refactor(db): use new store interface

2026-04-30 17:38:11 +00:00 · 2026-04-30 19:18:33 +12:00
40 changed files with 164 additions and 133 deletions
@@ -11,5 +11,5 @@ var FrontendAssets embed.FS

 // Migrations
 //
-//go:embed migrations/*.sql
+//go:embed migrations/sqlite/*.sql
 var Migrations embed.FS
@@ -130,17 +130,14 @@ func (app *BootstrapApp) Setup() error {
 	tlog.App.Trace().Str("redirectCookieName", app.context.redirectCookieName).Msg("Redirect cookie name")

 	// Database
-	db, err := app.SetupDatabase(app.config.Database.Path)
+	store, err := app.SetupStore()

 	if err != nil {
 		return fmt.Errorf("failed to setup database: %w", err)
 	}

-	// Queries
-	queries := repository.New(db)
-
 	// Services
-	services, err := app.initServices(queries)
+	services, err := app.initServices(store)

 	if err != nil {
 		return fmt.Errorf("failed to initialize services: %w", err)
@@ -196,7 +193,7 @@ func (app *BootstrapApp) Setup() error {

 	// Start db cleanup routine
 	tlog.App.Debug().Msg("Starting database cleanup routine")
-	go app.dbCleanupRoutine(queries)
+	go app.dbCleanupRoutine(store)

 	// If analytics are not disabled, start heartbeat
 	if app.config.Analytics.Enabled {
@@ -286,7 +283,7 @@ func (app *BootstrapApp) heartbeatRoutine() {
 	}
 }

-func (app *BootstrapApp) dbCleanupRoutine(queries *repository.Queries) {
+func (app *BootstrapApp) dbCleanupRoutine(queries repository.Store) {
 	ticker := time.NewTicker(time.Duration(30) * time.Minute)
 	defer ticker.Stop()
 	ctx := context.Background()
@@ -7,6 +7,8 @@ import (
 	"path/filepath"

 	"github.com/tinyauthapp/tinyauth/internal/assets"
+	"github.com/tinyauthapp/tinyauth/internal/repository"
+	"github.com/tinyauthapp/tinyauth/internal/repository/sqlite"

 	"github.com/golang-migrate/migrate/v4"
 	"github.com/golang-migrate/migrate/v4/database/sqlite3"
@@ -14,7 +16,18 @@ import (
 	_ "modernc.org/sqlite"
 )

-func (app *BootstrapApp) SetupDatabase(databasePath string) (*sql.DB, error) {
+func (app *BootstrapApp) SetupStore() (repository.Store, error) {
+	return app.setupSQLite(app.config.Database.Path)
+}
+
+// NewSQLiteStore opens a SQLite database at the given path, runs migrations, and returns a Store.
+// Useful for testing or when constructing a store outside of a BootstrapApp.
+func NewSQLiteStore(databasePath string) (repository.Store, error) {
+	app := &BootstrapApp{}
+	return app.setupSQLite(databasePath)
+}
+
+func (app *BootstrapApp) setupSQLite(databasePath string) (repository.Store, error) {
 	dir := filepath.Dir(databasePath)

 	if err := os.MkdirAll(dir, 0750); err != nil {
@@ -31,7 +44,7 @@ func (app *BootstrapApp) SetupDatabase(databasePath string) (*sql.DB, error) {
 	// if the sqlite connection starts being a bottleneck
 	db.SetMaxOpenConns(1)

-	migrations, err := iofs.New(assets.Migrations, "migrations")
+	migrations, err := iofs.New(assets.Migrations, "migrations/sqlite")

 	if err != nil {
 		return nil, fmt.Errorf("failed to create migrations: %w", err)
@@ -53,5 +66,5 @@ func (app *BootstrapApp) SetupDatabase(databasePath string) (*sql.DB, error) {
 		return nil, fmt.Errorf("failed to migrate database: %w", err)
 	}

-	return db, nil
+	return sqlite.New(db), nil
 }
@@ -18,7 +18,7 @@ type Services struct {
 	oidcService          *service.OIDCService
 }

-func (app *BootstrapApp) initServices(queries *repository.Queries) (Services, error) {
+func (app *BootstrapApp) initServices(queries repository.Store) (Services, error) {
 	services := Services{}

 	ldapService := service.NewLdapService(service.LdapServiceConfig{
@@ -95,7 +95,7 @@ type Config struct {
 }

 type DatabaseConfig struct {
-	Path string `description:"The path to the database, including file name." yaml:"path"`
+	Path string `description:"The path to the SQLite database, including file name." yaml:"path"`
 }

 type AnalyticsConfig struct {
@@ -15,7 +15,6 @@ import (
 	"github.com/tinyauthapp/tinyauth/internal/bootstrap"
 	"github.com/tinyauthapp/tinyauth/internal/config"
 	"github.com/tinyauthapp/tinyauth/internal/controller"
-	"github.com/tinyauthapp/tinyauth/internal/repository"
 	"github.com/tinyauthapp/tinyauth/internal/service"
 	"github.com/tinyauthapp/tinyauth/internal/utils/tlog"
 	"github.com/stretchr/testify/assert"
@@ -848,13 +847,10 @@ func TestOIDCController(t *testing.T) {
 		},
 	}

-	app := bootstrap.NewBootstrapApp(config.Config{})
-
-	db, err := app.SetupDatabase(path.Join(tempDir, "tinyauth.db"))
+	store, err := bootstrap.NewSQLiteStore(path.Join(tempDir, "tinyauth.db"))
 	require.NoError(t, err)

-	queries := repository.New(db)
-	oidcService := service.NewOIDCService(oidcServiceCfg, queries)
+	oidcService := service.NewOIDCService(oidcServiceCfg, store)
 	err = oidcService.Init()
 	require.NoError(t, err)

@@ -877,9 +873,4 @@ func TestOIDCController(t *testing.T) {
 			test.run(t, router, recorder)
 		})
 	}
-
-	t.Cleanup(func() {
-		err = db.Close()
-		require.NoError(t, err)
-	})
 }
@@ -9,7 +9,6 @@ import (
 	"github.com/tinyauthapp/tinyauth/internal/bootstrap"
 	"github.com/tinyauthapp/tinyauth/internal/config"
 	"github.com/tinyauthapp/tinyauth/internal/controller"
-	"github.com/tinyauthapp/tinyauth/internal/repository"
 	"github.com/tinyauthapp/tinyauth/internal/service"
 	"github.com/tinyauthapp/tinyauth/internal/utils/tlog"
 	"github.com/stretchr/testify/assert"
@@ -393,13 +392,9 @@ func TestProxyController(t *testing.T) {

 	oauthBrokerCfgs := make(map[string]config.OAuthServiceConfig)

-	app := bootstrap.NewBootstrapApp(config.Config{})
-
-	db, err := app.SetupDatabase(path.Join(tempDir, "tinyauth.db"))
+	store, err := bootstrap.NewSQLiteStore(path.Join(tempDir, "tinyauth.db"))
 	require.NoError(t, err)

-	queries := repository.New(db)
-
 	docker := service.NewDockerService()
 	err = docker.Init()
 	require.NoError(t, err)
@@ -412,7 +407,7 @@ func TestProxyController(t *testing.T) {
 	err = broker.Init()
 	require.NoError(t, err)

-	authService := service.NewAuthService(authServiceCfg, ldap, queries, broker)
+	authService := service.NewAuthService(authServiceCfg, ldap, store, broker)
 	err = authService.Init()
 	require.NoError(t, err)

@@ -437,9 +432,4 @@ func TestProxyController(t *testing.T) {
 			test.run(t, router, recorder)
 		})
 	}
-
-	t.Cleanup(func() {
-		err = db.Close()
-		require.NoError(t, err)
-	})
 }
@@ -13,7 +13,6 @@ import (
 	"github.com/tinyauthapp/tinyauth/internal/bootstrap"
 	"github.com/tinyauthapp/tinyauth/internal/config"
 	"github.com/tinyauthapp/tinyauth/internal/controller"
-	"github.com/tinyauthapp/tinyauth/internal/repository"
 	"github.com/tinyauthapp/tinyauth/internal/service"
 	"github.com/tinyauthapp/tinyauth/internal/utils/tlog"
 	"github.com/stretchr/testify/assert"
@@ -351,13 +350,9 @@ func TestUserController(t *testing.T) {

 	oauthBrokerCfgs := make(map[string]config.OAuthServiceConfig)

-	app := bootstrap.NewBootstrapApp(config.Config{})
-
-	db, err := app.SetupDatabase(path.Join(tempDir, "tinyauth.db"))
+	store, err := bootstrap.NewSQLiteStore(path.Join(tempDir, "tinyauth.db"))
 	require.NoError(t, err)

-	queries := repository.New(db)
-
 	docker := service.NewDockerService()
 	err = docker.Init()
 	require.NoError(t, err)
@@ -370,7 +365,7 @@ func TestUserController(t *testing.T) {
 	err = broker.Init()
 	require.NoError(t, err)

-	authService := service.NewAuthService(authServiceCfg, ldap, queries, broker)
+	authService := service.NewAuthService(authServiceCfg, ldap, store, broker)
 	err = authService.Init()
 	require.NoError(t, err)

@@ -435,9 +430,4 @@ func TestUserController(t *testing.T) {
 			test.run(t, router, recorder)
 		})
 	}
-
-	t.Cleanup(func() {
-		err = db.Close()
-		require.NoError(t, err)
-	})
 }
@@ -11,7 +11,6 @@ import (
 	"github.com/tinyauthapp/tinyauth/internal/bootstrap"
 	"github.com/tinyauthapp/tinyauth/internal/config"
 	"github.com/tinyauthapp/tinyauth/internal/controller"
-	"github.com/tinyauthapp/tinyauth/internal/repository"
 	"github.com/tinyauthapp/tinyauth/internal/service"
 	"github.com/tinyauthapp/tinyauth/internal/utils/tlog"
 	"github.com/stretchr/testify/assert"
@@ -101,14 +100,10 @@ func TestWellKnownController(t *testing.T) {
 		},
 	}

-	app := bootstrap.NewBootstrapApp(config.Config{})
-
-	db, err := app.SetupDatabase(path.Join(tempDir, "tinyauth.db"))
+	store, err := bootstrap.NewSQLiteStore(path.Join(tempDir, "tinyauth.db"))
 	require.NoError(t, err)

-	queries := repository.New(db)
-
-	oidcService := service.NewOIDCService(oidcServiceCfg, queries)
+	oidcService := service.NewOIDCService(oidcServiceCfg, store)
 	err = oidcService.Init()
 	require.NoError(t, err)

@@ -125,9 +120,4 @@ func TestWellKnownController(t *testing.T) {
 			test.run(t, router, recorder)
 		})
 	}
-
-	t.Cleanup(func() {
-		err = db.Close()
-		require.NoError(t, err)
-	})
 }
@@ -1,64 +1,19 @@
-// Code generated by sqlc. DO NOT EDIT.
-// versions:
-//   sqlc v1.30.0
-
 package repository

-type OidcCode struct {
-	Sub           string
-	CodeHash      string
-	Scope         string
-	RedirectURI   string
-	ClientID      string
-	ExpiresAt     int64
-	Nonce         string
-	CodeChallenge string
-}
+// This file is a stop-gap until more drivers are added. It re-exports the models from the sqlite package so that the rest
+// of the codebase can import them from a single location without needing to know about the underlying database implementation.

-type OidcToken struct {
-	Sub                   string
-	AccessTokenHash       string
-	RefreshTokenHash      string
-	CodeHash              string
-	Scope                 string
-	ClientID              string
-	TokenExpiresAt        int64
-	RefreshTokenExpiresAt int64
-	Nonce                 string
-}
+import "github.com/tinyauthapp/tinyauth/internal/repository/sqlite"

-type OidcUserinfo struct {
-	Sub               string
-	Name              string
-	PreferredUsername string
-	Email             string
-	Groups            string
-	UpdatedAt         int64
-	GivenName         string
-	FamilyName        string
-	MiddleName        string
-	Nickname          string
-	Profile           string
-	Picture           string
-	Website           string
-	Gender            string
-	Birthdate         string
-	Zoneinfo          string
-	Locale            string
-	PhoneNumber       string
-	Address           string
-}
+type Session = sqlite.Session
+type OidcCode = sqlite.OidcCode
+type OidcToken = sqlite.OidcToken
+type OidcUserinfo = sqlite.OidcUserinfo

-type Session struct {
-	UUID        string
-	Username    string
-	Email       string
-	Name        string
-	Provider    string
-	TotpPending bool
-	OAuthGroups string
-	Expiry      int64
-	CreatedAt   int64
-	OAuthName   string
-	OAuthSub    string
-}
+type CreateSessionParams = sqlite.CreateSessionParams
+type UpdateSessionParams = sqlite.UpdateSessionParams
+type CreateOidcCodeParams = sqlite.CreateOidcCodeParams
+type CreateOidcTokenParams = sqlite.CreateOidcTokenParams
+type UpdateOidcTokenByRefreshTokenParams = sqlite.UpdateOidcTokenByRefreshTokenParams
+type DeleteExpiredOidcTokensParams = sqlite.DeleteExpiredOidcTokensParams
+type CreateOidcUserInfoParams = sqlite.CreateOidcUserInfoParams
@@ -1,8 +1,8 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
-//   sqlc v1.30.0
+//   sqlc v1.31.0

-package repository
+package sqlite

 import (
 	"context"
@@ -0,0 +1,64 @@
+// Code generated by sqlc. DO NOT EDIT.
+// versions:
+//   sqlc v1.31.0
+
+package sqlite
+
+type OidcCode struct {
+	Sub           string
+	CodeHash      string
+	Scope         string
+	RedirectURI   string
+	ClientID      string
+	ExpiresAt     int64
+	Nonce         string
+	CodeChallenge string
+}
+
+type OidcToken struct {
+	Sub                   string
+	AccessTokenHash       string
+	RefreshTokenHash      string
+	CodeHash              string
+	Scope                 string
+	ClientID              string
+	TokenExpiresAt        int64
+	RefreshTokenExpiresAt int64
+	Nonce                 string
+}
+
+type OidcUserinfo struct {
+	Sub               string
+	Name              string
+	PreferredUsername string
+	Email             string
+	Groups            string
+	UpdatedAt         int64
+	GivenName         string
+	FamilyName        string
+	MiddleName        string
+	Nickname          string
+	Profile           string
+	Picture           string
+	Website           string
+	Gender            string
+	Birthdate         string
+	Zoneinfo          string
+	Locale            string
+	PhoneNumber       string
+	Address           string
+}
+
+type Session struct {
+	UUID        string
+	Username    string
+	Email       string
+	Name        string
+	Provider    string
+	TotpPending bool
+	OAuthGroups string
+	Expiry      int64
+	CreatedAt   int64
+	OAuthName   string
+	OAuthSub    string
+}
@@ -1,9 +1,9 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
-//   sqlc v1.30.0
+//   sqlc v1.31.0
 // source: oidc_queries.sql

-package repository
+package sqlite

 import (
 	"context"
@@ -1,9 +1,9 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
-//   sqlc v1.30.0
+//   sqlc v1.31.0
 // source: session_queries.sql

-package repository
+package sqlite

 import (
 	"context"
@@ -0,0 +1,41 @@
+package repository
+
+import "context"
+
+// Store is the interface that all storage drivers must implement.
+// The sqlc-generated *Queries struct satisfies this interface for SQLite.
+// Future drivers (postgres, etc.) must return the shared types defined in this package.
+type Store interface {
+	// Sessions
+	CreateSession(ctx context.Context, arg CreateSessionParams) (Session, error)
+	GetSession(ctx context.Context, uuid string) (Session, error)
+	UpdateSession(ctx context.Context, arg UpdateSessionParams) (Session, error)
+	DeleteSession(ctx context.Context, uuid string) error
+	DeleteExpiredSessions(ctx context.Context, expiry int64) error
+
+	// OIDC codes
+	CreateOidcCode(ctx context.Context, arg CreateOidcCodeParams) (OidcCode, error)
+	GetOidcCode(ctx context.Context, codeHash string) (OidcCode, error)
+	GetOidcCodeBySub(ctx context.Context, sub string) (OidcCode, error)
+	GetOidcCodeUnsafe(ctx context.Context, codeHash string) (OidcCode, error)
+	GetOidcCodeBySubUnsafe(ctx context.Context, sub string) (OidcCode, error)
+	DeleteOidcCode(ctx context.Context, codeHash string) error
+	DeleteOidcCodeBySub(ctx context.Context, sub string) error
+	DeleteExpiredOidcCodes(ctx context.Context, expiresAt int64) ([]OidcCode, error)
+
+	// OIDC tokens
+	CreateOidcToken(ctx context.Context, arg CreateOidcTokenParams) (OidcToken, error)
+	GetOidcToken(ctx context.Context, accessTokenHash string) (OidcToken, error)
+	GetOidcTokenByRefreshToken(ctx context.Context, refreshTokenHash string) (OidcToken, error)
+	GetOidcTokenBySub(ctx context.Context, sub string) (OidcToken, error)
+	UpdateOidcTokenByRefreshToken(ctx context.Context, arg UpdateOidcTokenByRefreshTokenParams) (OidcToken, error)
+	DeleteOidcToken(ctx context.Context, accessTokenHash string) error
+	DeleteOidcTokenBySub(ctx context.Context, sub string) error
+	DeleteOidcTokenByCodeHash(ctx context.Context, codeHash string) error
+	DeleteExpiredOidcTokens(ctx context.Context, arg DeleteExpiredOidcTokensParams) ([]OidcToken, error)
+
+	// OIDC userinfo
+	CreateOidcUserInfo(ctx context.Context, arg CreateOidcUserInfoParams) (OidcUserinfo, error)
+	GetOidcUserInfo(ctx context.Context, sub string) (OidcUserinfo, error)
+	DeleteOidcUserInfo(ctx context.Context, sub string) error
+}
@@ -90,14 +90,14 @@ type AuthService struct {
 	loginMutex           sync.RWMutex
 	ldapGroupsMutex      sync.RWMutex
 	ldap                 *LdapService
-	queries              *repository.Queries
+	queries              repository.Store
 	oauthBroker          *OAuthBrokerService
 	lockdown             *Lockdown
 	lockdownCtx          context.Context
 	lockdownCancelFunc   context.CancelFunc
 }

-func NewAuthService(config AuthServiceConfig, ldap *LdapService, queries *repository.Queries, oauthBroker *OAuthBrokerService) *AuthService {
+func NewAuthService(config AuthServiceConfig, ldap *LdapService, queries repository.Store, oauthBroker *OAuthBrokerService) *AuthService {
 	return &AuthService{
 		config:               config,
 		loginAttempts:        make(map[string]*LoginAttempt),
@@ -121,7 +121,7 @@ type OIDCServiceConfig struct {

 type OIDCService struct {
 	config       OIDCServiceConfig
-	queries      *repository.Queries
+	queries      repository.Store
 	clients      map[string]config.OIDCClientConfig
 	privateKey   *rsa.PrivateKey
 	publicKey    crypto.PublicKey
@@ -129,7 +129,7 @@ type OIDCService struct {
 	isConfigured bool
 }

-func NewOIDCService(config OIDCServiceConfig, queries *repository.Queries) *OIDCService {
+func NewOIDCService(config OIDCServiceConfig, queries repository.Store) *OIDCService {
 	return &OIDCService{
 		config:  config,
 		queries: queries,
@@ -1,12 +1,12 @@
 version: "2"
 sql:
  - engine: "sqlite"
-    queries: "sql/*_queries.sql"
-    schema: "sql/*_schemas.sql"
+    queries: "sql/sqlite/*_queries.sql"
+    schema: "sql/sqlite/*_schemas.sql"
    gen:
      go:
-        package: "repository"
-        out: "internal/repository"
+        package: "sqlite"
+        out: "internal/repository/sqlite"
        rename:
          uuid: "UUID"
          oauth_groups: "OAuthGroups"