Add expired/revoked scopes for doorkeeper models via extension modules (#29936)

2024-06-11 04:50:51 -04:00 · 2024-06-11 04:50:51 -04:00 · 665f6f09a0
commit 665f6f09a0
parent 1622f7aeb9
5 changed files with 20 additions and 5 deletions
--- a/app/lib/access_grant_extension.rb
+++ b/app/lib/access_grant_extension.rb
@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module AccessGrantExtension
+  extend ActiveSupport::Concern
+
+  included do
+    scope :expired, -> { where.not(expires_in: nil).where('created_at + MAKE_INTERVAL(secs => expires_in) < NOW()') }
+    scope :revoked, -> { where.not(revoked_at: nil).where(revoked_at: ...Time.now.utc) }
+  end
+end
--- a/app/lib/access_token_extension.rb
+++ b/app/lib/access_token_extension.rb
@ -9,6 +9,10 @@ module AccessTokenExtension
    has_many :web_push_subscriptions, class_name: 'Web::PushSubscription', inverse_of: :access_token

    after_commit :push_to_streaming_api
+
+    scope :expired, -> { where.not(expires_in: nil).where('created_at + MAKE_INTERVAL(secs => expires_in) < NOW()') }
+    scope :not_revoked, -> { where(revoked_at: nil) }
+    scope :revoked, -> { where.not(revoked_at: nil).where(revoked_at: ...Time.now.utc) }
  end

  def revoke(clock = Time)
--- a/app/lib/vacuum/access_tokens_vacuum.rb
+++ b/app/lib/vacuum/access_tokens_vacuum.rb
@ -9,12 +9,12 @@ class Vacuum::AccessTokensVacuum
  private

  def vacuum_revoked_access_tokens!
-    Doorkeeper::AccessToken.where.not(expires_in: nil).where('created_at + make_interval(secs => expires_in) < NOW()').in_batches.delete_all
-    Doorkeeper::AccessToken.where.not(revoked_at: nil).where('revoked_at < NOW()').in_batches.delete_all
+    Doorkeeper::AccessToken.expired.in_batches.delete_all
+    Doorkeeper::AccessToken.revoked.in_batches.delete_all
  end

  def vacuum_revoked_access_grants!
-    Doorkeeper::AccessGrant.where.not(expires_in: nil).where('created_at + make_interval(secs => expires_in) < NOW()').in_batches.delete_all
-    Doorkeeper::AccessGrant.where.not(revoked_at: nil).where('revoked_at < NOW()').in_batches.delete_all
+    Doorkeeper::AccessGrant.expired.in_batches.delete_all
+    Doorkeeper::AccessGrant.revoked.in_batches.delete_all
  end
 end
--- a/app/models/web/push_subscription.rb
+++ b/app/models/web/push_subscription.rb
@ -75,7 +75,7 @@ class Web::PushSubscription < ApplicationRecord

  class << self
    def unsubscribe_for(application_id, resource_owner)
-      access_token_ids = Doorkeeper::AccessToken.where(application_id: application_id, resource_owner_id: resource_owner.id, revoked_at: nil).pluck(:id)
+      access_token_ids = Doorkeeper::AccessToken.where(application_id: application_id, resource_owner_id: resource_owner.id).not_revoked.pluck(:id)
      where(access_token_id: access_token_ids).delete_all
    end
  end
--- a/config/application.rb
+++ b/config/application.rb
@ -115,6 +115,7 @@ module Mastodon
      Doorkeeper::AuthorizationsController.layout 'modal'
      Doorkeeper::AuthorizedApplicationsController.layout 'admin'
      Doorkeeper::Application.include ApplicationExtension
+      Doorkeeper::AccessGrant.include AccessGrantExtension
      Doorkeeper::AccessToken.include AccessTokenExtension
      Devise::FailureApp.include AbstractController::Callbacks
      Devise::FailureApp.include Localized