search

kamu-data / kamu-cli

Next-generation decentralized data lakehouse and a multi-party stream processing network
https://kamu.dev
Other
300 stars 13 forks source link

Account Tokens: MySQL allows only one revoked token #810

Open s373r opened 1 month ago

s373r commented 1 month ago

Describe the bug

The idx_account_token_name index is incorrectly supplied:

CREATE TABLE access_tokens (
    id CHAR(36) NOT NULL PRIMARY KEY,
    token_name VARCHAR(100) NOT NULL,
    token_hash BINARY(32) NOT NULL,
    created_at TIMESTAMP(6) NOT NULL,
    revoked_at TIMESTAMP(6),
    revoked_at_is_null BOOLEAN GENERATED ALWAYS AS (revoked_at IS NULL),
    account_id VARCHAR(100) NOT NULL REFERENCES accounts(id),
   UNIQUE KEY idx_account_token_name (account_id, token_name, revoked_at_is_null)
);

In PostgreSQL, we have a similar index that provides us with the ability to have multiple revoked tokens and one active token (expected behavior) :

CREATE UNIQUE INDEX idx_access_tokens_account_id_token_name
    ON access_tokens(account_id, token_name) 
    WHERE revoked_at IS NULL;

Steps To Reproduce

  1. Run kamu-cli with MySQL as database
  2. Create & revoke the first token
  3. Create & revoke the second token (w/ same name)
  4. Create & revoke the third token (w/ same name)

Current Behavior

MySQL error:

[23000][1062] (conn=11) Duplicate entry '1-token-name-0' for key 'idx_account_token_name'

Expected Behavior

No errors

kamu system info

-

Logs

No response

Anything else?

No response