feat(auth): simplify auth model and implement bootstrap flow

Remove key_identity indirection table, storing public keys and nonces directly on client tables. Replace AuthResponse with AuthOk, add a BootstrapActor to manage token lifecycle, and move user agent stream handling into the actor module.
2026-02-13 17:55:56 +01:00
parent 8fb7a04102
commit ffa60c90b1
8 changed files with 256 additions and 134 deletions
--- a/server/crates/arbiter-server/src/db/models.rs
+++ b/server/crates/arbiter-server/src/db/models.rs
@@ -28,21 +28,12 @@ pub struct ArbiterSetting {
    pub cert: Vec<u8>,
 }

-#[derive(Queryable, Debug)]
-#[diesel(table_name = schema::key_identity, check_for_backend(Sqlite))]
-pub struct KeyIdentity {
-    pub id: i32,
-    pub name: String,
-    pub public_key: String,
-    pub created_at: i32,
-    pub updated_at: i32,
-}
-
 #[derive(Queryable, Debug)]
 #[diesel(table_name = schema::program_client, check_for_backend(Sqlite))]
 pub struct ProgramClient {
    pub id: i32,
-    pub key_identity_id: i32,
+    pub public_key: Vec<u8>,
+    pub nonce: i32,
    pub created_at: i32,
    pub updated_at: i32,
 }
@@ -51,7 +42,8 @@ pub struct ProgramClient {
 #[diesel(table_name = schema::useragent_client, check_for_backend(Sqlite))]
 pub struct UseragentClient {
    pub id: i32,
-    pub key_identity_id: i32,
+    pub public_key: Vec<u8>,
+    pub nonce: i32,
    pub created_at: i32,
    pub updated_at: i32,
 }
--- a/server/crates/arbiter-server/src/db/schema.rs
+++ b/server/crates/arbiter-server/src/db/schema.rs
@@ -19,20 +19,11 @@ diesel::table! {
    }
 }

-diesel::table! {
-    key_identity (id) {
-        id -> Integer,
-        name -> Text,
-        public_key -> Text,
-        created_at -> Integer,
-        updated_at -> Integer,
-    }
-}
-
 diesel::table! {
    program_client (id) {
        id -> Integer,
-        key_identity_id -> Integer,
+        nonce -> Integer,
+        public_key -> Binary,
        created_at -> Integer,
        updated_at -> Integer,
    }
@@ -41,20 +32,18 @@ diesel::table! {
 diesel::table! {
    useragent_client (id) {
        id -> Integer,
-        key_identity_id -> Integer,
+        nonce -> Integer,
+        public_key -> Binary,
        created_at -> Integer,
        updated_at -> Integer,
    }
 }

 diesel::joinable!(arbiter_settings -> aead_encrypted (root_key_id));
-diesel::joinable!(program_client -> key_identity (key_identity_id));
-diesel::joinable!(useragent_client -> key_identity (key_identity_id));

 diesel::allow_tables_to_appear_in_same_query!(
    aead_encrypted,
    arbiter_settings,
-    key_identity,
    program_client,
    useragent_client,
 );