refactor(database): ♻️ Move Applications to our custom ORM

2026-03-13 13:59:16 +01:00 · 2024-10-23 17:56:47 +02:00 · 2024-10-23 17:56:47 +02:00 · 9e96eca032
commit 9e96eca032
parent e8827bccfa
23 changed files with 424 additions and 381 deletions
--- a/plugins/openid/routes/oauth/revoke.test.ts
+++ b/plugins/openid/routes/oauth/revoke.test.ts
@ -1,38 +1,30 @@
 import { afterAll, beforeAll, describe, expect, test } from "bun:test";
 import { db } from "@versia/kit/db";
 import { eq } from "@versia/kit/drizzle";
-import { Applications, Tokens } from "@versia/kit/tables";
+import { Tokens } from "@versia/kit/tables";
+import { Application } from "~/packages/database-interface/application";
 import { fakeRequest, getTestUsers } from "~/tests/utils";

 const { deleteUsers, users } = await getTestUsers(1);
-const clientId = "test-client-id";
-const redirectUri = "https://example.com/callback";
-const scope = "openid profile email";
-const secret = "test-secret";
+
+const application = await Application.insert({
+    clientId: "test-client-id",
+    redirectUri: "https://example.com/callback",
+    scopes: "openid profile email",
+    secret: "test-secret",
+    name: "Test Application",
+});

 beforeAll(async () => {
-    const application = (
-        await db
-            .insert(Applications)
-            .values({
-                clientId,
-                redirectUri,
-                scopes: scope,
-                name: "Test Application",
-                secret,
-            })
-            .returning()
-    )[0];
-
    await db.insert(Tokens).values({
        code: "test-code",
-        redirectUri,
-        clientId,
+        redirectUri: application.data.redirectUri,
+        clientId: application.data.clientId,
        accessToken: "test-access-token",
        expiresAt: new Date(Date.now() + 3600 * 1000).toISOString(),
        createdAt: new Date().toISOString(),
        tokenType: "Bearer",
-        scope,
+        scope: application.data.scopes,
        userId: users[0].id,
        applicationId: application.id,
    });
@ -40,8 +32,10 @@ beforeAll(async () => {

 afterAll(async () => {
    await deleteUsers();
-    await db.delete(Applications).where(eq(Applications.clientId, clientId));
-    await db.delete(Tokens).where(eq(Tokens.clientId, clientId));
+    await application.delete();
+    await db
+        .delete(Tokens)
+        .where(eq(Tokens.clientId, application.data.clientId));
 });

 describe("/oauth/revoke", () => {
@ -52,8 +46,8 @@ describe("/oauth/revoke", () => {
                "Content-Type": "application/json",
            },
            body: JSON.stringify({
-                client_id: clientId,
-                client_secret: secret,
+                client_id: application.data.clientId,
+                client_secret: application.data.secret,
                token: "test-access-token",
            }),
        });
@ -70,8 +64,8 @@ describe("/oauth/revoke", () => {
                "Content-Type": "application/json",
            },
            body: JSON.stringify({
-                client_id: clientId,
-                client_secret: secret,
+                client_id: application.data.clientId,
+                client_secret: application.data.secret,
            }),
        });

@ -90,7 +84,7 @@ describe("/oauth/revoke", () => {
                "Content-Type": "application/json",
            },
            body: JSON.stringify({
-                client_id: clientId,
+                client_id: application.data.clientId,
                client_secret: "invalid-secret",
                token: "test-access-token",
            }),
@ -111,8 +105,8 @@ describe("/oauth/revoke", () => {
                "Content-Type": "application/json",
            },
            body: JSON.stringify({
-                client_id: clientId,
-                client_secret: secret,
+                client_id: application.data.clientId,
+                client_secret: application.data.secret,
                token: "invalid-token",
            }),
        });
@ -133,7 +127,7 @@ describe("/oauth/revoke", () => {
            },
            body: JSON.stringify({
                client_id: "unauthorized-client-id",
-                client_secret: secret,
+                client_secret: application.data.secret,
                token: "test-access-token",
            }),
        });
--- a/plugins/openid/routes/oauth/sso.ts
+++ b/plugins/openid/routes/oauth/sso.ts
@ -7,6 +7,7 @@ import {
    generateRandomCodeVerifier,
    processDiscoveryResponse,
 } from "oauth4webapi";
+import { Application } from "~/packages/database-interface/application.ts";
 import type { PluginType } from "../../index.ts";
 import { oauthRedirectUri } from "../../utils.ts";

@ -83,10 +84,7 @@ export default (plugin: PluginType) => {

                const codeVerifier = generateRandomCodeVerifier();

-                const application = await db.query.Applications.findFirst({
-                    where: (application, { eq }) =>
-                        eq(application.clientId, client_id),
-                });
+                const application = await Application.fromClientId(client_id);

                if (!application) {
                    errorSearchParams.append("error", "invalid_request");
--- a/plugins/openid/routes/oauth/token.test.ts
+++ b/plugins/openid/routes/oauth/token.test.ts
@ -1,41 +1,40 @@
 import { afterAll, beforeAll, describe, expect, test } from "bun:test";
 import { db } from "@versia/kit/db";
 import { eq } from "@versia/kit/drizzle";
-import { Applications, Tokens } from "@versia/kit/tables";
+import { Tokens } from "@versia/kit/tables";
+import { Application } from "~/packages/database-interface/application";
 import { fakeRequest, getTestUsers } from "~/tests/utils";

 const { deleteUsers, users } = await getTestUsers(1);
-const clientId = "test-client-id";
-const redirectUri = "https://example.com/callback";
-const scope = "openid profile email";
-const secret = "test-secret";
+
+const application = await Application.insert({
+    clientId: "test-client-id",
+    redirectUri: "https://example.com/callback",
+    scopes: "openid profile email",
+    secret: "test-secret",
+    name: "Test Application",
+});

 beforeAll(async () => {
-    await db.insert(Applications).values({
-        clientId,
-        redirectUri,
-        scopes: scope,
-        name: "Test Application",
-        secret,
-    });
-
    await db.insert(Tokens).values({
        code: "test-code",
-        redirectUri,
-        clientId,
+        redirectUri: application.data.redirectUri,
+        clientId: application.data.clientId,
        accessToken: "test-access-token",
        expiresAt: new Date(Date.now() + 3600 * 1000).toISOString(),
        createdAt: new Date().toISOString(),
        tokenType: "Bearer",
-        scope,
+        scope: application.data.scopes,
        userId: users[0].id,
    });
 });

 afterAll(async () => {
    await deleteUsers();
-    await db.delete(Applications).where(eq(Applications.clientId, clientId));
-    await db.delete(Tokens).where(eq(Tokens.clientId, clientId));
+    await application.delete();
+    await db
+        .delete(Tokens)
+        .where(eq(Tokens.clientId, application.data.clientId));
 });

 describe("/oauth/token", () => {
@ -48,9 +47,9 @@ describe("/oauth/token", () => {
            body: JSON.stringify({
                grant_type: "authorization_code",
                code: "test-code",
-                redirect_uri: redirectUri,
-                client_id: clientId,
-                client_secret: secret,
+                redirect_uri: application.data.redirectUri,
+                client_id: application.data.clientId,
+                client_secret: application.data.secret,
            }),
        });

@ -69,9 +68,9 @@ describe("/oauth/token", () => {
            },
            body: JSON.stringify({
                grant_type: "authorization_code",
-                redirect_uri: redirectUri,
-                client_id: clientId,
-                client_secret: secret,
+                redirect_uri: application.data.redirectUri,
+                client_id: application.data.clientId,
+                client_secret: application.data.secret,
            }),
        });

@ -90,8 +89,8 @@ describe("/oauth/token", () => {
            body: JSON.stringify({
                grant_type: "authorization_code",
                code: "test-code",
-                client_id: clientId,
-                client_secret: secret,
+                client_id: application.data.clientId,
+                client_secret: application.data.secret,
            }),
        });

@ -110,8 +109,8 @@ describe("/oauth/token", () => {
            body: JSON.stringify({
                grant_type: "authorization_code",
                code: "test-code",
-                redirect_uri: redirectUri,
-                client_secret: secret,
+                redirect_uri: application.data.redirectUri,
+                client_secret: application.data.secret,
            }),
        });

@ -130,8 +129,8 @@ describe("/oauth/token", () => {
            body: JSON.stringify({
                grant_type: "authorization_code",
                code: "test-code",
-                redirect_uri: redirectUri,
-                client_id: clientId,
+                redirect_uri: application.data.redirectUri,
+                client_id: application.data.clientId,
                client_secret: "invalid-secret",
            }),
        });
@ -151,9 +150,9 @@ describe("/oauth/token", () => {
            body: JSON.stringify({
                grant_type: "authorization_code",
                code: "invalid-code",
-                redirect_uri: redirectUri,
-                client_id: clientId,
-                client_secret: secret,
+                redirect_uri: application.data.redirectUri,
+                client_id: application.data.clientId,
+                client_secret: application.data.secret,
            }),
        });

@ -172,9 +171,9 @@ describe("/oauth/token", () => {
            body: JSON.stringify({
                grant_type: "refresh_token",
                code: "test-code",
-                redirect_uri: redirectUri,
-                client_id: clientId,
-                client_secret: secret,
+                redirect_uri: application.data.redirectUri,
+                client_id: application.data.clientId,
+                client_secret: application.data.secret,
            }),
        });

--- a/plugins/openid/routes/oauth/token.ts
+++ b/plugins/openid/routes/oauth/token.ts
@ -3,6 +3,7 @@ import { createRoute, z } from "@hono/zod-openapi";
 import { db } from "@versia/kit/db";
 import { eq } from "@versia/kit/drizzle";
 import { Tokens } from "@versia/kit/tables";
+import { Application } from "~/packages/database-interface/application.ts";
 import type { PluginType } from "../../index.ts";

 export const schemas = {
@ -140,12 +141,10 @@ export default (plugin: PluginType) => {
                        }

                        // Verify the client_secret
-                        const client = await db.query.Applications.findFirst({
-                            where: (application, { eq }) =>
-                                eq(application.clientId, client_id),
-                        });
+                        const client =
+                            await Application.fromClientId(client_id);

-                        if (!client || client.secret !== client_secret) {
+                        if (!client || client.data.secret !== client_secret) {
                            return context.json(
                                {
                                    error: "invalid_client",