| 28 | } |
| 29 | |
| 30 | pub async fn call(&self, pool: &PgPool) -> Result<CreateSessionResult> { |
| 31 | // The actor in this case is the downstream server, whose identity was verified by comparing |
| 32 | // the server secret provided with the one we have. In the future, perhaps it would be good |
| 33 | // to use a service account here? |
| 34 | |
| 35 | let UpsertUserResult { user } = UpsertRegisteredUser::new(&self.input).call(pool).await?; |
| 36 | |
| 37 | let result = sqlx::query_as::<_, DatabaseSession>( |
| 38 | r#"insert into sessions (user_id) values ($1) |
| 39 | returning encode(session_id, 'hex') session_id, user_id"#, |
| 40 | ) |
| 41 | .bind(user.id) |
| 42 | .fetch_one(pool) |
| 43 | .await?; |
| 44 | |
| 45 | let personal_repo_ids = sqlx::query_as::<_, (Uuid,)>( |
| 46 | "select repository_id |
| 47 | from users_repositories |
| 48 | where user_id = $1 and is_personal_repo", |
| 49 | ) |
| 50 | .bind(user.id) |
| 51 | .fetch_all(pool) |
| 52 | .await? |
| 53 | .iter() |
| 54 | .map(|(id,)| id.try_into()) |
| 55 | .collect::<Result<Vec<RepoId>>>()?; |
| 56 | |
| 57 | log::debug!( |
| 58 | "session id for user {:?}: {:?}", |
| 59 | user.name, |
| 60 | result.session_id |
| 61 | ); |
| 62 | |
| 63 | Ok(CreateSessionResult { |
| 64 | alerts: vec![], |
| 65 | user, |
| 66 | session_id: result.session_id, |
| 67 | personal_repo_ids, |
| 68 | }) |
| 69 | } |
| 70 | } |
| 71 | |
| 72 | pub struct DeleteSession { |