A community based topic aggregation platform built on atproto
bretton.dev
1-- +goose Up
2-- Add columns for mobile OAuth CSRF protection with server-side state
3-- This ties the CSRF token to the OAuth state, allowing validation against
4-- a value that comes back through the OAuth response (the state parameter)
5-- rather than only validating cookies against each other.
6
7ALTER TABLE oauth_requests
8 ADD COLUMN mobile_csrf_token TEXT,
9 ADD COLUMN mobile_redirect_uri TEXT;
10
11-- Index for quick lookup of mobile data when callback is received
12CREATE INDEX idx_oauth_requests_mobile_csrf ON oauth_requests(state)
13 WHERE mobile_csrf_token IS NOT NULL;
14
15COMMENT ON COLUMN oauth_requests.mobile_csrf_token IS 'CSRF token for mobile OAuth flows, validated against cookie on callback';
16COMMENT ON COLUMN oauth_requests.mobile_redirect_uri IS 'Mobile redirect URI (Universal Link) for this OAuth flow';
17
18-- +goose Down
19DROP INDEX IF EXISTS idx_oauth_requests_mobile_csrf;
20
21ALTER TABLE oauth_requests
22 DROP COLUMN IF EXISTS mobile_redirect_uri,
23 DROP COLUMN IF EXISTS mobile_csrf_token;