46f44f6171
- OAuthCode model + migration for authorization code flow
- OAuth client blueprint (auto-registered for non-federation apps)
- Per-app first-party session cookies (fixes Safari ITP)
- /oauth/authorize endpoint support in URL helpers
- account_url() helper + Jinja global
- Templates: federation_url('/auth/...') → account_url('/...')
- Widget registry: account page links use account_url
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
38 lines
1.3 KiB
Python
38 lines
1.3 KiB
Python
"""Add oauth_codes table
|
|
|
|
Revision ID: p6n4k0l2m3
|
|
Revises: o5m3j9k1l2
|
|
Create Date: 2026-02-23
|
|
"""
|
|
from alembic import op
|
|
import sqlalchemy as sa
|
|
|
|
revision = "p6n4k0l2m3"
|
|
down_revision = "o5m3j9k1l2"
|
|
branch_labels = None
|
|
depends_on = None
|
|
|
|
|
|
def upgrade() -> None:
|
|
op.create_table(
|
|
"oauth_codes",
|
|
sa.Column("id", sa.Integer(), autoincrement=True, nullable=False),
|
|
sa.Column("code", sa.String(128), nullable=False),
|
|
sa.Column("user_id", sa.Integer(), nullable=False),
|
|
sa.Column("client_id", sa.String(64), nullable=False),
|
|
sa.Column("redirect_uri", sa.String(512), nullable=False),
|
|
sa.Column("expires_at", sa.DateTime(timezone=True), nullable=False),
|
|
sa.Column("used_at", sa.DateTime(timezone=True), nullable=True),
|
|
sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
|
|
sa.PrimaryKeyConstraint("id"),
|
|
sa.ForeignKeyConstraint(["user_id"], ["users.id"], ondelete="CASCADE"),
|
|
)
|
|
op.create_index("ix_oauth_code_code", "oauth_codes", ["code"], unique=True)
|
|
op.create_index("ix_oauth_code_user", "oauth_codes", ["user_id"])
|
|
|
|
|
|
def downgrade() -> None:
|
|
op.drop_index("ix_oauth_code_user", table_name="oauth_codes")
|
|
op.drop_index("ix_oauth_code_code", table_name="oauth_codes")
|
|
op.drop_table("oauth_codes")
|