[feature] Refactor tokens, allow multiple app redirect_uris (#3849)

* [feature] Refactor tokens, allow multiple app redirect_uris

* move + tweak handlers a bit

* return error for unset oauth2.ClientStore funcs

* wrap UpdateToken with cache

* panic handling

* cheeky little time optimization

* unlock on error

8 files changed, 291 insertions, 69 deletions

diff --git a/internal/db/application.go b/internal/db/application.go
index 1011698bf..9f0109d59 100644
--- a/internal/db/application.go
+++ b/internal/db/application.go
@@ -36,15 +36,6 @@ type Application interface {
 	// DeleteApplicationByClientID deletes the application with corresponding client_id value from the database.
 	DeleteApplicationByClientID(ctx context.Context, clientID string) error
 
-	// GetClientByID fetches the application client from database with ID.
-	GetClientByID(ctx context.Context, id string) (*gtsmodel.Client, error)
-
-	// PutClient puts the given application client in the database.
-	PutClient(ctx context.Context, client *gtsmodel.Client) error
-
-	// DeleteClientByID deletes the application client from database with ID.
-	DeleteClientByID(ctx context.Context, id string) error
-
 	// GetAllTokens fetches all client oauth tokens from database.
 	GetAllTokens(ctx context.Context) ([]*gtsmodel.Token, error)
 
@@ -63,6 +54,9 @@ type Application interface {
 	// PutToken puts given client oauth token in the database.
 	PutToken(ctx context.Context, token *gtsmodel.Token) error
 
+	// UpdateToken updates the given token. Update all columns if no specific columns given.
+	UpdateToken(ctx context.Context, token *gtsmodel.Token, columns ...string) error
+
 	// DeleteTokenByID deletes client oauth token from database with ID.
 	DeleteTokenByID(ctx context.Context, id string) error
 
diff --git a/internal/db/bundb/admin.go b/internal/db/bundb/admin.go
index ff398fca5..a311d2fc5 100644
--- a/internal/db/bundb/admin.go
+++ b/internal/db/bundb/admin.go
@@ -341,6 +341,7 @@ func (a *adminDB) CreateInstanceApplication(ctx context.Context) error {
 	// instance account's ID so this is an easy check.
 	instanceAcct, err := a.state.DB.GetInstanceAccount(ctx, "")
 	if err != nil {
+		err := gtserror.Newf("db error getting instance account: %w", err)
 		return err
 	}
 
@@ -369,18 +370,14 @@ func (a *adminDB) CreateInstanceApplication(ctx context.Context) error {
 
 	clientID := instanceAcct.ID
 	clientSecret := uuid.NewString()
-	appID, err := id.NewRandomULID()
-	if err != nil {
-		return err
-	}
 
 	// Generate the application
 	// to put in the database.
 	app := &gtsmodel.Application{
-		ID:           appID,
+		ID:           id.NewULID(),
 		Name:         host + " instance application",
 		Website:      url,
-		RedirectURI:  url,
+		RedirectURIs: []string{url},
 		ClientID:     clientID,
 		ClientSecret: clientSecret,
 		Scopes:       "write:accounts",
@@ -388,19 +385,11 @@ func (a *adminDB) CreateInstanceApplication(ctx context.Context) error {
 
 	// Store it.
 	if err := a.state.DB.PutApplication(ctx, app); err != nil {
+		err := gtserror.Newf("db error storing instance application: %w", err)
 		return err
 	}
 
-	// Model an oauth client
-	// from the application.
-	oc := &gtsmodel.Client{
-		ID:     clientID,
-		Secret: clientSecret,
-		Domain: url,
-	}
-
-	// Store it.
-	return a.state.DB.PutClient(ctx, oc)
+	return nil
 }
 
 func (a *adminDB) GetInstanceApplication(ctx context.Context) (*gtsmodel.Application, error) {
diff --git a/internal/db/bundb/application.go b/internal/db/bundb/application.go
index 92fc5ea2b..d94c984d0 100644
--- a/internal/db/bundb/application.go
+++ b/internal/db/bundb/application.go
@@ -97,41 +97,6 @@ func (a *applicationDB) DeleteApplicationByClientID(ctx context.Context, clientI
 	return nil
 }
 
-func (a *applicationDB) GetClientByID(ctx context.Context, id string) (*gtsmodel.Client, error) {
-	return a.state.Caches.DB.Client.LoadOne("ID", func() (*gtsmodel.Client, error) {
-		var client gtsmodel.Client
-
-		if err := a.db.NewSelect().
-			Model(&client).
-			Where("? = ?", bun.Ident("id"), id).
-			Scan(ctx); err != nil {
-			return nil, err
-		}
-
-		return &client, nil
-	}, id)
-}
-
-func (a *applicationDB) PutClient(ctx context.Context, client *gtsmodel.Client) error {
-	return a.state.Caches.DB.Client.Store(client, func() error {
-		_, err := a.db.NewInsert().Model(client).Exec(ctx)
-		return err
-	})
-}
-
-func (a *applicationDB) DeleteClientByID(ctx context.Context, id string) error {
-	_, err := a.db.NewDelete().
-		Table("clients").
-		Where("? = ?", bun.Ident("id"), id).
-		Exec(ctx)
-	if err != nil {
-		return err
-	}
-
-	a.state.Caches.DB.Client.Invalidate("ID", id)
-	return nil
-}
-
 func (a *applicationDB) GetAllTokens(ctx context.Context) ([]*gtsmodel.Token, error) {
 	var tokenIDs []string
 
@@ -233,6 +198,18 @@ func (a *applicationDB) PutToken(ctx context.Context, token *gtsmodel.Token) err
 	})
 }
 
+func (a *applicationDB) UpdateToken(ctx context.Context, token *gtsmodel.Token, columns ...string) error {
+	return a.state.Caches.DB.Token.Store(token, func() error {
+		_, err := a.db.
+			NewUpdate().
+			Model(token).
+			Column(columns...).
+			Where("? = ?", bun.Ident("id"), token.ID).
+			Exec(ctx)
+		return err
+	})
+}
+
 func (a *applicationDB) DeleteTokenByID(ctx context.Context, id string) error {
 	_, err := a.db.NewDelete().
 		Table("tokens").
diff --git a/internal/db/bundb/application_test.go b/internal/db/bundb/application_test.go
index d03079f2a..b6b19319c 100644
--- a/internal/db/bundb/application_test.go
+++ b/internal/db/bundb/application_test.go
@@ -22,7 +22,6 @@ import (
 	"errors"
 	"reflect"
 	"testing"
-	"time"
 
 	"github.com/stretchr/testify/suite"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
@@ -45,12 +44,6 @@ func (suite *ApplicationTestSuite) TestGetApplicationBy() {
 
 	// isEqual checks if 2 application models are equal.
 	isEqual := func(a1, a2 gtsmodel.Application) bool {
-		// Clear database-set fields.
-		a1.CreatedAt = time.Time{}
-		a2.CreatedAt = time.Time{}
-		a1.UpdatedAt = time.Time{}
-		a2.UpdatedAt = time.Time{}
-
 		return reflect.DeepEqual(a1, a2)
 	}
 
diff --git a/internal/db/bundb/bundb_test.go b/internal/db/bundb/bundb_test.go
index 2fcf61aed..c128eca27 100644
--- a/internal/db/bundb/bundb_test.go
+++ b/internal/db/bundb/bundb_test.go
@@ -35,7 +35,6 @@ type BunDBStandardTestSuite struct {
 
 	// standard suite models
 	testTokens              map[string]*gtsmodel.Token
-	testClients             map[string]*gtsmodel.Client
 	testApplications        map[string]*gtsmodel.Application
 	testUsers               map[string]*gtsmodel.User
 	testAccounts            map[string]*gtsmodel.Account
@@ -62,7 +61,6 @@ type BunDBStandardTestSuite struct {
 
 func (suite *BunDBStandardTestSuite) SetupSuite() {
 	suite.testTokens = testrig.NewTestTokens()
-	suite.testClients = testrig.NewTestClients()
 	suite.testApplications = testrig.NewTestApplications()
 	suite.testUsers = testrig.NewTestUsers()
 	suite.testAccounts = testrig.NewTestAccounts()
diff --git a/internal/db/bundb/migrations/20250224105654_token_app_client_refactor.go b/internal/db/bundb/migrations/20250224105654_token_app_client_refactor.go
new file mode 100644
index 000000000..2d25c649e
--- /dev/null
+++ b/internal/db/bundb/migrations/20250224105654_token_app_client_refactor.go
@@ -0,0 +1,200 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package migrations
+
+import (
+	"context"
+
+	oldmodel "github.com/superseriousbusiness/gotosocial/internal/db/bundb/migrations/20211113114307_init"
+	newmodel "github.com/superseriousbusiness/gotosocial/internal/db/bundb/migrations/20250224105654_token_app_client_refactor"
+	"github.com/superseriousbusiness/gotosocial/internal/id"
+	"github.com/uptrace/bun"
+)
+
+func init() {
+	up := func(ctx context.Context, db *bun.DB) error {
+		return db.RunInTx(ctx, nil, func(ctx context.Context, tx bun.Tx) error {
+
+			// Drop unused clients table.
+			if _, err := tx.
+				NewDropTable().
+				Table("clients").
+				IfExists().
+				Exec(ctx); err != nil {
+				return err
+			}
+
+			// Select all old model
+			// applications into memory.
+			oldApps := []*oldmodel.Application{}
+			if err := tx.
+				NewSelect().
+				Model(&oldApps).
+				Scan(ctx); err != nil {
+				return err
+			}
+
+			// Drop the old applications table.
+			if _, err := tx.
+				NewDropTable().
+				Table("applications").
+				IfExists().
+				Exec(ctx); err != nil {
+				return err
+			}
+
+			// Create the new applications table.
+			if _, err := tx.
+				NewCreateTable().
+				Model((*newmodel.Application)(nil)).
+				IfNotExists().
+				Exec(ctx); err != nil {
+				return err
+			}
+
+			// Add indexes to new applications table.
+			if _, err := tx.
+				NewCreateIndex().
+				Table("applications").
+				Index("applications_client_id_idx").
+				Column("client_id").
+				IfNotExists().
+				Exec(ctx); err != nil {
+				return err
+			}
+
+			if _, err := tx.
+				NewCreateIndex().
+				Table("applications").
+				Index("applications_managed_by_user_id_idx").
+				Column("managed_by_user_id").
+				IfNotExists().
+				Exec(ctx); err != nil {
+				return err
+			}
+
+			if len(oldApps) != 0 {
+				// Convert all the old model applications into new ones.
+				newApps := make([]*newmodel.Application, 0, len(oldApps))
+				for _, oldApp := range oldApps {
+					newApps = append(newApps, &newmodel.Application{
+						ID:           id.NewULIDFromTime(oldApp.CreatedAt),
+						Name:         oldApp.Name,
+						Website:      oldApp.Website,
+						RedirectURIs: []string{oldApp.RedirectURI},
+						ClientID:     oldApp.ClientID,
+						ClientSecret: oldApp.ClientSecret,
+						Scopes:       oldApp.Scopes,
+					})
+				}
+
+				// Whack all the new apps in
+				// there. Lads lads lads lads!
+				if _, err := tx.
+					NewInsert().
+					Model(&newApps).
+					Exec(ctx); err != nil {
+					return err
+				}
+			}
+
+			// Select all the old model
+			// tokens into memory.
+			oldTokens := []*oldmodel.Token{}
+			if err := tx.
+				NewSelect().
+				Model(&oldTokens).
+				Scan(ctx); err != nil {
+				return err
+			}
+
+			// Drop the old token table.
+			if _, err := tx.
+				NewDropTable().
+				Table("tokens").
+				IfExists().
+				Exec(ctx); err != nil {
+				return err
+			}
+
+			// Create the new token table.
+			if _, err := tx.
+				NewCreateTable().
+				Model((*newmodel.Token)(nil)).
+				IfNotExists().
+				Exec(ctx); err != nil {
+				return err
+			}
+
+			// Add access index to new token table.
+			if _, err := tx.
+				NewCreateIndex().
+				Table("tokens").
+				Index("tokens_access_idx").
+				Column("access").
+				IfNotExists().
+				Exec(ctx); err != nil {
+				return err
+			}
+
+			if len(oldTokens) != 0 {
+				// Convert all the old model tokens into new ones.
+				newTokens := make([]*newmodel.Token, 0, len(oldTokens))
+				for _, oldToken := range oldTokens {
+					newTokens = append(newTokens, &newmodel.Token{
+						ID:                  id.NewULIDFromTime(oldToken.CreatedAt),
+						ClientID:            oldToken.ClientID,
+						UserID:              oldToken.UserID,
+						RedirectURI:         oldToken.RedirectURI,
+						Scope:               oldToken.Scope,
+						Code:                oldToken.Code,
+						CodeChallenge:       oldToken.CodeChallenge,
+						CodeChallengeMethod: oldToken.CodeChallengeMethod,
+						CodeCreateAt:        oldToken.CodeCreateAt,
+						CodeExpiresAt:       oldToken.CodeExpiresAt,
+						Access:              oldToken.Access,
+						AccessCreateAt:      oldToken.AccessCreateAt,
+						AccessExpiresAt:     oldToken.AccessExpiresAt,
+						Refresh:             oldToken.Refresh,
+						RefreshCreateAt:     oldToken.RefreshCreateAt,
+						RefreshExpiresAt:    oldToken.RefreshExpiresAt,
+					})
+				}
+
+				// Whack all the new tokens in
+				// there. Lads lads lads lads!
+				if _, err := tx.
+					NewInsert().
+					Model(&newTokens).
+					Exec(ctx); err != nil {
+					return err
+				}
+			}
+
+			return nil
+		})
+	}
+
+	down := func(ctx context.Context, db *bun.DB) error {
+		return nil
+	}
+
+	if err := Migrations.Register(up, down); err != nil {
+		panic(err)
+	}
+}
diff --git a/internal/db/bundb/migrations/20250224105654_token_app_client_refactor/application.go b/internal/db/bundb/migrations/20250224105654_token_app_client_refactor/application.go
new file mode 100644
index 000000000..efe2776ea
--- /dev/null
+++ b/internal/db/bundb/migrations/20250224105654_token_app_client_refactor/application.go
@@ -0,0 +1,29 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package gtsmodel
+
+type Application struct {
+	ID              string   `bun:"type:CHAR(26),pk,nullzero,notnull,unique"`
+	Name            string   `bun:",notnull"`
+	Website         string   `bun:",nullzero"`
+	RedirectURIs    []string `bun:"redirect_uris,array"`
+	ClientID        string   `bun:"type:CHAR(26),nullzero,notnull"`
+	ClientSecret    string   `bun:",nullzero,notnull"`
+	Scopes          string   `bun:",notnull"`
+	ManagedByUserID string   `bun:"type:CHAR(26),nullzero"`
+}
diff --git a/internal/db/bundb/migrations/20250224105654_token_app_client_refactor/token.go b/internal/db/bundb/migrations/20250224105654_token_app_client_refactor/token.go
new file mode 100644
index 000000000..46d30ba7d
--- /dev/null
+++ b/internal/db/bundb/migrations/20250224105654_token_app_client_refactor/token.go
@@ -0,0 +1,42 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package gtsmodel
+
+import "time"
+
+// Token is a translation of the gotosocial token
+// with the ExpiresIn fields replaced with ExpiresAt.
+type Token struct {
+	ID                  string    `bun:"type:CHAR(26),pk,nullzero,notnull,unique"` // id of this item in the database
+	LastUsed            time.Time `bun:"type:timestamptz,nullzero"`                // approximate time when this token was last used
+	ClientID            string    `bun:"type:CHAR(26),nullzero,notnull"`           // ID of the client who owns this token
+	UserID              string    `bun:"type:CHAR(26),nullzero"`                   // ID of the user who owns this token
+	RedirectURI         string    `bun:",nullzero,notnull"`                        // Oauth redirect URI for this token
+	Scope               string    `bun:",nullzero,notnull,default:'read'"`         // Oauth scope
+	Code                string    `bun:",pk,nullzero,notnull,default:''"`          // Code, if present
+	CodeChallenge       string    `bun:",nullzero"`                                // Code challenge, if code present
+	CodeChallengeMethod string    `bun:",nullzero"`                                // Code challenge method, if code present
+	CodeCreateAt        time.Time `bun:"type:timestamptz,nullzero"`                // Code created time, if code present
+	CodeExpiresAt       time.Time `bun:"type:timestamptz,nullzero"`                // Code expires at -- null means the code never expires
+	Access              string    `bun:",pk,nullzero,notnull,default:''"`          // User level access token, if present
+	AccessCreateAt      time.Time `bun:"type:timestamptz,nullzero"`                // User level access token created time, if access present
+	AccessExpiresAt     time.Time `bun:"type:timestamptz,nullzero"`                // User level access token expires at -- null means the token never expires
+	Refresh             string    `bun:",pk,nullzero,notnull,default:''"`          // Refresh token, if present
+	RefreshCreateAt     time.Time `bun:"type:timestamptz,nullzero"`                // Refresh created at, if refresh present
+	RefreshExpiresAt    time.Time `bun:"type:timestamptz,nullzero"`                // Refresh expires at -- null means the refresh token never expires
+}