···

       
1
       
1
       
+
       
-- +goose Up

     

       
1
       
2
       
 
       
-- Add performance indexes for OAuth tables

     

       
2
       
3
       
 
       
-- Migration: 004_add_oauth_indexes.sql

     

       
3
       
4
       
 
       
-- Created: 2025-10-06

     
···

       
6
       
7
       
 
       
CREATE INDEX IF NOT EXISTS idx_oauth_sessions_did_expires

     

       
7
       
8
       
 
       
ON oauth_sessions(did, expires_at);

     

       
8
       
9
       
 
       


     

       
9
       
9
       
-
       
-- Partial index for active sessions (WHERE expires_at > NOW())

     

       
10
       
10
       
+
       
-- Index for active sessions expiration (removed WHERE clause due to NOW() immutability requirement)

     

       
10
       
11
       
 
       
-- This speeds up queries for non-expired sessions

     

       
11
       
12
       
 
       
CREATE INDEX IF NOT EXISTS idx_oauth_sessions_active

     

       
12
       
12
       
-
       
ON oauth_sessions(expires_at)

     

       
13
       
13
       
-
       
WHERE expires_at > NOW();

     

       
13
       
13
       
+
       
ON oauth_sessions(expires_at);

     

       
14
       
14
       
 
       


     

       
15
       
15
       
 
       
-- Index on oauth_requests expiration for faster cleanup

     

       
16
       
16
       
 
       
-- (Already exists via migration 003, but documenting here for completeness)

     

       
17
       
17
       
 
       
-- CREATE INDEX IF NOT EXISTS idx_oauth_requests_expires ON oauth_requests(expires_at);

     

       
18
       
18
       
+
       


     

       
19
       
19
       
+
       
-- +goose Down

     

       
20
       
20
       
+
       
DROP INDEX IF EXISTS idx_oauth_sessions_active;

     

       
21
       
21
       
+
       
DROP INDEX IF EXISTS idx_oauth_sessions_did_expires;

     

···

       
275
       
275
       
 
       
	sessionStore := oauthCore.NewPostgresSessionStore(db)

     

       
276
       
276
       
 
       


     

       
277
       
277
       
 
       
	testJWK := `{"alg":"ES256","crv":"P-256","d":"9tCMceYSgyZfO5KYOCm3rWEhXLqq2l4LjP7-PJtJKyk","kid":"oauth-client-key","kty":"EC","use":"sig","x":"EOYWEgZ2d-smTO6jh0f-9B7YSFYdlrvlryjuXTCrOjE","y":"_FR2jBcWNxoJl5cd1eq9sYtAs33No9AVtd42UyyWYi4"}`

     

       
278
       
278
       
-
       
	cookieSecret := "f1132c01b1a625a865c6c455a75ee793572cedb059cebe0c4c1ae4c446598f7d"

     

       
279
       
278
       
 
       


     

       
280
       
279
       
 
       
	tests := []struct {

     

       
281
       
280
       
 
       
		name           string

     
···

       
323
       
322
       
 
       
			defer os.Unsetenv("OAUTH_PRIVATE_JWK")

     

       
324
       
323
       
 
       


     

       
325
       
324
       
 
       
			// Create handler

     

       
326
       
326
       
-
       
			handler := oauth.NewCallbackHandler(sessionStore, cookieSecret)

     

       
325
       
325
       
+
       
			handler := oauth.NewCallbackHandler(sessionStore)

     

       
327
       
326
       
 
       


     

       
328
       
327
       
 
       
			// Build query string

     

       
329
       
328
       
 
       
			req := httptest.NewRequest("GET", "/oauth/callback", nil)