgresql/src/test/sql/seed.sql

@@ -56,3 +56,6 @@ VALUES (6, 1, '{
     "groupId": 6,
     "balance": {}
 }'::JSONB);
+
+INSERT INTO "api_token" ("token", "group_id", "scope", "valid_until")
+VALUES ('00000000-0000-0000-0000-000000000000', 1, 'HISTORY', '9999-12-12 00:00:00');

repository/src/main/kotlin/me/madhead/tyzenhaus/repository/APITokenRepository.kt

@@ -0,0 +1,9 @@
+package me.madhead.tyzenhaus.repository
+
+import java.util.UUID
+import me.madhead.tyzenhaus.entity.api.token.APIToken
+
+/**
+ * API tokens repository.
+ */
+interface APITokenRepository : Repository<UUID, APIToken>