feat: use user tags to check PSA auth (#1008)

Removes the old pinning_authorization table and uses user tags instead
web3-storage · Mar 4, 2022 · 6fc29e6 · 6fc29e6
1 parent 97aa482
commit 6fc29e6
Show file tree

Hide file tree

Showing 5 changed files with 324 additions and 98 deletions.
diff --git a/packages/api/test/fixtures/init-data.sql b/packages/api/test/fixtures/init-data.sql
@@ -82,10 +82,9 @@ VALUES (
 );
 
 -- user 'test-pinning' is authorized
-INSERT INTO pinning_authorization (user_id)
-VALUES (4);
-INSERT INTO pinning_authorization (user_id)
-VALUES (5);
+INSERT INTO public.user_tag (user_id, tag, value, reason)
+VALUES  (4, 'HasPsaAccess', true, 'test'),
+        (5, 'HasPsaAccess', true, 'test');
 
 INSERT INTO content (cid)
 VALUES  ('bafybeid46f7zggioxjm5p2ze2l6s6wbqvoo4gzbdzfjtdosthmfyxdign4'),

diff --git a/packages/db/index.js b/packages/db/index.js
@@ -140,16 +140,18 @@ export class DBClient {
   }
 
   /**
-   * Check that a user is authorized to pin
+   * Check that a user is authorized to pin.
    *
    * @param {number} userId
    * @returns {Promise<boolean>}
    */
   async isPinningAuthorized (userId) {
-    const { error, count } = await this._client
-      .from('pinning_authorization')
-      .select('id', { count: 'exact' })
+    const { count, error } = await this._client
+      .from('user_tag')
+      .select('value', { count: 'exact' })
       .eq('user_id', userId)
+      .eq('tag', 'HasPsaAccess')
+      .eq('value', true)
       .filter('deleted_at', 'is', null)
 
     if (error) {

diff --git a/packages/db/postgres/migrations/001-move_psa_auth_to_user_tag.sql b/packages/db/postgres/migrations/001-move_psa_auth_to_user_tag.sql
@@ -0,0 +1,39 @@
+BEGIN TRANSACTION;
+INSERT INTO public.user_tag
+(
+    user_id,
+    tag,
+    value,
+    reason,
+    inserted_at
+)
+SELECT
+    user_id,
+    'HasPsaAccess' as tag,
+    'true' as value,
+    'Approved access' as reason,
+    inserted_at
+ FROM public.pinning_authorization
+ WHERE deleted_at IS NULL;
+
+INSERT INTO public.user_tag
+(
+    user_id,
+    tag,
+    value,
+    reason,
+    inserted_at,
+    deleted_at
+)
+SELECT
+    user_id,
+    'HasPsaAccess' as tag,
+    'false' as value,
+    'Revoked access' as reason,
+    inserted_at,
+    deleted_at
+ FROM public.pinning_authorization
+ WHERE deleted_at IS NOT NULL;
+
+DROP TABLE public.pinning_authorization;
+COMMIT;