From b33bc31c07549dc9dc221100995d6f6b6754fd3a Mon Sep 17 00:00:00 2001 From: Oliver Rice Date: Wed, 4 Dec 2024 10:24:36 -0600 Subject: [PATCH] fix: fallback on btree indexes when hash is unavailable (#1856) ## What kind of change does this PR introduce? Edits an existing migration to fallback onto btree indexes when hash indexes are unavailable. This change allows auth to be compatible with the orioledb storage engine. At time of writing orioledb only support btree indexes. That issue is expected to be addressed by the end of Q1 - 2025. Once that support is added, both heap and orioledb projects will both use the code path for hash indexes. hash indexes are preferred because they are [safer from timing attacks](https://dba.stackexchange.com/questions/285739/prevent-timing-attacks-in-postgres) A reminder has been set for May 1st for us to - remove the fork in this migration - identify and update the index type (from btree to hash) on any orioledb-alpha projects that are still in existence --- .../20240427152123_add_one_time_tokens_table.up.sql | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/migrations/20240427152123_add_one_time_tokens_table.up.sql b/migrations/20240427152123_add_one_time_tokens_table.up.sql index 86e6ad4270..be7312656f 100644 --- a/migrations/20240427152123_add_one_time_tokens_table.up.sql +++ b/migrations/20240427152123_add_one_time_tokens_table.up.sql @@ -24,7 +24,14 @@ do $$ begin check (char_length(token_hash) > 0) ); - create index if not exists one_time_tokens_token_hash_hash_idx on {{ index .Options "Namespace" }}.one_time_tokens using hash (token_hash); - create index if not exists one_time_tokens_relates_to_hash_idx on {{ index .Options "Namespace" }}.one_time_tokens using hash (relates_to); + begin + create index if not exists one_time_tokens_token_hash_hash_idx on {{ index .Options "Namespace" }}.one_time_tokens using hash (token_hash); + create index if not exists one_time_tokens_relates_to_hash_idx on {{ index .Options "Namespace" }}.one_time_tokens using hash (relates_to); + exception when others then + -- Fallback to btree indexes if hash creation fails + create index if not exists one_time_tokens_token_hash_hash_idx on {{ index .Options "Namespace" }}.one_time_tokens using btree (token_hash); + create index if not exists one_time_tokens_relates_to_hash_idx on {{ index .Options "Namespace" }}.one_time_tokens using btree (relates_to); + end; + create unique index if not exists one_time_tokens_user_id_token_type_key on {{ index .Options "Namespace" }}.one_time_tokens (user_id, token_type); end $$;