kych

clients.rs (6560B)

---

 // Database operations for clients table
 
 use sqlx::PgPool;
 use anyhow::Result;
 use uuid::Uuid;
 use chrono::{DateTime, Utc};
 
 /// Client registration record
 #[derive(Debug, Clone, sqlx::FromRow)]
 pub struct Client {
     pub id: Uuid,
     pub client_id: String,
     pub secret_hash: String,
     pub webhook_url: String,
     pub verifier_url: String,
     pub verifier_management_api_path: String,
     pub redirect_uri: Option<String>,
     pub accepted_issuer_dids: Option<String>,
     pub created_at: DateTime<Utc>,
     pub updated_at: DateTime<Utc>,
 }
 
 /// Register a new client
 pub async fn register_client(
     pool: &PgPool,
     client_id: &str,
     client_secret: &str,
     webhook_url: &str,
     verifier_url: &str,
     verifier_management_api_path: Option<&str>,
     redirect_uri: Option<&str>,
     accepted_issuer_dids: Option<&str>,
 ) -> Result<Client> {
     let api_path = verifier_management_api_path
         .unwrap_or("/management/api/verifications");
 
     let secret_hash = bcrypt::hash(client_secret, bcrypt::DEFAULT_COST)?;
 
     let client = sqlx::query_as::<_, Client>(
         r#"
         INSERT INTO oauth2gw.clients
             (client_id, secret_hash, webhook_url, verifier_url, verifier_management_api_path, redirect_uri, accepted_issuer_dids)
         VALUES ($1, $2, $3, $4, $5, $6, $7)
         RETURNING id, client_id, secret_hash, webhook_url, verifier_url,
                   verifier_management_api_path, redirect_uri, accepted_issuer_dids, created_at, updated_at
         "#
     )
     .bind(client_id)
     .bind(secret_hash)
     .bind(webhook_url)
     .bind(verifier_url)
     .bind(api_path)
     .bind(redirect_uri)
     .bind(accepted_issuer_dids)
     .fetch_one(pool)
     .await?;
 
     Ok(client)
 }
 
 /// Lookup client by client_id
 pub async fn get_client_by_id(
     pool: &PgPool,
     client_id: &str
 ) -> Result<Option<Client>> {
     let client = sqlx::query_as::<_, Client>(
         r#"
         SELECT id, client_id, secret_hash, webhook_url, verifier_url,
                verifier_management_api_path, redirect_uri, accepted_issuer_dids, created_at, updated_at
         FROM oauth2gw.clients
         WHERE client_id = $1
         "#
     )
     .bind(client_id)
     .fetch_optional(pool)
     .await?;
 
     Ok(client)
 }
 
 /// Lookup client by UUID
 pub async fn get_client_by_uuid(
     pool: &PgPool,
     id: Uuid
 ) -> Result<Option<Client>> {
     let client = sqlx::query_as::<_, Client>(
         r#"
         SELECT id, client_id, secret_hash, webhook_url, verifier_url,
                verifier_management_api_path, redirect_uri, accepted_issuer_dids, created_at, updated_at
         FROM oauth2gw.clients
         WHERE id = $1
         "#
     )
     .bind(id)
     .fetch_optional(pool)
     .await?;
 
     Ok(client)
 }
 
 /// Get client secret hash by client_id
 ///
 /// Returns the secret hash if client exists, None otherwise
 pub async fn get_client_secret_hash(
     pool: &PgPool,
     client_id: &str,
 ) -> Result<Option<String>> {
     let result = sqlx::query_scalar::<_, String>(
         r#"
         SELECT secret_hash
         FROM oauth2gw.clients
         WHERE client_id = $1
         "#
     )
     .bind(client_id)
     .fetch_optional(pool)
     .await?;
 
     Ok(result)
 }
 
 /// Authenticate a client by validating client_secret
 ///
 /// Returns the client if authentication succeeds, None otherwise
 pub async fn authenticate_client(
     pool: &PgPool,
     client_id: &str,
     client_secret: &str
 ) -> Result<Option<Client>> {
     let client = sqlx::query_as::<_, Client>(
         r#"
         SELECT id, client_id, secret_hash, webhook_url, verifier_url,
                verifier_management_api_path, redirect_uri, accepted_issuer_dids, created_at, updated_at
         FROM oauth2gw.clients
         WHERE client_id = $1
         "#
     )
     .bind(client_id)
     .fetch_optional(pool)
     .await?;
 
     match client {
         Some(c) => {
             if bcrypt::verify(client_secret, &c.secret_hash)? {
                 Ok(Some(c))
             } else {
                 Ok(None)
             }
         }
         None => Ok(None)
     }
 }
 
 /// Update client configuration
 pub async fn update_client(
     pool: &PgPool,
     id: Uuid,
     webhook_url: Option<&str>,
     verifier_url: Option<&str>,
     verifier_management_api_path: Option<&str>,
     redirect_uri: Option<&str>,
     accepted_issuer_dids: Option<&str>,
 ) -> Result<Client> {
     let current = get_client_by_uuid(pool, id).await?
         .ok_or_else(|| anyhow::anyhow!("Client not found"))?;
 
     let new_webhook_url = webhook_url.unwrap_or(&current.webhook_url);
     let new_verifier_url = verifier_url.unwrap_or(&current.verifier_url);
     let new_verifier_api_path = verifier_management_api_path
         .unwrap_or(&current.verifier_management_api_path);
     let new_redirect_uri = redirect_uri.or(current.redirect_uri.as_deref());
     let new_accepted_issuer_dids = accepted_issuer_dids.or(current.accepted_issuer_dids.as_deref());
 
     let client = sqlx::query_as::<_, Client>(
         r#"
         UPDATE oauth2gw.clients
         SET
             webhook_url = $1,
             verifier_url = $2,
             verifier_management_api_path = $3,
             redirect_uri = $4,
             accepted_issuer_dids = $5,
             updated_at = CURRENT_TIMESTAMP
         WHERE id = $6
         RETURNING id, client_id, secret_hash, webhook_url, verifier_url,
                   verifier_management_api_path, redirect_uri, accepted_issuer_dids, created_at, updated_at
         "#
     )
     .bind(new_webhook_url)
     .bind(new_verifier_url)
     .bind(new_verifier_api_path)
     .bind(new_redirect_uri)
     .bind(new_accepted_issuer_dids)
     .bind(id)
     .fetch_one(pool)
     .await?;
 
     Ok(client)
 }
 
 /// Delete a client (and cascade delete all associated sessions)
 /// 
 /// WARNING: Deletes all associated data as well! (e.g., verifications)!
 pub async fn delete_client(
     pool: &PgPool,
     id: Uuid
 ) -> Result<bool> {
     let result = sqlx::query(
         r#"
         DELETE FROM oauth2gw.clients
         WHERE id = $1
         "#
     )
     .bind(id)
     .execute(pool)
     .await?;
 
     Ok(result.rows_affected() > 0)
 }
 
 /// List all registered clients
 pub async fn list_clients(pool: &PgPool) -> Result<Vec<Client>> {
     let clients = sqlx::query_as::<_, Client>(
         r#"
         SELECT id, client_id, secret_hash, webhook_url, verifier_url,
                verifier_management_api_path, redirect_uri, accepted_issuer_dids, created_at, updated_at
         FROM oauth2gw.clients
         ORDER BY created_at DESC
         "#
     )
     .fetch_all(pool)
     .await?;
 
     Ok(clients)
 }