letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Replace the FK constraint on the refresh token chain to nullify the

Browse Source 
field on deletion

This will make garbage collecting refresh tokens easier
This commit is contained in:
Quentin Gliech
2026-01-12 09:36:52 +01:00
parent 3e521a105d
commit ab25c23829
2 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
crates/storage-pg/migrations/20260109172950_oauth_refresh_token_next_token_set_null.sql Normal file
View File

@@ -0,0 +1,15 @@
-- Copyright 2026 Element Creations Ltd.
--
-- SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
-- Please see LICENSE in the repository root for full details.
-- Replace the foreign key constraint on the next refresh token to set the field
-- to NULL on delete. We re-introduce the constraint as NOT VALID to avoid
-- locking the table, and a second migration validates the constraint
ALTER TABLE oauth2_refresh_tokens
DROP CONSTRAINT IF EXISTS oauth2_refresh_tokens_next_oauth2_refresh_token_id_fkey,
ADD CONSTRAINT oauth2_refresh_tokens_next_oauth2_refresh_token_id_fkey
FOREIGN KEY (next_oauth2_refresh_token_id)
REFERENCES oauth2_refresh_tokens (oauth2_refresh_token_id)
ON DELETE SET NULL
NOT VALID;

9
crates/storage-pg/migrations/20260109172954_oauth_refresh_token_next_token_set_null_validate.sql Normal file
View File

@@ -0,0 +1,9 @@
-- Copyright 2026 Element Creations Ltd.
--
-- SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
-- Please see LICENSE in the repository root for full details.
-- Validate the foreign key constraint on the next refresh token introduced in
-- the previous migration
ALTER TABLE oauth2_refresh_tokens
VALIDATE CONSTRAINT oauth2_refresh_tokens_next_oauth2_refresh_token_id_fkey;