feat(schema)(#25): Request.keyUserId + SigningCondition lifecycle for live grant eval
Additive, non-breaking schema prep for the Option D live-evaluation ACL: - Request gains keyUserId (FK) + @@index([keyUserId, method]) so token usage caps can be derived live by COUNTing allowed Requests, replacing the never-enforced mutable PolicyRule.currentUsageCount (derive-don't-count, per lnbits/nostr_bunker prior art). - SigningCondition gains createdAt/expiresAt/revokedAt so the manual-override layer carries its own lifecycle and runs through the same grantIsLive(now) predicate as token grants (D1: two typed sources, one shared rule). No behavior change yet; the ACL hot path and applyToken de-materialization follow in subsequent commits. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
a707d203a1
commit
6397c7988d
2 changed files with 58 additions and 2 deletions
|
|
@ -17,6 +17,14 @@ model Request {
|
|||
method String
|
||||
params String?
|
||||
allowed Boolean?
|
||||
// Bind each request to the KeyUser it was evaluated against so usage
|
||||
// caps can be derived live by COUNTing allowed Requests, instead of
|
||||
// maintaining a mutable PolicyRule.currentUsageCount that drifts.
|
||||
// See aiolabs/nsecbunkerd#25 (Option D, derive-don't-count).
|
||||
keyUserId Int?
|
||||
KeyUser KeyUser? @relation(fields: [keyUserId], references: [id])
|
||||
|
||||
@@index([keyUserId, method])
|
||||
}
|
||||
|
||||
model KeyUser {
|
||||
|
|
@ -31,6 +39,7 @@ model KeyUser {
|
|||
logs Log[]
|
||||
signingConditions SigningCondition[]
|
||||
Token Token[]
|
||||
requests Request[]
|
||||
|
||||
@@unique([keyName, userPubkey], name: "unique_key_user")
|
||||
}
|
||||
|
|
@ -56,15 +65,25 @@ model User {
|
|||
pubkey String
|
||||
}
|
||||
|
||||
// The SigningCondition layer is the MANUAL-OVERRIDE source of truth
|
||||
// (web-approval / add_signing_condition / create_account bootstrap) — it is
|
||||
// no longer materialized from token policies (see aiolabs/nsecbunkerd#25:
|
||||
// applyToken stopped photocopying; token grants are evaluated live off
|
||||
// Token -> Policy -> PolicyRule). Under D1 the override layer carries its
|
||||
// own lifecycle so it runs through the same grantIsLive(now) predicate as
|
||||
// token grants.
|
||||
model SigningCondition {
|
||||
id Int @id @default(autoincrement())
|
||||
id Int @id @default(autoincrement())
|
||||
method String?
|
||||
kind String?
|
||||
content String?
|
||||
keyUserKeyName String?
|
||||
allowed Boolean?
|
||||
keyUserId Int?
|
||||
KeyUser KeyUser? @relation(fields: [keyUserId], references: [id])
|
||||
createdAt DateTime @default(now())
|
||||
expiresAt DateTime?
|
||||
revokedAt DateTime?
|
||||
KeyUser KeyUser? @relation(fields: [keyUserId], references: [id])
|
||||
}
|
||||
|
||||
model Log {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue