feat(callback): add callback

2026-02-03 10:17:11 +08:00
parent 27a6791591
commit 202b5eaad5
27 changed files with 1806 additions and 124 deletions
--- a/scripts/db/migrations/0007_oauth_clients.sql
+++ b/scripts/db/migrations/0007_oauth_clients.sql
@@ -0,0 +1,28 @@
+BEGIN;
+
+CREATE TABLE IF NOT EXISTS oauth_clients (
+    client_id VARCHAR(64) PRIMARY KEY,
+    name VARCHAR(255),
+    secret_hash VARCHAR(255) NOT NULL,
+    prev_secret_hash VARCHAR(255),
+    prev_expires_at TIMESTAMP WITH TIME ZONE,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_oauth_clients_updated_at ON oauth_clients(updated_at);
+
+INSERT INTO permissions (code, description, resource, action) VALUES
+('iam:client:read', 'List OAuth clients', 'client', 'read'),
+('iam:client:write', 'Create/Rotate OAuth clients', 'client', 'write')
+ON CONFLICT (code) DO NOTHING;
+
+INSERT INTO role_permissions (role_id, permission_id)
+SELECT r.id, p.id
+FROM roles r
+JOIN permissions p ON p.code IN ('iam:client:read', 'iam:client:write')
+WHERE r.is_system = TRUE
+ON CONFLICT DO NOTHING;
+
+COMMIT;
+
--- a/scripts/db/migrations/0008_oauth_client_redirect_uris.sql
+++ b/scripts/db/migrations/0008_oauth_client_redirect_uris.sql
@@ -0,0 +1,7 @@
+BEGIN;
+
+ALTER TABLE oauth_clients
+    ADD COLUMN IF NOT EXISTS redirect_uris JSONB NOT NULL DEFAULT '[]'::jsonb;
+
+COMMIT;
+
--- a/scripts/db/rollback/0007.down.sql
+++ b/scripts/db/rollback/0007.down.sql
@@ -0,0 +1,9 @@
+BEGIN;
+
+DELETE FROM permissions
+WHERE code IN ('iam:client:read', 'iam:client:write');
+
+DROP TABLE IF EXISTS oauth_clients;
+
+COMMIT;
+
--- a/scripts/db/rollback/0008.down.sql
+++ b/scripts/db/rollback/0008.down.sql
@@ -0,0 +1,7 @@
+BEGIN;
+
+ALTER TABLE oauth_clients
+    DROP COLUMN IF EXISTS redirect_uris;
+
+COMMIT;
+
--- a/scripts/db/verify/0007_oauth_clients.sql
+++ b/scripts/db/verify/0007_oauth_clients.sql
@@ -0,0 +1,15 @@
+DO $$
+BEGIN
+  IF NOT EXISTS (
+    SELECT 1
+    FROM information_schema.tables
+    WHERE table_schema = 'public' AND table_name = 'oauth_clients'
+  ) THEN
+    RAISE EXCEPTION 'missing oauth_clients table';
+  END IF;
+
+  IF NOT EXISTS (SELECT 1 FROM permissions WHERE code = 'iam:client:write') THEN
+    RAISE EXCEPTION 'missing iam client permissions seed';
+  END IF;
+END $$;
+
--- a/scripts/db/verify/0008_oauth_client_redirect_uris.sql
+++ b/scripts/db/verify/0008_oauth_client_redirect_uris.sql
@@ -0,0 +1,8 @@
+BEGIN;
+
+SELECT redirect_uris
+FROM oauth_clients
+LIMIT 1;
+
+ROLLBACK;
+