mirrors/postgsail
1
0
Fork 0
mirror of https://github.com/xbgmsharp/postgsail.git synced 2025-09-17 11:17:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor auth tables (accounts,vessels)

Browse Source 
Add unique userid column for jwt auth
Add unique vesselid column for jwt auth
Add new extensions citext,moddatetime
Update email column to citext type for fast queries
Add updated_at column to trak changed managed by moddatetime extension
Update index tables (accounts,vessels)
This commit is contained in:
xbgmsharp
2022-11-25 23:14:30 +01:00
parent ea7301e1ed
commit a68a0ee3e3
1 changed files with 28 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
initdb/02_4_signalk_auth.sql
View File

@@ -15,17 +15,21 @@ CREATE SCHEMA IF NOT EXISTS auth;
COMMENT ON SCHEMA auth IS 'auth postgrest for users and vessels'; COMMENT ON SCHEMA auth IS 'auth postgrest for users and vessels';
CREATE EXTENSION IF NOT EXISTS "uuid-ossp"; -- provides functions to generate universally unique identifiers (UUIDs) CREATE EXTENSION IF NOT EXISTS "uuid-ossp"; -- provides functions to generate universally unique identifiers (UUIDs)
CREATE EXTENSION IF NOT EXISTS "moddatetime"; -- provides functions for tracking last modification time
CREATE EXTENSION IF NOT EXISTS "citext"; -- provides data type for case-insensitive character strings
CREATE EXTENSION IF NOT EXISTS "pgcrypto"; -- provides cryptographic functions
DROP TABLE IF EXISTS auth.accounts CASCADE; DROP TABLE IF EXISTS auth.accounts CASCADE;
CREATE TABLE IF NOT EXISTS auth.accounts ( CREATE TABLE IF NOT EXISTS auth.accounts (
-- id UUID DEFAULT uuid_generate_v4() NOT NULL, userid UUID NOT NULL UNIQUE DEFAULT uuid_generate_v4(),
email text primary key check ( email ~* '^.+@.+\..+$' ), email citext primary key check ( email ~* '^.+@.+\..+$' ),
first text not null check (length(pass) < 512), first text not null check (length(pass) < 512),
last text not null check (length(pass) < 512), last text not null check (length(pass) < 512),
pass text not null check (length(pass) < 512), pass text not null check (length(pass) < 512),
role name not null check (length(role) < 512), role name not null check (length(role) < 512),
preferences JSONB null, preferences JSONB null,
created_at TIMESTAMP WITHOUT TIME ZONE default NOW(), created_at TIMESTAMP WITHOUT TIME ZONE NOT NULL DEFAULT NOW(),
updated_at TIMESTAMP WITHOUT TIME ZONE NOT NULL DEFAULT NOW(),
CONSTRAINT valid_first CHECK (length(first) > 1), CONSTRAINT valid_first CHECK (length(first) > 1),
CONSTRAINT valid_last CHECK (length(last) > 1), CONSTRAINT valid_last CHECK (length(last) > 1),
CONSTRAINT valid_pass CHECK (length(pass) > 4) CONSTRAINT valid_pass CHECK (length(pass) > 4)
@@ -37,25 +41,40 @@ COMMENT ON TABLE
-- Indexes -- Indexes
CREATE INDEX accounts_role_idx ON auth.accounts (role); CREATE INDEX accounts_role_idx ON auth.accounts (role);
CREATE INDEX accounts_preferences_idx ON auth.accounts using GIN (preferences); CREATE INDEX accounts_preferences_idx ON auth.accounts using GIN (preferences);
CREATE INDEX accounts_userid_idx ON auth.accounts (userid);
CREATE TRIGGER accounts_moddatetime
BEFORE UPDATE ON auth.accounts
FOR EACH ROW
EXECUTE PROCEDURE moddatetime (updated_at);
DROP TABLE IF EXISTS auth.vessels; DROP TABLE IF EXISTS auth.vessels;
CREATE TABLE IF NOT EXISTS auth.vessels ( CREATE TABLE IF NOT EXISTS auth.vessels (
-- vesselId UUID PRIMARY KEY REFERENCES auth.accounts(id) ON DELETE RESTRICT, vesseid TEXT NOT NULL UNIQUE DEFAULT RIGHT(gen_random_uuid()::text, 12),
owner_email TEXT PRIMARY KEY REFERENCES auth.accounts(email) ON DELETE RESTRICT, owner_email CITEXT PRIMARY KEY REFERENCES auth.accounts(email) ON DELETE RESTRICT,
mmsi TEXT UNIQUE, -- Should be a numeric range between 100000000 and 800000000. mmsi TEXT UNIQUE, -- Should be a numeric range between 100000000 and 800000000.
-- mmsi NUMERIC UNIQUE, -- mmsi NUMERIC UNIQUE, -- MMSI can be optional but if present must be a valid one
name TEXT NOT NULL CHECK (length(name) >= 3 AND length(name) < 512), name TEXT NOT NULL CHECK (length(name) >= 3 AND length(name) < 512),
pass UUID, -- pass text not null check (length(pass) < 512), -- unused
role name not null check (length(role) < 512), role name not null check (length(role) < 512),
created_at TIMESTAMP WITHOUT TIME ZONE NOT NULL DEFAULT NOW(), created_at TIMESTAMP WITHOUT TIME ZONE NOT NULL DEFAULT NOW(),
uid TEXT NOT NULL UNIQUE DEFAULT RIGHT(gen_random_uuid()::text, 12), updated_at TIMESTAMP WITHOUT TIME ZONE NOT NULL DEFAULT NOW(),
CONSTRAINT valid_mmsi CHECK (length(mmsi) < 10 AND mmsi <> '') -- CONSTRAINT valid_mmsi CHECK (length(mmsi) < 10 AND mmsi <> '')
-- CONSTRAINT valid_mmsi CHECK (mmsi > 100000000 AND mmsi < 800000000) -- CONSTRAINT valid_mmsi CHECK (mmsi > 100000000 AND mmsi < 800000000)
); );
-- Description -- Description
COMMENT ON TABLE COMMENT ON TABLE
auth.vessels auth.vessels
IS 'vessels table link to accounts email column'; IS 'vessels table link to accounts email column';
-- Indexes
CREATE INDEX vessels_role_idx ON auth.vessels (role);
CREATE INDEX vessels_name_idx ON auth.vessels (name);
CREATE INDEX vessels_vesseid_idx ON auth.vessels (vesseid);
CREATE TRIGGER vessels_moddatetime
BEFORE UPDATE ON auth.vessels
FOR EACH ROW
EXECUTE PROCEDURE moddatetime (updated_at);
create or replace function create or replace function
auth.check_role_exists() returns trigger as $$ auth.check_role_exists() returns trigger as $$
@@ -89,8 +108,6 @@ create constraint trigger ensure_vessel_role_exists
CREATE TRIGGER new_vessel_entry AFTER INSERT ON auth.vessels CREATE TRIGGER new_vessel_entry AFTER INSERT ON auth.vessels
FOR EACH ROW EXECUTE FUNCTION public.new_vessel_entry_fn(); FOR EACH ROW EXECUTE FUNCTION public.new_vessel_entry_fn();
create extension if not exists pgcrypto;
create or replace function create or replace function
auth.encrypt_pass() returns trigger as $$ auth.encrypt_pass() returns trigger as $$
begin begin