ffa60c90b1
Remove key_identity indirection table, storing public keys and nonces directly on client tables. Replace AuthResponse with AuthOk, add a BootstrapActor to manage token lifecycle, and move user agent stream handling into the actor module.
31 lines
1.3 KiB
SQL
31 lines
1.3 KiB
SQL
create table if not exists aead_encrypted (
|
|
id INTEGER not null PRIMARY KEY,
|
|
current_nonce integer not null default(1), -- if re-encrypted, this should be incremented
|
|
ciphertext blob not null,
|
|
tag blob not null,
|
|
schema_version integer not null default(1) -- server would need to reencrypt, because this means that we have changed algorithm
|
|
) STRICT;
|
|
|
|
-- This is a singleton
|
|
create table if not exists arbiter_settings (
|
|
id INTEGER not null PRIMARY KEY CHECK (id = 1), -- singleton row, id must be 1
|
|
root_key_id integer references aead_encrypted (id) on delete RESTRICT, -- if null, means wasn't bootstrapped yet
|
|
cert_key blob not null,
|
|
cert blob not null
|
|
) STRICT;
|
|
|
|
create table if not exists useragent_client (
|
|
id integer not null primary key,
|
|
nonce integer not null default (1), -- used for auth challenge
|
|
public_key blob not null,
|
|
created_at integer not null default(unixepoch ('now')),
|
|
updated_at integer not null default(unixepoch ('now'))
|
|
) STRICT;
|
|
|
|
create table if not exists program_client (
|
|
id integer not null primary key,
|
|
nonce integer not null default (1), -- used for auth challenge
|
|
public_key blob not null,
|
|
created_at integer not null default(unixepoch ('now')),
|
|
updated_at integer not null default(unixepoch ('now'))
|
|
) STRICT; |