datastore method for access token lookup by token

Author: david-crespo

nexus/db-lookup/src/lookup.rs

@@ -219,19 +219,11 @@ impl<'a> LookupPath<'a> {
         )
     }
 
+    // TODO: do the same conversion for this
+
     /// Select a resource of type DeviceAccessToken, identified by its `token`
-    pub fn device_access_token<'b, 'c>(
-        self,
-        token: &'b str,
-    ) -> DeviceAccessToken<'c>
-    where
-        'a: 'c,
-        'b: 'c,
-    {
-        DeviceAccessToken::PrimaryKey(
-            Root { lookup_root: self },
-            token.to_string(),
-        )
+    pub fn device_access_token_id(self, id: Uuid) -> DeviceAccessToken<'a> {
+        DeviceAccessToken::PrimaryKey(Root { lookup_root: self }, id)
     }
 
     /// Select a resource of type RoleBuiltin, identified by its `name`
@@ -772,7 +764,7 @@ lookup_resource! {
     lookup_by_name = false,
     soft_deletes = false,
     primary_key_columns = [
-        { column_name = "token", rust_type = String },
+        { column_name = "id", rust_type = Uuid },
     ]
 }
 

nexus/db-queries/src/db/datastore/device_auth.rs

@@ -13,6 +13,7 @@ use async_bb8_diesel::AsyncRunQueryDsl;
 use diesel::prelude::*;
 use nexus_db_errors::ErrorHandler;
 use nexus_db_errors::public_error_from_diesel;
+use nexus_db_schema::schema::device_access_token;
 use omicron_common::api::external::CreateResult;
 use omicron_common::api::external::Error;
 use omicron_common::api::external::LookupResult;
@@ -21,6 +22,23 @@ use omicron_common::api::external::ResourceType;
 use uuid::Uuid;
 
 impl DataStore {
+    pub async fn device_token_lookup_by_token(
+        &self,
+        opctx: &OpContext,
+        token: String,
+    ) -> LookupResult<DeviceAccessToken> {
+        // TODO: some special system authz because the presence of the token _is_ the authz
+        device_access_token::table
+            .filter(device_access_token::token.eq(token))
+            .select(DeviceAccessToken::as_returning())
+            .get_result_async(&*self.pool_connection_authorized(opctx).await?)
+            .await
+            .map_err(|_e| Error::ObjectNotFound {
+                type_name: ResourceType::DeviceAccessToken,
+                lookup_type: LookupType::ByOther("access token".to_string()),
+            })
+    }
+
     /// Start a device authorization grant flow by recording the request
     /// and initial response parameters.
     pub async fn device_auth_request_create(

nexus/src/app/device_auth.rs

@@ -166,9 +166,9 @@ impl super::Nexus {
         opctx: &OpContext,
         token: String,
     ) -> Result<Actor, Reason> {
-        let (.., db_access_token) = LookupPath::new(opctx, &self.db_datastore)
-            .device_access_token(&token)
-            .fetch()
+        let db_access_token = self
+            .db_datastore
+            .device_token_lookup_by_token(opctx, token)
             .await
             .map_err(|e| match e {
                 Error::ObjectNotFound { .. } => Reason::UnknownActor {