|
8687.15.9
by Karl Fogel
Add the copyright header block to more files (everything under database/). |
1 |
-- Copyright 2009 Canonical Ltd. This software is licensed under the
|
2 |
-- GNU Affero General Public License version 3 (see the file LICENSE).
|
|
3 |
||
|
2839.4.13
by Stuart Bishop
Add basic tests |
4 |
-- Create the standard session tables.
|
|
8687.15.9
by Karl Fogel
Add the copyright header block to more files (everything under database/). |
5 |
|
|
2839.4.13
by Stuart Bishop
Add basic tests |
6 |
\i session.sql |
7 |
||
8 |
-- Grant required permissions on these tables to the 'session' user.
|
|
9 |
GRANT SELECT, INSERT, UPDATE, DELETE ON SessionData TO session; |
|
10 |
GRANT SELECT, INSERT, UPDATE, DELETE oN SessionPkgData TO session; |
|
11 |
GRANT SELECT ON Secret TO session; |
|
12 |
||
|
3691.52.3
by Stuart Bishop
Fix Bug 46149, moving upserts to stored procedures |
13 |
GRANT EXECUTE ON FUNCTION ensure_session_client_id(text) TO session; |
14 |
GRANT EXECUTE ON FUNCTION |
|
15 |
set_session_pkg_data(text, text, text, bytea) TO session; |
|
16 |
||
|
7675.809.26
by Robert Collins
Move session stuff to launchpad_session.sql. |
17 |
CREATE TABLE TimeLimitedToken ( |
|
7675.809.30
by Robert Collins
Rename url to path in TimeLimitedToken. |
18 |
path text NOT NULL, |
|
7675.809.26
by Robert Collins
Move session stuff to launchpad_session.sql. |
19 |
token text NOT NULL, |
|
7675.395.132
by Stuart Bishop
Improve TimeLimitedToken definition, matching production |
20 |
created timestamp without time zone |
21 |
NOT NULL DEFAULT (CURRENT_TIMESTAMP AT TIME ZONE 'UTC'), |
|
22 |
constraint timelimitedtoken_pkey primary key (path, token) |
|
|
7675.809.26
by Robert Collins
Move session stuff to launchpad_session.sql. |
23 |
) WITHOUT OIDS; |
|
7675.809.30
by Robert Collins
Rename url to path in TimeLimitedToken. |
24 |
COMMENT ON TABLE TimeLimitedToken IS 'stores tokens for granting access to a single path in the librarian for a short while. The garbo takes care of cleanups, and we should only have a few thousand at a time. Tokens are handed out just-in-time on the appserver, when a client attempts to dereference a private thing which we do not want to deliver in-line. OAuth tokens cannot be used for the launchpadlibrarian content because they would then be attackable. See lib.canonical.database.librarian for the python class.'; |
|
7675.809.26
by Robert Collins
Move session stuff to launchpad_session.sql. |
25 |
-- Give the garbo an efficient selection to cleanup
|
26 |
CREATE INDEX timelimitedtoken_created ON TimeLimitedToken(created); |
|
27 |
||
|
7675.809.4
by Robert Collins
More db tuning: unique column, permissions |
28 |
-- Let the session user access file access tokens.
|
29 |
GRANT SELECT, INSERT, UPDATE, DELETE ON TimeLimitedToken TO session; |
|
30 |
-- And the garbo needs to run on it too.
|
|
31 |
GRANT SELECT, DELETE ON TimeLimitedToken TO session; |
|
|
4953.7.6
by Stuart Bishop
Move session garbage collection into garbo |
32 |
|
33 |
||
34 |
-- This helper needs to exist in the session database so the BulkPruner
|
|
35 |
-- can clean up unwanted sessions.
|
|
36 |
CREATE OR REPLACE FUNCTION cursor_fetch(cur refcursor, n integer) |
|
37 |
RETURNS SETOF record LANGUAGE plpgsql AS |
|
38 |
$$
|
|
39 |
DECLARE
|
|
40 |
r record; |
|
41 |
count integer; |
|
42 |
BEGIN
|
|
43 |
FOR count IN 1..n LOOP |
|
44 |
FETCH FORWARD FROM cur INTO r; |
|
45 |
IF NOT FOUND THEN |
|
46 |
RETURN; |
|
47 |
END IF; |
|
48 |
RETURN NEXT r; |
|
49 |
END LOOP; |
|
50 |
END; |
|
51 |
$$; |
|
52 |
||
53 |
COMMENT ON FUNCTION cursor_fetch(refcursor, integer) IS |
|
54 |
'Fetch the next n items from a cursor. Work around for not being able to use FETCH inside a SELECT statement.'; |
|
55 |
||
56 |
GRANT EXECUTE ON FUNCTION cursor_fetch(refcursor, integer) TO session; |