From 9875a3867746a561d189e47b36a784d2999dcfbd Mon Sep 17 00:00:00 2001 From: Flo Date: Fri, 29 Aug 2025 22:15:21 +0200 Subject: [PATCH 1/2] fix: use seperate query to look at identity and key ratelimits when listing for many --- .../api/routes/v2_apis_list_keys/handler.go | 9 +- .../key_list_live_by_auth_id.sql_generated.go | 342 +++++++++--------- go/pkg/db/querier_generated.go | 166 +++++---- .../db/queries/key_list_live_by_auth_id.sql | 166 +++++---- 4 files changed, 332 insertions(+), 351 deletions(-) diff --git a/go/apps/api/routes/v2_apis_list_keys/handler.go b/go/apps/api/routes/v2_apis_list_keys/handler.go index 71114c65c6..18d00445fe 100644 --- a/go/apps/api/routes/v2_apis_list_keys/handler.go +++ b/go/apps/api/routes/v2_apis_list_keys/handler.go @@ -169,11 +169,10 @@ func (h *Handler) Handle(ctx context.Context, s *zen.Session) error { ctx, h.DB.RO(), db.ListLiveKeysByKeyAuthIDParams{ - KeyAuthID: api.KeyAuthID.String, - WorkspaceID: auth.AuthorizedWorkspaceID, - IDCursor: cursor, - Identity: identityFilter, - Limit: int32(limit + 1), // nolint:gosec + KeyAuthID: api.KeyAuthID.String, + IDCursor: cursor, + Identity: identityFilter, + Limit: int32(limit + 1), // nolint:gosec }, ) if err != nil { diff --git a/go/pkg/db/key_list_live_by_auth_id.sql_generated.go b/go/pkg/db/key_list_live_by_auth_id.sql_generated.go index 2c5a4a2add..a59c79d35b 100644 --- a/go/pkg/db/key_list_live_by_auth_id.sql_generated.go +++ b/go/pkg/db/key_list_live_by_auth_id.sql_generated.go @@ -11,103 +11,98 @@ import ( ) const listLiveKeysByKeyAuthID = `-- name: ListLiveKeysByKeyAuthID :many -SELECT - k.id, k.key_auth_id, k.hash, k.start, k.workspace_id, k.for_workspace_id, k.name, k.owner_id, k.identity_id, k.meta, k.expires, k.created_at_m, k.updated_at_m, k.deleted_at_m, k.refill_day, k.refill_amount, k.last_refill_at, k.enabled, k.remaining_requests, k.ratelimit_async, k.ratelimit_limit, k.ratelimit_duration, k.environment, - i.id as identity_table_id, - i.external_id as identity_external_id, - i.meta as identity_meta, - ek.encrypted as encrypted_key, - ek.encryption_key_id as encryption_key_id, - -- Roles with both IDs and names (sorted by name) - COALESCE( - (SELECT JSON_ARRAYAGG( - JSON_OBJECT( - 'id', r.id, - 'name', r.name, - 'description', r.description - ) - ) - FROM keys_roles kr - JOIN roles r ON r.id = kr.role_id - WHERE kr.key_id = k.id - ORDER BY r.name), - JSON_ARRAY() - ) as roles, - -- Direct permissions attached to the key (sorted by slug) - COALESCE( - (SELECT JSON_ARRAYAGG( - JSON_OBJECT( - 'id', p.id, - 'name', p.name, - 'slug', p.slug, - 'description', p.description - ) - ) - FROM keys_permissions kp - JOIN permissions p ON kp.permission_id = p.id - WHERE kp.key_id = k.id - ORDER BY p.slug), - JSON_ARRAY() - ) as permissions, - -- Permissions from roles (sorted by slug) - COALESCE( - (SELECT JSON_ARRAYAGG( - JSON_OBJECT( - 'id', p.id, - 'name', p.name, - 'slug', p.slug, - 'description', p.description - ) - ) - FROM keys_roles kr - JOIN roles_permissions rp ON kr.role_id = rp.role_id - JOIN permissions p ON rp.permission_id = p.id - WHERE kr.key_id = k.id - ORDER BY p.slug), - JSON_ARRAY() - ) as role_permissions, - -- Rate limits - COALESCE( - (SELECT JSON_ARRAYAGG( - JSON_OBJECT( - 'id', rl.id, - 'name', rl.name, - 'key_id', rl.key_id, - 'identity_id', rl.identity_id, - 'limit', rl.` + "`" + `limit` + "`" + `, - 'duration', rl.duration, - 'auto_apply', rl.auto_apply = 1 - ) - ) - FROM ratelimits rl - WHERE rl.key_id = k.id OR rl.identity_id = i.id), - JSON_ARRAY() - ) as ratelimits +SELECT k.id, k.key_auth_id, k.hash, k.start, k.workspace_id, k.for_workspace_id, k.name, k.owner_id, k.identity_id, k.meta, k.expires, k.created_at_m, k.updated_at_m, k.deleted_at_m, k.refill_day, k.refill_amount, k.last_refill_at, k.enabled, k.remaining_requests, k.ratelimit_async, k.ratelimit_limit, k.ratelimit_duration, k.environment, + i.id as identity_table_id, + i.external_id as identity_external_id, + i.meta as identity_meta, + ek.encrypted as encrypted_key, + ek.encryption_key_id as encryption_key_id, + -- Roles with both IDs and names (sorted by name) + COALESCE( + (SELECT JSON_ARRAYAGG( + JSON_OBJECT( + 'id', r.id, + 'name', r.name, + 'description', r.description + ) + ) + FROM keys_roles kr + JOIN roles r ON r.id = kr.role_id + WHERE kr.key_id = k.id + ORDER BY r.name), + JSON_ARRAY() + ) as roles, + -- Direct permissions attached to the key (sorted by slug) + COALESCE( + (SELECT JSON_ARRAYAGG( + JSON_OBJECT( + 'id', p.id, + 'name', p.name, + 'slug', p.slug, + 'description', p.description + ) + ) + FROM keys_permissions kp + JOIN permissions p ON kp.permission_id = p.id + WHERE kp.key_id = k.id + ORDER BY p.slug), + JSON_ARRAY() + ) as permissions, + -- Permissions from roles (sorted by slug) + COALESCE( + (SELECT JSON_ARRAYAGG( + JSON_OBJECT( + 'id', p.id, + 'name', p.name, + 'slug', p.slug, + 'description', p.description + ) + ) + FROM keys_roles kr + JOIN roles_permissions rp ON kr.role_id = rp.role_id + JOIN permissions p ON rp.permission_id = p.id + WHERE kr.key_id = k.id + ORDER BY p.slug), + JSON_ARRAY() + ) as role_permissions, + -- Rate limits + COALESCE( + (SELECT JSON_ARRAYAGG(rl_data) + FROM (SELECT JSON_ARRAYAGG(JSON_OBJECT('id', rl.id, 'name', rl.name, 'key_id', rl.key_id, 'identity_id', + rl.identity_id, 'limit', rl.` + "`" + `limit` + "`" + `, 'duration', rl.duration, + 'auto_apply', rl.auto_apply = 1)) as rl_data + FROM ratelimits rl + WHERE rl.key_id = k.id + UNION + SELECT JSON_ARRAYAGG(JSON_OBJECT('id', rl.id, 'name', rl.name, 'key_id', rl.key_id, 'identity_id', + rl.identity_id, 'limit', rl.` + "`" + `limit` + "`" + `, 'duration', rl.duration, + 'auto_apply', rl.auto_apply = 1)) as rl_data + FROM ratelimits rl + WHERE rl.identity_id = i.id) combined_rl), + JSON_ARRAY() + ) AS ratelimits FROM ` + "`" + `keys` + "`" + ` k -JOIN key_auth ka ON ka.id = k.key_auth_id -JOIN workspaces ws ON ws.id = k.workspace_id -LEFT JOIN identities i ON k.identity_id = i.id AND i.deleted = false -LEFT JOIN encrypted_keys ek ON ek.key_id = k.id + JOIN key_auth ka ON ka.id = k.key_auth_id + JOIN workspaces ws ON ws.id = k.workspace_id + LEFT JOIN identities i ON k.identity_id = i.id AND i.deleted = false + LEFT JOIN encrypted_keys ek ON ek.key_id = k.id WHERE k.key_auth_id = ? - AND k.workspace_id = ? - AND k.id >= ? - AND ( - ? = '' - OR (i.external_id = ? OR i.id = ?) - ) - AND k.deleted_at_m IS NULL - AND ka.deleted_at_m IS NULL - AND ws.deleted_at_m IS NULL + AND k.id >= ? + AND ( + ? = '' OR (i.external_id = ? OR i.id = ?) + ) + AND k.deleted_at_m IS NULL + AND ka.deleted_at_m IS NULL + AND ws.deleted_at_m IS NULL ORDER BY k.id ASC LIMIT ? ` type ListLiveKeysByKeyAuthIDParams struct { - KeyAuthID string `db:"key_auth_id"` - WorkspaceID string `db:"workspace_id"` - IDCursor string `db:"id_cursor"` - Identity string `db:"identity"` - Limit int32 `db:"limit"` + KeyAuthID string `db:"key_auth_id"` + IDCursor string `db:"id_cursor"` + Identity string `db:"identity"` + Limit int32 `db:"limit"` } type ListLiveKeysByKeyAuthIDRow struct { @@ -147,99 +142,94 @@ type ListLiveKeysByKeyAuthIDRow struct { // ListLiveKeysByKeyAuthID // -// SELECT -// k.id, k.key_auth_id, k.hash, k.start, k.workspace_id, k.for_workspace_id, k.name, k.owner_id, k.identity_id, k.meta, k.expires, k.created_at_m, k.updated_at_m, k.deleted_at_m, k.refill_day, k.refill_amount, k.last_refill_at, k.enabled, k.remaining_requests, k.ratelimit_async, k.ratelimit_limit, k.ratelimit_duration, k.environment, -// i.id as identity_table_id, -// i.external_id as identity_external_id, -// i.meta as identity_meta, -// ek.encrypted as encrypted_key, -// ek.encryption_key_id as encryption_key_id, -// -- Roles with both IDs and names (sorted by name) -// COALESCE( -// (SELECT JSON_ARRAYAGG( -// JSON_OBJECT( -// 'id', r.id, -// 'name', r.name, -// 'description', r.description -// ) -// ) -// FROM keys_roles kr -// JOIN roles r ON r.id = kr.role_id -// WHERE kr.key_id = k.id -// ORDER BY r.name), -// JSON_ARRAY() -// ) as roles, -// -- Direct permissions attached to the key (sorted by slug) -// COALESCE( -// (SELECT JSON_ARRAYAGG( -// JSON_OBJECT( -// 'id', p.id, -// 'name', p.name, -// 'slug', p.slug, -// 'description', p.description -// ) -// ) -// FROM keys_permissions kp -// JOIN permissions p ON kp.permission_id = p.id -// WHERE kp.key_id = k.id -// ORDER BY p.slug), -// JSON_ARRAY() -// ) as permissions, -// -- Permissions from roles (sorted by slug) -// COALESCE( -// (SELECT JSON_ARRAYAGG( -// JSON_OBJECT( -// 'id', p.id, -// 'name', p.name, -// 'slug', p.slug, -// 'description', p.description -// ) -// ) -// FROM keys_roles kr -// JOIN roles_permissions rp ON kr.role_id = rp.role_id -// JOIN permissions p ON rp.permission_id = p.id -// WHERE kr.key_id = k.id -// ORDER BY p.slug), -// JSON_ARRAY() -// ) as role_permissions, -// -- Rate limits -// COALESCE( -// (SELECT JSON_ARRAYAGG( -// JSON_OBJECT( -// 'id', rl.id, -// 'name', rl.name, -// 'key_id', rl.key_id, -// 'identity_id', rl.identity_id, -// 'limit', rl.`limit`, -// 'duration', rl.duration, -// 'auto_apply', rl.auto_apply = 1 -// ) -// ) -// FROM ratelimits rl -// WHERE rl.key_id = k.id OR rl.identity_id = i.id), -// JSON_ARRAY() -// ) as ratelimits +// SELECT k.id, k.key_auth_id, k.hash, k.start, k.workspace_id, k.for_workspace_id, k.name, k.owner_id, k.identity_id, k.meta, k.expires, k.created_at_m, k.updated_at_m, k.deleted_at_m, k.refill_day, k.refill_amount, k.last_refill_at, k.enabled, k.remaining_requests, k.ratelimit_async, k.ratelimit_limit, k.ratelimit_duration, k.environment, +// i.id as identity_table_id, +// i.external_id as identity_external_id, +// i.meta as identity_meta, +// ek.encrypted as encrypted_key, +// ek.encryption_key_id as encryption_key_id, +// -- Roles with both IDs and names (sorted by name) +// COALESCE( +// (SELECT JSON_ARRAYAGG( +// JSON_OBJECT( +// 'id', r.id, +// 'name', r.name, +// 'description', r.description +// ) +// ) +// FROM keys_roles kr +// JOIN roles r ON r.id = kr.role_id +// WHERE kr.key_id = k.id +// ORDER BY r.name), +// JSON_ARRAY() +// ) as roles, +// -- Direct permissions attached to the key (sorted by slug) +// COALESCE( +// (SELECT JSON_ARRAYAGG( +// JSON_OBJECT( +// 'id', p.id, +// 'name', p.name, +// 'slug', p.slug, +// 'description', p.description +// ) +// ) +// FROM keys_permissions kp +// JOIN permissions p ON kp.permission_id = p.id +// WHERE kp.key_id = k.id +// ORDER BY p.slug), +// JSON_ARRAY() +// ) as permissions, +// -- Permissions from roles (sorted by slug) +// COALESCE( +// (SELECT JSON_ARRAYAGG( +// JSON_OBJECT( +// 'id', p.id, +// 'name', p.name, +// 'slug', p.slug, +// 'description', p.description +// ) +// ) +// FROM keys_roles kr +// JOIN roles_permissions rp ON kr.role_id = rp.role_id +// JOIN permissions p ON rp.permission_id = p.id +// WHERE kr.key_id = k.id +// ORDER BY p.slug), +// JSON_ARRAY() +// ) as role_permissions, +// -- Rate limits +// COALESCE( +// (SELECT JSON_ARRAYAGG(rl_data) +// FROM (SELECT JSON_ARRAYAGG(JSON_OBJECT('id', rl.id, 'name', rl.name, 'key_id', rl.key_id, 'identity_id', +// rl.identity_id, 'limit', rl.`limit`, 'duration', rl.duration, +// 'auto_apply', rl.auto_apply = 1)) as rl_data +// FROM ratelimits rl +// WHERE rl.key_id = k.id +// UNION +// SELECT JSON_ARRAYAGG(JSON_OBJECT('id', rl.id, 'name', rl.name, 'key_id', rl.key_id, 'identity_id', +// rl.identity_id, 'limit', rl.`limit`, 'duration', rl.duration, +// 'auto_apply', rl.auto_apply = 1)) as rl_data +// FROM ratelimits rl +// WHERE rl.identity_id = i.id) combined_rl), +// JSON_ARRAY() +// ) AS ratelimits // FROM `keys` k -// JOIN key_auth ka ON ka.id = k.key_auth_id -// JOIN workspaces ws ON ws.id = k.workspace_id -// LEFT JOIN identities i ON k.identity_id = i.id AND i.deleted = false -// LEFT JOIN encrypted_keys ek ON ek.key_id = k.id +// JOIN key_auth ka ON ka.id = k.key_auth_id +// JOIN workspaces ws ON ws.id = k.workspace_id +// LEFT JOIN identities i ON k.identity_id = i.id AND i.deleted = false +// LEFT JOIN encrypted_keys ek ON ek.key_id = k.id // WHERE k.key_auth_id = ? -// AND k.workspace_id = ? -// AND k.id >= ? -// AND ( -// ? = '' -// OR (i.external_id = ? OR i.id = ?) -// ) -// AND k.deleted_at_m IS NULL -// AND ka.deleted_at_m IS NULL -// AND ws.deleted_at_m IS NULL +// AND k.id >= ? +// AND ( +// ? = '' OR (i.external_id = ? OR i.id = ?) +// ) +// AND k.deleted_at_m IS NULL +// AND ka.deleted_at_m IS NULL +// AND ws.deleted_at_m IS NULL // ORDER BY k.id ASC // LIMIT ? func (q *Queries) ListLiveKeysByKeyAuthID(ctx context.Context, db DBTX, arg ListLiveKeysByKeyAuthIDParams) ([]ListLiveKeysByKeyAuthIDRow, error) { rows, err := db.QueryContext(ctx, listLiveKeysByKeyAuthID, arg.KeyAuthID, - arg.WorkspaceID, arg.IDCursor, arg.Identity, arg.Identity, diff --git a/go/pkg/db/querier_generated.go b/go/pkg/db/querier_generated.go index 8c2276959a..161570e386 100644 --- a/go/pkg/db/querier_generated.go +++ b/go/pkg/db/querier_generated.go @@ -1362,93 +1362,89 @@ type Querier interface { ListKeysByKeyAuthID(ctx context.Context, db DBTX, arg ListKeysByKeyAuthIDParams) ([]ListKeysByKeyAuthIDRow, error) //ListLiveKeysByKeyAuthID // - // SELECT - // k.id, k.key_auth_id, k.hash, k.start, k.workspace_id, k.for_workspace_id, k.name, k.owner_id, k.identity_id, k.meta, k.expires, k.created_at_m, k.updated_at_m, k.deleted_at_m, k.refill_day, k.refill_amount, k.last_refill_at, k.enabled, k.remaining_requests, k.ratelimit_async, k.ratelimit_limit, k.ratelimit_duration, k.environment, - // i.id as identity_table_id, - // i.external_id as identity_external_id, - // i.meta as identity_meta, - // ek.encrypted as encrypted_key, - // ek.encryption_key_id as encryption_key_id, - // -- Roles with both IDs and names (sorted by name) - // COALESCE( - // (SELECT JSON_ARRAYAGG( - // JSON_OBJECT( - // 'id', r.id, - // 'name', r.name, - // 'description', r.description - // ) - // ) - // FROM keys_roles kr - // JOIN roles r ON r.id = kr.role_id - // WHERE kr.key_id = k.id - // ORDER BY r.name), - // JSON_ARRAY() - // ) as roles, - // -- Direct permissions attached to the key (sorted by slug) - // COALESCE( - // (SELECT JSON_ARRAYAGG( - // JSON_OBJECT( - // 'id', p.id, - // 'name', p.name, - // 'slug', p.slug, - // 'description', p.description - // ) - // ) - // FROM keys_permissions kp - // JOIN permissions p ON kp.permission_id = p.id - // WHERE kp.key_id = k.id - // ORDER BY p.slug), - // JSON_ARRAY() - // ) as permissions, - // -- Permissions from roles (sorted by slug) - // COALESCE( - // (SELECT JSON_ARRAYAGG( - // JSON_OBJECT( - // 'id', p.id, - // 'name', p.name, - // 'slug', p.slug, - // 'description', p.description - // ) - // ) - // FROM keys_roles kr - // JOIN roles_permissions rp ON kr.role_id = rp.role_id - // JOIN permissions p ON rp.permission_id = p.id - // WHERE kr.key_id = k.id - // ORDER BY p.slug), - // JSON_ARRAY() - // ) as role_permissions, - // -- Rate limits - // COALESCE( - // (SELECT JSON_ARRAYAGG( - // JSON_OBJECT( - // 'id', rl.id, - // 'name', rl.name, - // 'key_id', rl.key_id, - // 'identity_id', rl.identity_id, - // 'limit', rl.`limit`, - // 'duration', rl.duration, - // 'auto_apply', rl.auto_apply = 1 - // ) - // ) - // FROM ratelimits rl - // WHERE rl.key_id = k.id OR rl.identity_id = i.id), - // JSON_ARRAY() - // ) as ratelimits + // SELECT k.id, k.key_auth_id, k.hash, k.start, k.workspace_id, k.for_workspace_id, k.name, k.owner_id, k.identity_id, k.meta, k.expires, k.created_at_m, k.updated_at_m, k.deleted_at_m, k.refill_day, k.refill_amount, k.last_refill_at, k.enabled, k.remaining_requests, k.ratelimit_async, k.ratelimit_limit, k.ratelimit_duration, k.environment, + // i.id as identity_table_id, + // i.external_id as identity_external_id, + // i.meta as identity_meta, + // ek.encrypted as encrypted_key, + // ek.encryption_key_id as encryption_key_id, + // -- Roles with both IDs and names (sorted by name) + // COALESCE( + // (SELECT JSON_ARRAYAGG( + // JSON_OBJECT( + // 'id', r.id, + // 'name', r.name, + // 'description', r.description + // ) + // ) + // FROM keys_roles kr + // JOIN roles r ON r.id = kr.role_id + // WHERE kr.key_id = k.id + // ORDER BY r.name), + // JSON_ARRAY() + // ) as roles, + // -- Direct permissions attached to the key (sorted by slug) + // COALESCE( + // (SELECT JSON_ARRAYAGG( + // JSON_OBJECT( + // 'id', p.id, + // 'name', p.name, + // 'slug', p.slug, + // 'description', p.description + // ) + // ) + // FROM keys_permissions kp + // JOIN permissions p ON kp.permission_id = p.id + // WHERE kp.key_id = k.id + // ORDER BY p.slug), + // JSON_ARRAY() + // ) as permissions, + // -- Permissions from roles (sorted by slug) + // COALESCE( + // (SELECT JSON_ARRAYAGG( + // JSON_OBJECT( + // 'id', p.id, + // 'name', p.name, + // 'slug', p.slug, + // 'description', p.description + // ) + // ) + // FROM keys_roles kr + // JOIN roles_permissions rp ON kr.role_id = rp.role_id + // JOIN permissions p ON rp.permission_id = p.id + // WHERE kr.key_id = k.id + // ORDER BY p.slug), + // JSON_ARRAY() + // ) as role_permissions, + // -- Rate limits + // COALESCE( + // (SELECT JSON_ARRAYAGG(rl_data) + // FROM (SELECT JSON_ARRAYAGG(JSON_OBJECT('id', rl.id, 'name', rl.name, 'key_id', rl.key_id, 'identity_id', + // rl.identity_id, 'limit', rl.`limit`, 'duration', rl.duration, + // 'auto_apply', rl.auto_apply = 1)) as rl_data + // FROM ratelimits rl + // WHERE rl.key_id = k.id + // UNION + // SELECT JSON_ARRAYAGG(JSON_OBJECT('id', rl.id, 'name', rl.name, 'key_id', rl.key_id, 'identity_id', + // rl.identity_id, 'limit', rl.`limit`, 'duration', rl.duration, + // 'auto_apply', rl.auto_apply = 1)) as rl_data + // FROM ratelimits rl + // WHERE rl.identity_id = i.id) combined_rl), + // JSON_ARRAY() + // ) AS ratelimits // FROM `keys` k - // JOIN key_auth ka ON ka.id = k.key_auth_id - // JOIN workspaces ws ON ws.id = k.workspace_id - // LEFT JOIN identities i ON k.identity_id = i.id AND i.deleted = false - // LEFT JOIN encrypted_keys ek ON ek.key_id = k.id + // JOIN key_auth ka ON ka.id = k.key_auth_id + // JOIN workspaces ws ON ws.id = k.workspace_id + // LEFT JOIN identities i ON k.identity_id = i.id AND i.deleted = false + // LEFT JOIN encrypted_keys ek ON ek.key_id = k.id // WHERE k.key_auth_id = ? - // AND k.workspace_id = ? - // AND k.id >= ? - // AND ( - // ? = '' - // OR (i.external_id = ? OR i.id = ?) - // ) - // AND k.deleted_at_m IS NULL - // AND ka.deleted_at_m IS NULL - // AND ws.deleted_at_m IS NULL + // AND k.id >= ? + // AND ( + // ? = '' OR (i.external_id = ? OR i.id = ?) + // ) + // AND k.deleted_at_m IS NULL + // AND ka.deleted_at_m IS NULL + // AND ws.deleted_at_m IS NULL // ORDER BY k.id ASC // LIMIT ? ListLiveKeysByKeyAuthID(ctx context.Context, db DBTX, arg ListLiveKeysByKeyAuthIDParams) ([]ListLiveKeysByKeyAuthIDRow, error) diff --git a/go/pkg/db/queries/key_list_live_by_auth_id.sql b/go/pkg/db/queries/key_list_live_by_auth_id.sql index 49069b4144..e58bb6b028 100644 --- a/go/pkg/db/queries/key_list_live_by_auth_id.sql +++ b/go/pkg/db/queries/key_list_live_by_auth_id.sql @@ -1,90 +1,86 @@ -- name: ListLiveKeysByKeyAuthID :many -SELECT - k.*, - i.id as identity_table_id, - i.external_id as identity_external_id, - i.meta as identity_meta, - ek.encrypted as encrypted_key, - ek.encryption_key_id as encryption_key_id, - -- Roles with both IDs and names (sorted by name) - COALESCE( - (SELECT JSON_ARRAYAGG( - JSON_OBJECT( - 'id', r.id, - 'name', r.name, - 'description', r.description - ) - ) - FROM keys_roles kr - JOIN roles r ON r.id = kr.role_id - WHERE kr.key_id = k.id - ORDER BY r.name), - JSON_ARRAY() - ) as roles, - -- Direct permissions attached to the key (sorted by slug) - COALESCE( - (SELECT JSON_ARRAYAGG( - JSON_OBJECT( - 'id', p.id, - 'name', p.name, - 'slug', p.slug, - 'description', p.description - ) - ) - FROM keys_permissions kp - JOIN permissions p ON kp.permission_id = p.id - WHERE kp.key_id = k.id - ORDER BY p.slug), - JSON_ARRAY() - ) as permissions, - -- Permissions from roles (sorted by slug) - COALESCE( - (SELECT JSON_ARRAYAGG( - JSON_OBJECT( - 'id', p.id, - 'name', p.name, - 'slug', p.slug, - 'description', p.description - ) - ) - FROM keys_roles kr - JOIN roles_permissions rp ON kr.role_id = rp.role_id - JOIN permissions p ON rp.permission_id = p.id - WHERE kr.key_id = k.id - ORDER BY p.slug), - JSON_ARRAY() - ) as role_permissions, - -- Rate limits - COALESCE( - (SELECT JSON_ARRAYAGG( - JSON_OBJECT( - 'id', rl.id, - 'name', rl.name, - 'key_id', rl.key_id, - 'identity_id', rl.identity_id, - 'limit', rl.`limit`, - 'duration', rl.duration, - 'auto_apply', rl.auto_apply = 1 - ) - ) - FROM ratelimits rl - WHERE rl.key_id = k.id OR rl.identity_id = i.id), - JSON_ARRAY() - ) as ratelimits +SELECT k.*, + i.id as identity_table_id, + i.external_id as identity_external_id, + i.meta as identity_meta, + ek.encrypted as encrypted_key, + ek.encryption_key_id as encryption_key_id, + -- Roles with both IDs and names (sorted by name) + COALESCE( + (SELECT JSON_ARRAYAGG( + JSON_OBJECT( + 'id', r.id, + 'name', r.name, + 'description', r.description + ) + ) + FROM keys_roles kr + JOIN roles r ON r.id = kr.role_id + WHERE kr.key_id = k.id + ORDER BY r.name), + JSON_ARRAY() + ) as roles, + -- Direct permissions attached to the key (sorted by slug) + COALESCE( + (SELECT JSON_ARRAYAGG( + JSON_OBJECT( + 'id', p.id, + 'name', p.name, + 'slug', p.slug, + 'description', p.description + ) + ) + FROM keys_permissions kp + JOIN permissions p ON kp.permission_id = p.id + WHERE kp.key_id = k.id + ORDER BY p.slug), + JSON_ARRAY() + ) as permissions, + -- Permissions from roles (sorted by slug) + COALESCE( + (SELECT JSON_ARRAYAGG( + JSON_OBJECT( + 'id', p.id, + 'name', p.name, + 'slug', p.slug, + 'description', p.description + ) + ) + FROM keys_roles kr + JOIN roles_permissions rp ON kr.role_id = rp.role_id + JOIN permissions p ON rp.permission_id = p.id + WHERE kr.key_id = k.id + ORDER BY p.slug), + JSON_ARRAY() + ) as role_permissions, + -- Rate limits + COALESCE( + (SELECT JSON_ARRAYAGG(rl_data) + FROM (SELECT JSON_ARRAYAGG(JSON_OBJECT('id', rl.id, 'name', rl.name, 'key_id', rl.key_id, 'identity_id', + rl.identity_id, 'limit', rl.`limit`, 'duration', rl.duration, + 'auto_apply', rl.auto_apply = 1)) as rl_data + FROM ratelimits rl + WHERE rl.key_id = k.id + UNION + SELECT JSON_ARRAYAGG(JSON_OBJECT('id', rl.id, 'name', rl.name, 'key_id', rl.key_id, 'identity_id', + rl.identity_id, 'limit', rl.`limit`, 'duration', rl.duration, + 'auto_apply', rl.auto_apply = 1)) as rl_data + FROM ratelimits rl + WHERE rl.identity_id = i.id) combined_rl), + JSON_ARRAY() + ) AS ratelimits FROM `keys` k -JOIN key_auth ka ON ka.id = k.key_auth_id -JOIN workspaces ws ON ws.id = k.workspace_id -LEFT JOIN identities i ON k.identity_id = i.id AND i.deleted = false -LEFT JOIN encrypted_keys ek ON ek.key_id = k.id + JOIN key_auth ka ON ka.id = k.key_auth_id + JOIN workspaces ws ON ws.id = k.workspace_id + LEFT JOIN identities i ON k.identity_id = i.id AND i.deleted = false + LEFT JOIN encrypted_keys ek ON ek.key_id = k.id WHERE k.key_auth_id = sqlc.arg(key_auth_id) - AND k.workspace_id = sqlc.arg(workspace_id) - AND k.id >= sqlc.arg(id_cursor) - AND ( - sqlc.arg(identity) = '' - OR (i.external_id = sqlc.arg(identity) OR i.id = sqlc.arg(identity)) - ) - AND k.deleted_at_m IS NULL - AND ka.deleted_at_m IS NULL - AND ws.deleted_at_m IS NULL + AND k.id >= sqlc.arg(id_cursor) + AND ( + sqlc.arg(identity) = '' OR (i.external_id = sqlc.arg(identity) OR i.id = sqlc.arg(identity)) + ) + AND k.deleted_at_m IS NULL + AND ka.deleted_at_m IS NULL + AND ws.deleted_at_m IS NULL ORDER BY k.id ASC LIMIT ?; From cd05e588d3fe69fbf9e82e7b24f682b4bfc82151 Mon Sep 17 00:00:00 2001 From: Flo Date: Sat, 30 Aug 2025 00:05:08 +0200 Subject: [PATCH 2/2] fix: ratelimits select --- .../key_list_live_by_auth_id.sql_generated.go | 64 ++++++++++++------- go/pkg/db/querier_generated.go | 32 ++++++---- .../db/queries/key_list_live_by_auth_id.sql | 32 ++++++---- 3 files changed, 80 insertions(+), 48 deletions(-) diff --git a/go/pkg/db/key_list_live_by_auth_id.sql_generated.go b/go/pkg/db/key_list_live_by_auth_id.sql_generated.go index a59c79d35b..b669a49dbb 100644 --- a/go/pkg/db/key_list_live_by_auth_id.sql_generated.go +++ b/go/pkg/db/key_list_live_by_auth_id.sql_generated.go @@ -67,18 +67,26 @@ SELECT k.id, k.key_auth_id, k.hash, k.start, k.workspace_id, k.for_workspace_id, ) as role_permissions, -- Rate limits COALESCE( - (SELECT JSON_ARRAYAGG(rl_data) - FROM (SELECT JSON_ARRAYAGG(JSON_OBJECT('id', rl.id, 'name', rl.name, 'key_id', rl.key_id, 'identity_id', - rl.identity_id, 'limit', rl.` + "`" + `limit` + "`" + `, 'duration', rl.duration, - 'auto_apply', rl.auto_apply = 1)) as rl_data - FROM ratelimits rl - WHERE rl.key_id = k.id - UNION - SELECT JSON_ARRAYAGG(JSON_OBJECT('id', rl.id, 'name', rl.name, 'key_id', rl.key_id, 'identity_id', - rl.identity_id, 'limit', rl.` + "`" + `limit` + "`" + `, 'duration', rl.duration, - 'auto_apply', rl.auto_apply = 1)) as rl_data - FROM ratelimits rl - WHERE rl.identity_id = i.id) combined_rl), + (SELECT JSON_ARRAYAGG( + JSON_OBJECT( + 'id', id, + 'name', name, + 'key_id', key_id, + 'identity_id', identity_id, + 'limit', ` + "`" + `limit` + "`" + `, + 'duration', duration, + 'auto_apply', auto_apply = 1 + ) + ) + FROM ( + SELECT rl.id, rl.name, rl.key_id, rl.identity_id, rl.` + "`" + `limit` + "`" + `, rl.duration, rl.auto_apply + FROM ratelimits rl + WHERE rl.key_id = k.id + UNION ALL + SELECT rl.id, rl.name, rl.key_id, rl.identity_id, rl.` + "`" + `limit` + "`" + `, rl.duration, rl.auto_apply + FROM ratelimits rl + WHERE rl.identity_id = i.id + ) AS combined_rl), JSON_ARRAY() ) AS ratelimits FROM ` + "`" + `keys` + "`" + ` k @@ -198,18 +206,26 @@ type ListLiveKeysByKeyAuthIDRow struct { // ) as role_permissions, // -- Rate limits // COALESCE( -// (SELECT JSON_ARRAYAGG(rl_data) -// FROM (SELECT JSON_ARRAYAGG(JSON_OBJECT('id', rl.id, 'name', rl.name, 'key_id', rl.key_id, 'identity_id', -// rl.identity_id, 'limit', rl.`limit`, 'duration', rl.duration, -// 'auto_apply', rl.auto_apply = 1)) as rl_data -// FROM ratelimits rl -// WHERE rl.key_id = k.id -// UNION -// SELECT JSON_ARRAYAGG(JSON_OBJECT('id', rl.id, 'name', rl.name, 'key_id', rl.key_id, 'identity_id', -// rl.identity_id, 'limit', rl.`limit`, 'duration', rl.duration, -// 'auto_apply', rl.auto_apply = 1)) as rl_data -// FROM ratelimits rl -// WHERE rl.identity_id = i.id) combined_rl), +// (SELECT JSON_ARRAYAGG( +// JSON_OBJECT( +// 'id', id, +// 'name', name, +// 'key_id', key_id, +// 'identity_id', identity_id, +// 'limit', `limit`, +// 'duration', duration, +// 'auto_apply', auto_apply = 1 +// ) +// ) +// FROM ( +// SELECT rl.id, rl.name, rl.key_id, rl.identity_id, rl.`limit`, rl.duration, rl.auto_apply +// FROM ratelimits rl +// WHERE rl.key_id = k.id +// UNION ALL +// SELECT rl.id, rl.name, rl.key_id, rl.identity_id, rl.`limit`, rl.duration, rl.auto_apply +// FROM ratelimits rl +// WHERE rl.identity_id = i.id +// ) AS combined_rl), // JSON_ARRAY() // ) AS ratelimits // FROM `keys` k diff --git a/go/pkg/db/querier_generated.go b/go/pkg/db/querier_generated.go index 161570e386..b2081919f1 100644 --- a/go/pkg/db/querier_generated.go +++ b/go/pkg/db/querier_generated.go @@ -1418,18 +1418,26 @@ type Querier interface { // ) as role_permissions, // -- Rate limits // COALESCE( - // (SELECT JSON_ARRAYAGG(rl_data) - // FROM (SELECT JSON_ARRAYAGG(JSON_OBJECT('id', rl.id, 'name', rl.name, 'key_id', rl.key_id, 'identity_id', - // rl.identity_id, 'limit', rl.`limit`, 'duration', rl.duration, - // 'auto_apply', rl.auto_apply = 1)) as rl_data - // FROM ratelimits rl - // WHERE rl.key_id = k.id - // UNION - // SELECT JSON_ARRAYAGG(JSON_OBJECT('id', rl.id, 'name', rl.name, 'key_id', rl.key_id, 'identity_id', - // rl.identity_id, 'limit', rl.`limit`, 'duration', rl.duration, - // 'auto_apply', rl.auto_apply = 1)) as rl_data - // FROM ratelimits rl - // WHERE rl.identity_id = i.id) combined_rl), + // (SELECT JSON_ARRAYAGG( + // JSON_OBJECT( + // 'id', id, + // 'name', name, + // 'key_id', key_id, + // 'identity_id', identity_id, + // 'limit', `limit`, + // 'duration', duration, + // 'auto_apply', auto_apply = 1 + // ) + // ) + // FROM ( + // SELECT rl.id, rl.name, rl.key_id, rl.identity_id, rl.`limit`, rl.duration, rl.auto_apply + // FROM ratelimits rl + // WHERE rl.key_id = k.id + // UNION ALL + // SELECT rl.id, rl.name, rl.key_id, rl.identity_id, rl.`limit`, rl.duration, rl.auto_apply + // FROM ratelimits rl + // WHERE rl.identity_id = i.id + // ) AS combined_rl), // JSON_ARRAY() // ) AS ratelimits // FROM `keys` k diff --git a/go/pkg/db/queries/key_list_live_by_auth_id.sql b/go/pkg/db/queries/key_list_live_by_auth_id.sql index e58bb6b028..307a31fca2 100644 --- a/go/pkg/db/queries/key_list_live_by_auth_id.sql +++ b/go/pkg/db/queries/key_list_live_by_auth_id.sql @@ -55,18 +55,26 @@ SELECT k.*, ) as role_permissions, -- Rate limits COALESCE( - (SELECT JSON_ARRAYAGG(rl_data) - FROM (SELECT JSON_ARRAYAGG(JSON_OBJECT('id', rl.id, 'name', rl.name, 'key_id', rl.key_id, 'identity_id', - rl.identity_id, 'limit', rl.`limit`, 'duration', rl.duration, - 'auto_apply', rl.auto_apply = 1)) as rl_data - FROM ratelimits rl - WHERE rl.key_id = k.id - UNION - SELECT JSON_ARRAYAGG(JSON_OBJECT('id', rl.id, 'name', rl.name, 'key_id', rl.key_id, 'identity_id', - rl.identity_id, 'limit', rl.`limit`, 'duration', rl.duration, - 'auto_apply', rl.auto_apply = 1)) as rl_data - FROM ratelimits rl - WHERE rl.identity_id = i.id) combined_rl), + (SELECT JSON_ARRAYAGG( + JSON_OBJECT( + 'id', id, + 'name', name, + 'key_id', key_id, + 'identity_id', identity_id, + 'limit', `limit`, + 'duration', duration, + 'auto_apply', auto_apply = 1 + ) + ) + FROM ( + SELECT rl.id, rl.name, rl.key_id, rl.identity_id, rl.`limit`, rl.duration, rl.auto_apply + FROM ratelimits rl + WHERE rl.key_id = k.id + UNION ALL + SELECT rl.id, rl.name, rl.key_id, rl.identity_id, rl.`limit`, rl.duration, rl.auto_apply + FROM ratelimits rl + WHERE rl.identity_id = i.id + ) AS combined_rl), JSON_ARRAY() ) AS ratelimits FROM `keys` k