Insert with associated data, selecting associated data in changeset

tino415 · April 25, 2023, 12:10pm

Hello all,

I’m trying to implement oauth server and I’m not sure how to implement inserting token into database. For simplicity I have this schema:

token
  client_id
  ...

scope
  name (string)
  ...

token_scope
  token_id (uuid)
  scope_id (uuid)

Create token should accept this kind of data:

token
  scopes: "scope1 scope2"

And my question, how to model this kind of insert using changeset? I have came up with some solutions:

preprocess params, select all required scopes and pass selected scopes to changeset
create everithing using Ecto.Multi (I have little bit of issue with multi mostly because of error reporting)
resolve it in changeset using prepare_changes

What do you think is the best solution?

tino415 · April 26, 2023, 9:04am

For now I’m triing with prepare_changes method, it looks like this:

  def changeset(struct_or_changeset, client, body_params) do
    struct_or_changeset
    |> cast(body_params, [:scope])
    |> change(expires_in: 3600)
    |> put_now_moved_if_empty(:expires_at, 3600, :second)
    |> put_assoc(:client, client)
    |> create_scopes_list()
    |> validate_required([:expires_in, :expires_at])
    |> prepare_changes(fn changeset ->
      if changed?(changeset, :scope_list) do
        provided_scopes = get_change(changeset, :scope_list)

        existing_scopes =
          changeset.repo.all(
            Schemas.Scope.for_client_query(
              client.id,
              provided_scopes
            )
          )

        existing_scopes_names = Enum.map(existing_scopes, & &1.name)

        {changeset, error?} =
          Enum.reduce(provided_scopes, {changeset, false}, fn {changeset, error?}, name ->
            if name in existing_scopes_names do
              {changeset, error?}
            else
              {
                add_error(changeset, :scope, "invalid scope %{scope}", scope: name),
                true
              }
            end
          end)

        if error? do
          changeset
        else
          token_scopes =
            Enum.map(existing_scopes, fn scope ->
              Schemas.TokenScope.changeset(%Schemas.TokenScope{}, scope)
            end)

          put_assoc(changeset, :token_scopes, token_scopes)
        end
      else
        changeset
      end
    end)
  end

Do you think it is ok to use that prepare_changes this way?

fuelen · April 26, 2023, 9:21am

Sorry for not responding to what you’re asking, but consider boruta | Hex instead of a custom implementation of OAuth server

tino415 · April 26, 2023, 9:37am

Actually I already checked your boruta, but scope between this and that project is little bit different, I’m exploring options of api only oauth2 servers, second half of motivation is test some libraries and architectures I’m curious about and does not have space to use them in the work. On the other side, I’m planing to use boruta on serious project in near future.