-
Notifications
You must be signed in to change notification settings - Fork 1
/
init_db.sql
701 lines (594 loc) · 22 KB
/
init_db.sql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
CREATE DATABASE staticpi;
GRANT ALL PRIVILEGES ON DATABASE staticpi TO staticpi;
\c staticpi
CREATE TABLE IF NOT EXISTS ip_address (
ip_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
timestamp TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP NOT NULL,
ip INET UNIQUE NOT NULL
);
GRANT ALL ON ip_address TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE ip_address_ip_id_seq TO staticpi;
CREATE INDEX ip_index ON ip_address(ip);
CREATE TABLE IF NOT EXISTS user_agent (
user_agent_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
timestamp TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP NOT NULL,
user_agent_string TEXT UNIQUE NOT NULL
);
GRANT ALL ON user_agent TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE user_agent_user_agent_id_seq TO staticpi;
CREATE INDEX user_agent_string_index ON user_agent(user_agent_string);
CREATE TABLE IF NOT EXISTS user_level (
user_level_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
custom_device_name BOOLEAN NOT NULL,
max_number_of_devices SMALLINT NOT NULL,
max_message_size_in_bytes INT NOT NULL,
max_monthly_bandwidth_in_bytes BIGINT NOT NULL,
max_clients_per_device SMALLINT NOT NULL,
structured_data BOOLEAN NOT NULL,
device_password BOOLEAN NOT NULL,
-- could make this a postgres enum
user_level_name TEXT NOT NULL UNIQUE CHECK (user_level_name IN ('free', 'pro', 'admin'))
);
GRANT ALL ON user_level TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE user_level_user_level_id_seq TO staticpi;
CREATE INDEX user_level_index ON user_level(user_level_name);
-- Insert different user levels into db
INSERT INTO
user_level(
custom_device_name,
max_number_of_devices,
max_message_size_in_bytes,
max_monthly_bandwidth_in_bytes,
max_clients_per_device,
structured_data,
device_password,
user_level_name
)
VALUES
(
false,
1,
10 * 1000,
5 * 1000000,
1,
FALSE,
FALSE,
'free'
);
INSERT INTO
user_level(
custom_device_name,
max_number_of_devices,
max_message_size_in_bytes,
max_monthly_bandwidth_in_bytes,
max_clients_per_device,
structured_data,
device_password,
user_level_name
)
VALUES
(
true,
20,
5 * 1000 * 1000,
100 * 100000000 :: bigint,
100,
TRUE,
TRUE,
'pro'
);
INSERT INTO
user_level(
custom_device_name,
max_number_of_devices,
max_message_size_in_bytes,
max_monthly_bandwidth_in_bytes,
max_clients_per_device,
structured_data,
device_password,
user_level_name
)
VALUES
(
true,
20,
10 * 1000 * 1000,
100 * 1000000000 :: bigint,
100,
TRUE,
TRUE,
'admin'
);
CREATE TABLE IF NOT EXISTS email_address (
email_address_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
timestamp TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP NOT NULL,
email TEXT NOT NULL UNIQUE
);
GRANT ALL ON email_address TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE email_address_email_address_id_seq TO staticpi;
CREATE INDEX email_address_index ON email_address(email);
-- At the moment can only have a single api key attached to a device
-- maybe use this for registered_user password as well?
CREATE TABLE IF NOT EXISTS device_password (
device_password_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
timestamp TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP NOT NULL,
password_hash TEXT
);
GRANT ALL ON device_password TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE device_password_device_password_id_seq TO staticpi;
CREATE TABLE IF NOT EXISTS registered_user (
registered_user_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
full_name TEXT NOT NULL,
email_address_id BIGINT UNIQUE REFERENCES email_address(email_address_id) NOT NULL,
active BOOLEAN DEFAULT FALSE,
password_hash TEXT NOT NULL,
timestamp TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP NOT NULL,
ip_id BIGINT REFERENCES ip_address(ip_id) NOT NULL,
user_agent_id BIGINT REFERENCES user_agent(user_agent_id) NOT NULL,
user_level_id BIGINT REFERENCES user_level(user_level_id) NOT NULL
);
GRANT ALL ON registered_user TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE registered_user_registered_user_id_seq TO staticpi;
CREATE INDEX email_address_id_index ON registered_user(email_address_id);
CREATE TABLE IF NOT EXISTS invite_code (
invite_code_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
registered_user_id BIGINT NOT NULL REFERENCES registered_user(registered_user_id),
timestamp TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP NOT NULL,
ip_id BIGINT REFERENCES ip_address(ip_id) NOT NULL,
user_agent_id BIGINT REFERENCES user_agent(user_agent_id) NOT NULL,
invite TEXT UNIQUE NOT NULL CHECK(LENGTH(invite) >= 12),
count SMALLINT NOT NULL
);
GRANT ALL ON invite_code TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE invite_code_invite_code_id_seq TO staticpi;
CREATE INDEX invite_index ON invite_code(invite);
CREATE TABLE IF NOT EXISTS password_reset (
password_reset_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
timestamp TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP NOT NULL,
registered_user_id BIGINT NOT NULL REFERENCES registered_user(registered_user_id) ON DELETE CASCADE,
reset_string TEXT NOT NULL UNIQUE CHECK (reset_string ~ '^[0-7][0-9A-HJKMNP-TV-Z]{25}$'),
ip_id BIGINT REFERENCES ip_address(ip_id) NOT NULL,
user_agent_id BIGINT REFERENCES user_agent(user_agent_id) NOT NULL,
consumed BOOLEAN DEFAULT false
);
GRANT ALL ON password_reset TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE password_reset_password_reset_id_seq TO staticpi;
CREATE INDEX reset_string_index ON password_reset(reset_string);
CREATE INDEX registered_user_id ON password_reset(registered_user_id);
CREATE TABLE IF NOT EXISTS login_history (
login_history_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
registered_user_id BIGINT NOT NULL REFERENCES registered_user(registered_user_id) ON DELETE CASCADE,
timestamp TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP,
ip_id BIGINT REFERENCES ip_address(ip_id) NOT NULL,
user_agent_id BIGINT REFERENCES user_agent(user_agent_id) NOT NULL,
session_name TEXT,
success BOOLEAN
);
GRANT ALL ON login_history TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE login_history_login_history_id_seq TO staticpi;
CREATE TABLE IF NOT EXISTS login_attempt (
login_attempt_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
registered_user_id BIGINT UNIQUE REFERENCES registered_user(registered_user_id) ON DELETE CASCADE,
login_attempt_number INT DEFAULT 0
);
GRANT ALL ON login_attempt TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE login_attempt_login_attempt_id_seq TO staticpi;
CREATE TABLE IF NOT EXISTS two_fa_secret (
two_fa_secret_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
timestamp TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP NOT NULL,
registered_user_id BIGINT UNIQUE REFERENCES registered_user(registered_user_id) ON DELETE CASCADE,
ip_id BIGINT REFERENCES ip_address(ip_id) NOT NULL,
user_agent_id BIGINT REFERENCES user_agent(user_agent_id) NOT NULL,
two_fa_secret TEXT DEFAULT NULL,
always_required BOOLEAN DEFAULT FALSE
);
GRANT ALL ON two_fa_secret TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE two_fa_secret_two_fa_secret_id_seq TO staticpi;
CREATE TABLE IF NOT EXISTS two_fa_backup (
two_fa_backup_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
timestamp TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP NOT NULL,
registered_user_id BIGINT NOT NULL REFERENCES registered_user(registered_user_id) ON DELETE CASCADE,
two_fa_backup_code TEXT NOT NULL,
ip_id BIGINT REFERENCES ip_address(ip_id) NOT NULL,
user_agent_id BIGINT REFERENCES user_agent(user_agent_id) NOT NULL,
UNIQUE (registered_user_id, two_fa_backup_code)
);
GRANT ALL ON two_fa_backup TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE two_fa_backup_two_fa_backup_id_seq TO staticpi;
-- remove active, just delete instead?
CREATE TABLE IF NOT EXISTS api_key (
api_key_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
api_key_string TEXT NOT NULL UNIQUE CHECK (api_key_string ~ '^[A-F0-9]{128}$'),
registered_user_id BIGINT NOT NULL REFERENCES registered_user(registered_user_id) ON DELETE CASCADE,
timestamp TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP NOT NULL,
ip_id BIGINT REFERENCES ip_address(ip_id) NOT NULL,
user_agent_id BIGINT REFERENCES user_agent(user_agent_id) NOT NULL,
active BOOLEAN DEFAULT TRUE
);
GRANT ALL ON api_key TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE api_key_api_key_id_seq TO staticpi;
-- Create index on api_key_string for quicker look ups
CREATE INDEX api_key_string_index ON api_key(api_key_string);
CREATE TABLE IF NOT EXISTS device_name (
device_name_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
-- check max 64?
name_of_device TEXT UNIQUE NOT NULL,
timestamp TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP NOT NULL
);
GRANT ALL ON device_name TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE device_name_device_name_id_seq TO staticpi;
CREATE INDEX device_name_index ON device_name(name_of_device);
-- At the moment can only have a single api key attached to a device
CREATE TABLE IF NOT EXISTS device (
device_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
registered_user_id BIGINT NOT NULL REFERENCES registered_user(registered_user_id) ON DELETE CASCADE,
timestamp TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP NOT NULL,
ip_id BIGINT REFERENCES ip_address(ip_id) NOT NULL,
user_agent_id BIGINT REFERENCES user_agent(user_agent_id) NOT NULL,
api_key_id BIGINT UNIQUE REFERENCES api_key(api_key_id) ON DELETE CASCADE NOT NULL,
device_name_id BIGINT NOT NULL REFERENCES device_name(device_name_id) ON DELETE CASCADE,
structured_data BOOLEAN DEFAULT FALSE,
paused BOOLEAN DEFAULT FALSE NOT NULL,
client_password_id BIGINT UNIQUE REFERENCES device_password(device_password_id) ON DELETE CASCADE,
device_password_id BIGINT UNIQUE REFERENCES device_password(device_password_id) ON DELETE CASCADE,
max_clients SMALLINT DEFAULT 1 CHECK(
max_clients > 0
AND max_clients < 101
),
active BOOLEAN DEFAULT true
);
GRANT ALL ON device TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE device_device_id_seq TO staticpi;
-- Unique index, so that a single user cannot have two devices that are both active with the same name
CREATE UNIQUE INDEX unique_user_device_name ON device (device_name_id, registered_user_id)
WHERE
(active is true);
CREATE INDEX api_key_id ON device(api_key_id);
CREATE INDEX registered_user_id_index ON device(registered_user_id);
CREATE INDEX device_name_id ON device(device_name_id);
CREATE TABLE IF NOT EXISTS connection (
connection_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
device_id BIGINT REFERENCES device(device_id) ON DELETE CASCADE NOT NULL,
api_key_id BIGINT REFERENCES api_key(api_key_id) ON DELETE CASCADE NOT NULL,
user_agent_id BIGINT REFERENCES user_agent(user_agent_id) NOT NULL,
timestamp_online TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP NOT NULL,
timestamp_offline TIMESTAMPTZ,
ip_id BIGINT REFERENCES ip_address(ip_id) NOT NULL,
is_pi BOOLEAN NOT NULL
);
GRANT ALL ON connection TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE connection_connection_id_seq TO staticpi;
CREATE INDEX device_id_index ON connection(device_id);
CREATE TABLE IF NOT EXISTS email_subject (
email_subject_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
timestamp TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP NOT NULL,
subject TEXT UNIQUE NOT NULL
);
GRANT ALL ON email_subject TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE email_subject_email_subject_id_seq TO staticpi;
CREATE TABLE IF NOT EXISTS email_log (
email_log_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
timestamp TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP NOT NULL,
sent BOOLEAN DEFAULT TRUE NOT NULL,
ip_id BIGINT REFERENCES ip_address(ip_id) NOT NULL,
user_agent_id BIGINT REFERENCES user_agent(user_agent_id) NOT NULL,
email_address_id BIGINT REFERENCES email_address(email_address_id) ON DELETE CASCADE,
email_subject_id BIGINT REFERENCES email_subject(email_subject_id)
);
GRANT ALL ON email_log TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE email_log_email_log_id_seq TO staticpi;
CREATE TABLE IF NOT EXISTS contact_message (
contact_message_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
timestamp TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP NOT NULL,
ip_id BIGINT REFERENCES ip_address(ip_id) NOT NULL,
user_agent_id BIGINT REFERENCES user_agent(user_agent_id) NOT NULL,
email_address_id BIGINT REFERENCES email_address(email_address_id) ON DELETE CASCADE,
registered_user_id BIGINT REFERENCES registered_user(registered_user_id) ON DELETE CASCADE,
message TEXT NOT NULL
);
GRANT ALL ON contact_message TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE contact_message_contact_message_id_seq TO staticpi;
CREATE TABLE IF NOT EXISTS banned_email_domain (
banned_email_domain_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
domain TEXT UNIQUE NOT NULL
);
GRANT ALL ON banned_email_domain TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE banned_email_domain_banned_email_domain_id_seq TO staticpi;
CREATE TABLE IF NOT EXISTS hourly_bandwidth (
hourly_bandwidth_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
device_id BIGINT REFERENCES device(device_id) ON DELETE CASCADE NOT NULL,
timestamp TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP NOT NULL,
size_in_bytes BIGINT NOT NULL,
is_pi BOOLEAN NOT NULL,
is_counted BOOLEAN NOT NULL
);
GRANT ALL ON hourly_bandwidth TO staticpi;
GRANT USAGE,
SELECT
ON SEQUENCE hourly_bandwidth_hourly_bandwidth_id_seq TO staticpi;
CREATE UNIQUE INDEX on hourly_bandwidth(
extract(
year
FROM
(timestamp AT TIME ZONE 'UTC')
),
extract(
month
FROM
(timestamp AT TIME ZONE 'UTC')
),
extract(
day
FROM
(timestamp AT TIME ZONE 'UTC')
),
extract(
hour
FROM
(timestamp AT TIME ZONE 'UTC')
),
device_id,
is_pi,
is_counted
);
/***********
** AUDITS **
***********/
-- Function to minus jsonb from jsonb, works with nested jsons as well!
CREATE OR REPLACE FUNCTION jsonb_minus ( arg1 jsonb, arg2 jsonb ) RETURNS jsonb AS $$
SELECT
COALESCE(json_object_agg(
key,
CASE
WHEN jsonb_typeof(value) = 'object' AND arg2 -> key IS NOT NULL
THEN jsonb_minus(value, arg2 -> key)
ELSE value
END
), '{}')::jsonb
FROM
jsonb_each(arg1)
WHERE
arg1 -> key <> arg2 -> key
OR arg2 -> key IS NULL
$$ LANGUAGE SQL;
-- create the actual operator, using minus symbol, to use the jsonb_minus functions
CREATE OPERATOR - (
PROCEDURE = jsonb_minus,
LEFTARG = jsonb,
RIGHTARG = jsonb
);
/**
** Registered User Audit, executed on update, delete, and, insert
*/
CREATE TABLE IF NOT EXISTS registered_user_audit (
user_audit_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
table_name TEXT NOT NULL,
user_name TEXT,
action_timestamp TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP,
action TEXT NOT NULL CHECK (action IN ('i','d','u')),
old_values jsonb,
new_values jsonb,
difference jsonb,
query TEXT
);
GRANT ALL ON registered_user_audit TO staticpi;
GRANT USAGE, SELECT ON SEQUENCE registered_user_audit_user_audit_id_seq TO staticpi;
CREATE FUNCTION registered_user_modified_func() RETURNS TRIGGER AS $body$
BEGIN
IF tg_op = 'UPDATE' THEN
INSERT into registered_user_audit (table_name, user_name, action, old_values, new_values, difference, query)
VALUES (tg_table_name::TEXT, current_user, 'u', to_jsonb(OLD), to_jsonb(NEW), to_jsonb(OLD) - to_jsonb(NEW), current_query());
RETURN new;
ELSIF tg_op = 'DELETE' THEN
INSERT into registered_user_audit ( table_name, user_name, action, old_values, query)
VALUES (tg_table_name::TEXT, current_user, 'd', to_jsonb(OLD), current_query());
RETURN old;
ELSIF tg_op = 'INSERT' THEN
INSERT into registered_user_audit (table_name, user_name, action, new_values, query)
VALUES (tg_table_name::TEXT, current_user, 'i', to_jsonb(NEW), current_query());
RETURN new;
END IF;
END;
$body$
LANGUAGE plpgsql;
CREATE TRIGGER registered_user_audit_trig
BEFORE INSERT OR UPDATE OR DELETE
ON registered_user
FOR EACH ROW
EXECUTE PROCEDURE registered_user_modified_func();
/**
** Device Audit, executed on update, delete, and, insert
*/
CREATE TABLE IF NOT EXISTS device_audit (
device_audit_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
table_name TEXT NOT NULL,
user_name TEXT,
action_timestamp TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP,
action TEXT NOT NULL CHECK (action IN ('i','d','u')),
old_values jsonb,
new_values jsonb,
difference jsonb,
query TEXT
);
GRANT ALL ON device_audit TO staticpi;
GRANT USAGE, SELECT ON SEQUENCE device_audit_device_audit_id_seq TO staticpi;
CREATE FUNCTION device_audit_func() RETURNS TRIGGER AS $body$
BEGIN
IF tg_op = 'UPDATE' THEN
INSERT into device_audit (table_name, user_name, action, old_values, new_values, difference, query)
VALUES (tg_table_name::TEXT, current_user, 'u', to_jsonb(OLD), to_jsonb(NEW), to_jsonb(OLD) - to_jsonb(NEW), current_query());
RETURN new;
ELSIF tg_op = 'DELETE' THEN
INSERT into device_audit ( table_name, user_name, action, old_values, query)
VALUES (tg_table_name::TEXT, current_user, 'd', to_jsonb(OLD), current_query());
RETURN old;
ELSIF tg_op = 'INSERT' THEN
INSERT into device_audit (table_name, user_name, action, new_values, query)
VALUES (tg_table_name::TEXT, current_user, 'i', to_jsonb(NEW), current_query());
RETURN new;
END IF;
END;
$body$
LANGUAGE plpgsql;
CREATE TRIGGER device_trig
BEFORE INSERT OR UPDATE OR DELETE
ON device
FOR EACH ROW
EXECUTE PROCEDURE device_audit_func();
/**
** Api Key Audit, executed on update, delete, and, insert
*/
CREATE TABLE IF NOT EXISTS api_key_audit (
api_key_audit_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
table_name TEXT NOT NULL,
user_name TEXT,
action_timestamp TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP,
action TEXT NOT NULL CHECK (action IN ('i','d','u')),
old_values jsonb,
new_values jsonb,
difference jsonb,
query TEXT
);
GRANT ALL ON api_key_audit TO staticpi;
GRANT USAGE, SELECT ON SEQUENCE api_key_audit_api_key_audit_id_seq TO staticpi;
CREATE FUNCTION api_key_audit_func() RETURNS TRIGGER AS $body$
BEGIN
IF tg_op = 'UPDATE' THEN
INSERT into api_key_audit (table_name, user_name, action, old_values, new_values, difference, query)
VALUES (tg_table_name::TEXT, current_user, 'u', to_jsonb(OLD), to_jsonb(NEW), to_jsonb(OLD) - to_jsonb(NEW), current_query());
RETURN new;
ELSIF tg_op = 'DELETE' THEN
INSERT into api_key_audit ( table_name, user_name, action, old_values, query)
VALUES (tg_table_name::TEXT, current_user, 'd', to_jsonb(OLD), current_query());
RETURN old;
ELSIF tg_op = 'INSERT' THEN
INSERT into api_key_audit (table_name, user_name, action, new_values, query)
VALUES (tg_table_name::TEXT, current_user, 'i', to_jsonb(NEW), current_query());
RETURN new;
END IF;
END;
$body$
LANGUAGE plpgsql;
CREATE TRIGGER api_key_trig
BEFORE INSERT OR UPDATE OR DELETE
ON api_key
FOR EACH ROW
EXECUTE PROCEDURE api_key_audit_func();
/**
** Two FA Audit, executed on update, delete, and, insert
*/
CREATE TABLE IF NOT EXISTS two_fa_secret_audit (
two_fa_secret_audit_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
table_name TEXT NOT NULL,
user_name TEXT,
action_timestamp TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP,
action TEXT NOT NULL CHECK (action IN ('i','d','u')),
old_values jsonb,
new_values jsonb,
difference jsonb,
query TEXT
);
GRANT ALL ON two_fa_secret_audit TO staticpi;
GRANT USAGE, SELECT ON SEQUENCE two_fa_secret_audit_two_fa_secret_audit_id_seq TO staticpi;
CREATE FUNCTION two_fa_secret_audit_func() RETURNS TRIGGER AS $body$
BEGIN
IF tg_op = 'UPDATE' THEN
INSERT into two_fa_secret_audit (table_name, user_name, action, old_values, new_values, difference, query)
VALUES (tg_table_name::TEXT, current_user, 'u', to_jsonb(OLD), to_jsonb(NEW), to_jsonb(OLD) - to_jsonb(NEW), current_query());
RETURN new;
ELSIF tg_op = 'DELETE' THEN
INSERT into two_fa_secret_audit ( table_name, user_name, action, old_values, query)
VALUES (tg_table_name::TEXT, current_user, 'd', to_jsonb(OLD), current_query());
RETURN old;
ELSIF tg_op = 'INSERT' THEN
INSERT into two_fa_secret_audit (table_name, user_name, action, new_values, query)
VALUES (tg_table_name::TEXT, current_user, 'i', to_jsonb(NEW), current_query());
RETURN new;
END IF;
END;
$body$
LANGUAGE plpgsql;
CREATE TRIGGER two_fa_secret_trig
BEFORE INSERT OR UPDATE OR DELETE
ON two_fa_secret
FOR EACH ROW
EXECUTE PROCEDURE two_fa_secret_audit_func();
/**
** Two FA Backup, executed on update, delete, and, insert
*/
CREATE TABLE IF NOT EXISTS two_fa_backup_audit (
two_fa_backup_audit_id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
table_name TEXT NOT NULL,
user_name TEXT,
action_timestamp TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP,
action TEXT NOT NULL CHECK (action IN ('i','d','u')),
old_values jsonb,
new_values jsonb,
difference jsonb,
query TEXT
);
GRANT ALL ON two_fa_backup_audit TO staticpi;
GRANT USAGE, SELECT ON SEQUENCE two_fa_backup_audit_two_fa_backup_audit_id_seq TO staticpi;
CREATE FUNCTION two_fa_backup_audit_func() RETURNS TRIGGER AS $body$
BEGIN
IF tg_op = 'UPDATE' THEN
INSERT into two_fa_backup_audit (table_name, user_name, action, old_values, new_values, difference, query)
VALUES (tg_table_name::TEXT, current_user, 'u', to_jsonb(OLD), to_jsonb(NEW), to_jsonb(OLD) - to_jsonb(NEW), current_query());
RETURN new;
ELSIF tg_op = 'DELETE' THEN
INSERT into two_fa_backup_audit ( table_name, user_name, action, old_values, query)
VALUES (tg_table_name::TEXT, current_user, 'd', to_jsonb(OLD), current_query());
RETURN old;
ELSIF tg_op = 'INSERT' THEN
INSERT into two_fa_backup_audit (table_name, user_name, action, new_values, query)
VALUES (tg_table_name::TEXT, current_user, 'i', to_jsonb(NEW), current_query());
RETURN new;
END IF;
END;
$body$
LANGUAGE plpgsql;
CREATE TRIGGER two_fa_backup_trig
BEFORE INSERT OR UPDATE OR DELETE
ON two_fa_backup
FOR EACH ROW
EXECUTE PROCEDURE two_fa_backup_audit_func();