add oidc sqlite

sqlite/query.sql

@@ -143,3 +143,72 @@ SELECT permission FROM user_permission WHERE user_id = ?;
 
 -- name: AddUserPermission :exec
 INSERT INTO user_permission (user_id, permission) VALUES (?, ?);
+
+
+---------- go-oidc
+
+-- name: GetUserClients :many
+SELECT *
+FROM clients
+WHERE owner = ?;
+
+-- name: GetOIDCClientByID :one
+SELECT *
+FROM clients
+WHERE id = ?;
+
+-- name: CreateOIDCClient :exec
+INSERT INTO clients (id, name, owner)
+VALUES (?, ?, ?);
+
+-- name: CreateRedirectURI :exec
+INSERT INTO client_redirects (uri, client_id)
+VALUES (?, ?);
+
+-- name: DeleteRedirectURI :exec
+DELETE FROM client_redirects
+WHERE uri = ? AND client_id = ?;
+
+-- name: GetClientRedirectURIs :many
+SELECT *
+FROM client_redirects
+WHERE client_id = ?;
+
+-- name: GetAuthorizationCode :one
+SELECT *
+FROM authorization_codes
+WHERE code = ?;
+
+-- name: CreateAuthorizationCode :exec
+INSERT INTO authorization_codes (code, code_challenge, code_challenge_method, user_id, client_id, scope, redirect_uri, expires_at)
+VALUES (?, ?, ?, ?, ?, ?, ?, ?);
+
+-- name: DeleteOldAuthCodes :exec
+DELETE FROM authorization_codes
+WHERE expires_at < CURRENT_TIMESTAMP;
+
+-- name: DeleteOldTokens :exec
+DELETE FROM tokens
+WHERE expires_at < CURRENT_TIMESTAMP;
+
+-- name: GetTokenByValue :one
+SELECT *
+FROM tokens
+WHERE token_value = ?;
+
+-- name: CreateToken :exec
+INSERT INTO tokens (token_type, token_value, user_id, client_id, scope, expires_at)
+VALUES (?, ?, ?, ?, ?, ?);
+
+-- name: ApproveClient :exec
+INSERT INTO client_approvals (user_id, client_id)
+VALUES (?, ?);
+
+-- name: ClientApproved :one
+SELECT *
+FROM client_approvals
+WHERE user_id = ? AND client_id = ?;
+
+-- name: DeleteAuthCode :exec
+DELETE FROM authorization_codes
+WHERE code = ?;

sqlite/schema.sql

@@ -63,4 +63,63 @@ CREATE TABLE IF NOT EXISTS user_permission (
     ,permission TEXT NOT NULL
     ,FOREIGN KEY (user_id) REFERENCES user(id)
     ,UNIQUE(user_id, permission)
-);
+);
+
+
+---- go-oidc
+
+CREATE TABLE IF NOT EXISTS clients (
+    id TEXT PRIMARY KEY
+    ,name TEXT NOT NULL
+    ,owner TEXT NOT NULL
+    ,created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+    ,FOREIGN KEY (owner) REFERENCES user (id)
+    ,UNIQUE(name, owner)
+    );
+
+CREATE TABLE IF NOT EXISTS client_redirects (
+    id INTEGER PRIMARY KEY AUTOINCREMENT
+    ,uri TEXT NOT NULL
+    ,client_id TEXT NOT NULL
+    ,created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+    ,FOREIGN KEY (client_id) REFERENCES clients (id)
+    ,UNIQUE(uri, client_id)
+    );
+
+CREATE TABLE IF NOT EXISTS authorization_codes (
+    id INTEGER PRIMARY KEY AUTOINCREMENT
+    ,code TEXT NOT NULL UNIQUE
+    ,code_challenge TEXT NOT NULL UNIQUE
+    ,code_challenge_method TEXT NOT NULL CHECK (code_challenge_method IN ('S256', 'plain'))
+    ,user_id TEXT NOT NULL
+    ,client_id TEXT NOT NULL
+    ,scope TEXT
+    ,redirect_uri TEXT NOT NULL
+    ,created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+    ,expires_at DATETIME NOT NULL
+    ,used_at DATETIME
+    ,FOREIGN KEY (user_id) REFERENCES user (id)
+    ,FOREIGN KEY (client_id) REFERENCES client (id)
+    );
+
+CREATE TABLE IF NOT EXISTS tokens (
+    id INTEGER PRIMARY KEY AUTOINCREMENT
+    ,token_type TEXT NOT NULL CHECK (token_type IN ('access', 'refresh'))
+    ,token_value TEXT NOT NULL UNIQUE
+    ,user_id TEXT NOT NULL
+    ,client_id TEXT NOT NULL
+    ,scope TEXT
+    ,created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+    ,expires_at DATETIME NOT NULL
+    ,FOREIGN KEY (user_id) REFERENCES user (id)
+    ,FOREIGN KEY (client_id) REFERENCES clients (id)
+    );
+
+CREATE TABLE IF NOT EXISTS client_approvals (
+    id INTEGER PRIMARY KEY AUTOINCREMENT
+    ,user_id TEXT NOT NULL
+    ,client_id TEXT NOT NULL
+    ,UNIQUE(user_id, client_id)
+    ,FOREIGN KEY (user_id) REFERENCES users (id)
+    ,FOREIGN KEY (client_id) REFERENCES clients (id)
+);