diff --git a/cmd/frontend/internal/dotcom/productsubscription/tokens_db.go b/cmd/frontend/internal/dotcom/productsubscription/tokens_db.go index 0842878a96e..d9ed7ffbf11 100644 --- a/cmd/frontend/internal/dotcom/productsubscription/tokens_db.go +++ b/cmd/frontend/internal/dotcom/productsubscription/tokens_db.go @@ -89,6 +89,7 @@ func (e dotcomUserNotFoundError) NotFound() bool { // LookupDotcomUserIDByAccessToken returns the userID corresponding to the given token. // Requires the token has the DotcomUserGatewayAccessTokenPrefix, otherwise fails. +// Note: this depends on `access_tokens_lookup_double_hash` index to run efficiently, if you are modifying this function, consider changing/dropping the index. func (t dbTokens) LookupDotcomUserIDByAccessToken(ctx context.Context, token string) (int, error) { if !strings.HasPrefix(token, accesstoken.DotcomUserGatewayAccessTokenPrefix) { return 0, dotcomUserNotFoundError{reason: "invalid token with unknown prefix"} @@ -108,7 +109,7 @@ func (t dbTokens) LookupDotcomUserIDByAccessToken(ctx context.Context, token str FROM access_tokens t2 JOIN users subject_user ON t2.subject_user_id=subject_user.id AND subject_user.deleted_at IS NULL JOIN users creator_user ON t2.creator_user_id=creator_user.id AND creator_user.deleted_at IS NULL - WHERE + WHERE digest(value_sha256, 'sha256')=%s AND t2.deleted_at IS NULL diff --git a/internal/database/migration/shared/data/stitched-migration-graph.json b/internal/database/migration/shared/data/stitched-migration-graph.json index 94f893557f9..5b0b816ab3a 100644 --- a/internal/database/migration/shared/data/stitched-migration-graph.json +++ b/internal/database/migration/shared/data/stitched-migration-graph.json @@ -11136,6 +11136,23 @@ ], "IsCreateIndexConcurrently": false, "IndexMetadata": null + }, + { + "ID": 1708596613, + "Name": "access_tokens_double_hash_index", + "UpQuery": "CREATE INDEX CONCURRENTLY IF NOT EXISTS access_tokens_lookup_double_hash ON access_tokens USING HASH (digest(value_sha256, 'sha256'))\n WHERE\n deleted_at IS NULL;", + "DownQuery": "DROP INDEX IF EXISTS access_tokens_lookup_double_hash;", + "Privileged": false, + "NonIdempotent": false, + "Parents": [ + 1695911128, + 1707759188 + ], + "IsCreateIndexConcurrently": true, + "IndexMetadata": { + "TableName": "access_tokens", + "IndexName": "access_tokens_lookup_double_hash" + } } ], "BoundsByRev": { @@ -11387,8 +11404,7 @@ "v5.3.0": { "RootID": 1648051770, "LeafIDs": [ - 1695911128, - 1707759188 + 1708596613 ], "PreCreation": false } diff --git a/internal/database/schema.json b/internal/database/schema.json index 1084472bc9b..d705c4f88dc 100644 --- a/internal/database/schema.json +++ b/internal/database/schema.json @@ -1707,6 +1707,16 @@ "IndexDefinition": "CREATE INDEX access_tokens_lookup ON access_tokens USING hash (value_sha256) WHERE deleted_at IS NULL", "ConstraintType": "", "ConstraintDefinition": "" + }, + { + "Name": "access_tokens_lookup_double_hash", + "IsPrimaryKey": false, + "IsUnique": false, + "IsExclusion": false, + "IsDeferrable": false, + "IndexDefinition": "CREATE INDEX access_tokens_lookup_double_hash ON access_tokens USING hash (digest(value_sha256, 'sha256'::text)) WHERE deleted_at IS NULL", + "ConstraintType": "", + "ConstraintDefinition": "" } ], "Constraints": [ diff --git a/internal/database/schema.md b/internal/database/schema.md index e0ad79c8230..b4092e68292 100644 --- a/internal/database/schema.md +++ b/internal/database/schema.md @@ -39,6 +39,7 @@ Indexes: "access_tokens_pkey" PRIMARY KEY, btree (id) "access_tokens_value_sha256_key" UNIQUE CONSTRAINT, btree (value_sha256) "access_tokens_lookup" hash (value_sha256) WHERE deleted_at IS NULL + "access_tokens_lookup_double_hash" hash (digest(value_sha256, 'sha256'::text)) WHERE deleted_at IS NULL Foreign-key constraints: "access_tokens_creator_user_id_fkey" FOREIGN KEY (creator_user_id) REFERENCES users(id) "access_tokens_subject_user_id_fkey" FOREIGN KEY (subject_user_id) REFERENCES users(id) diff --git a/migrations/frontend/1708596613_access_tokens_double_hash_index/down.sql b/migrations/frontend/1708596613_access_tokens_double_hash_index/down.sql new file mode 100644 index 00000000000..21b1ffc4c05 --- /dev/null +++ b/migrations/frontend/1708596613_access_tokens_double_hash_index/down.sql @@ -0,0 +1 @@ +DROP INDEX IF EXISTS access_tokens_lookup_double_hash; diff --git a/migrations/frontend/1708596613_access_tokens_double_hash_index/metadata.yaml b/migrations/frontend/1708596613_access_tokens_double_hash_index/metadata.yaml new file mode 100644 index 00000000000..293b9c9077a --- /dev/null +++ b/migrations/frontend/1708596613_access_tokens_double_hash_index/metadata.yaml @@ -0,0 +1,3 @@ +name: access_tokens_double_hash_index +parents: [1695911128, 1707759188] +createIndexConcurrently: true diff --git a/migrations/frontend/1708596613_access_tokens_double_hash_index/up.sql b/migrations/frontend/1708596613_access_tokens_double_hash_index/up.sql new file mode 100644 index 00000000000..39aeb3215b3 --- /dev/null +++ b/migrations/frontend/1708596613_access_tokens_double_hash_index/up.sql @@ -0,0 +1,3 @@ +CREATE INDEX CONCURRENTLY IF NOT EXISTS access_tokens_lookup_double_hash ON access_tokens USING HASH (digest(value_sha256, 'sha256')) + WHERE + deleted_at IS NULL; diff --git a/migrations/frontend/squashed.sql b/migrations/frontend/squashed.sql index 825fffbc54a..1a9871bb30a 100644 --- a/migrations/frontend/squashed.sql +++ b/migrations/frontend/squashed.sql @@ -5889,6 +5889,8 @@ CREATE INDEX access_requests_status ON access_requests USING btree (status); CREATE INDEX access_tokens_lookup ON access_tokens USING hash (value_sha256) WHERE (deleted_at IS NULL); +CREATE INDEX access_tokens_lookup_double_hash ON access_tokens USING hash (digest(value_sha256, 'sha256'::text)) WHERE (deleted_at IS NULL); + CREATE INDEX app_id_idx ON github_app_installs USING btree (app_id); CREATE UNIQUE INDEX assigned_owners_file_path_owner ON assigned_owners USING btree (file_path_id, owner_user_id);