refactor: change database design

migrations/20210810131733_create_user_table.sql

@@ -1,16 +1,13 @@
 CREATE TABLE users (
-    user_id UUID NOT NULL UNIQUE DEFAULT gen_random_uuid() PRIMARY KEY,
+    "id" UUID NOT NULL UNIQUE DEFAULT uuid_generate_v4() PRIMARY KEY,
     -- we have to create an index for the username because it is used all the time
-    username VARCHAR(16) NOT NULL UNIQUE CONSTRAINT check_username CHECK (username ~* '^[a-z0-9_]{3,16}$'),
-    -- A argon2 hash. It uses a PHC string to represent the hash and the salt
-    hash TEXT NOT NULL,
+    -- an username is used by other users to identify each other
+    -- also, the user's certificate must contain this username as an userid
+    -- with the minkan host e.g. `[email protected]`
+    "username" VARCHAR(16) NOT NULL UNIQUE CONSTRAINT check_username CHECK (username ~* '^[a-z0-9_]{3,16}$'),
     -- times ALWAYS in UTC
-    created_at TIMESTAMPTZ NOT NULL DEFAULT current_timestamp,
-    token_expiry TIMESTAMPTZ NOT NULL DEFAULT current_timestamp,
-    -- the backend server has to make sure that this is unique and that the cert's uid
-    -- containts the username and there's no other pub cer with that fingerprint in 
-    -- pub_certs
-    enc_cert BYTEA NOT NULL,
-    suspended BOOLEAN NOT NULL DEFAULT false,
-    suspended_reason TEXT
+    "created_at" TIMESTAMPTZ NOT NULL DEFAULT current_timestamp,
+    -- this should prevent the user from taking any actions
+    "suspended" BOOLEAN NOT NULL DEFAULT false,
+    "suspended_reason" TEXT
 );

migrations/20210810131847_create_cert_table.sql

@@ -0,0 +1,13 @@
+CREATE TABLE certificates (
+    "user_id" UUID NOT NULL UNIQUE REFERENCES users(id) PRIMARY KEY,
+    -- a pgp fingerprint is a sha-1 hash which is hex encoded without spaces
+    -- and all UPPERCASE
+    "fingerprint" VARCHAR(40) NOT NULL UNIQUE CONSTRAINT check_sha1_uppercase_hex 
+        -- a sha1 hash in uppercase hex
+        CHECK (fingerprint ~* '^[A-F0-9]{40}$'),
+    -- all openpgp packets for this certificate
+    -- Note: if the user uploaded a certificate with encrypted secret key 
+    -- material, this will be in here, so remember not to return it. 
+    -- e.g. dont use https://docs.rs/sequoia-openpgp/1.6.0/sequoia_openpgp/struct.Cert.html#method.as_tsk when exporting the certificate
+    "body" BYTEA NOT NULL
+);

migrations/20210919114416_create_certifications_table.sql

@@ -1,17 +1,17 @@
 CREATE TABLE certifications (
     -- the fingerprint of the certifying certificate
     -- this links the actual user that created the certification
-    -- in the pub_certs table
-    certifier_cert VARCHAR(40) NOT NULL REFERENCES pub_certs(cert_fingerprint),
+    -- in the certificates table
+    "certifier_cert" VARCHAR(40) NOT NULL REFERENCES certificates(fingerprint),
     -- the certificate this certification is for
     -- it's actually a userid packet of a certificate
     -- but because we assume that a user's name is the only userid
     -- of a certificate, this is okay because there can only be
     -- one certification for one userid 
-    target_cert VARCHAR(40) NOT NULL REFERENCES pub_certs(cert_fingerprint)
+    "target_cert" VARCHAR(40) NOT NULL REFERENCES certificates(fingerprint)
     -- a user shouldn't certify itself
     CONSTRAINT check_no_self_signature CHECK (certifier_cert != target_cert),
     -- the actual certification a openpgp implementation can verify
     -- its a openpgp signature packet
-    certification BYTEA NOT NULL
+    "body" BYTEA NOT NULL
 )

migrations/20210925182107_set_primary_key_certifications.sql

@@ -1,2 +1,2 @@
 -- only one certification for one user by one other user
-ALTER TABLE certifications ADD PRIMARY KEY (certifier_cert, target_cert)
+ALTER TABLE "certifications" ADD PRIMARY KEY ("certifier_cert", "target_cert")