postgres interpreter

Author: battermann

libs/wire-api/src/Wire/API/PostgresMarshall.hs

@@ -36,12 +36,15 @@ import Data.Misc
 import Data.Profunctor
 import Data.Set qualified as Set
 import Data.Text qualified as Text
+import Data.Text.Ascii qualified as Ascii
 import Data.Text.Encoding qualified as Text
 import Data.UUID
 import Data.Vector (Vector)
 import Data.Vector qualified as V
 import Hasql.Statement
 import Imports
+import SAML2.WebSSO qualified as SAML
+import Wire.API.EnterpriseLogin
 
 class PostgresMarshall db domain where
   postgresMarshall :: domain -> db
@@ -538,6 +541,33 @@ instance PostgresMarshall Text Code.Key where
 instance PostgresMarshall Text Code.Value where
   postgresMarshall = Text.decodeUtf8 . toByteString'
 
+instance PostgresMarshall ByteString HttpsUrl where
+  postgresMarshall = toByteString'
+
+instance PostgresMarshall ByteString Token where
+  postgresMarshall = (.unToken)
+
+instance PostgresMarshall Text DnsVerificationToken where
+  postgresMarshall = Ascii.toText . (.unDnsVerificationToken)
+
+instance PostgresMarshall Int32 DomainRedirectTag where
+  postgresMarshall = \case
+    NoneTag -> 1
+    LockedTag -> 2
+    SSOTag -> 3
+    BackendTag -> 4
+    NoRegistrationTag -> 5
+    PreAuthorizedTag -> 6
+
+instance PostgresMarshall Int32 TeamInviteTag where
+  postgresMarshall = \case
+    AllowedTag -> 1
+    NotAllowedTag -> 2
+    TeamTag -> 3
+
+instance PostgresMarshall UUID SAML.IdPId where
+  postgresMarshall = SAML.fromIdPId
+
 ---
 
 class PostgresUnmarshall db domain where
@@ -869,6 +899,35 @@ instance PostgresUnmarshall Text Code.Key where
 instance PostgresUnmarshall Text Code.Value where
   postgresUnmarshall = mapLeft Text.pack . BSC.runParser BSC.parser . Text.encodeUtf8
 
+instance PostgresUnmarshall ByteString HttpsUrl where
+  postgresUnmarshall = first Text.pack . BSC.runParser BSC.parser
+
+instance PostgresUnmarshall ByteString Token where
+  postgresUnmarshall = Right . Token
+
+instance PostgresUnmarshall Text DnsVerificationToken where
+  postgresUnmarshall = first Text.pack . fmap DnsVerificationToken . Ascii.validate
+
+instance PostgresUnmarshall Int32 DomainRedirectTag where
+  postgresUnmarshall = \case
+    1 -> Right NoneTag
+    2 -> Right LockedTag
+    3 -> Right SSOTag
+    4 -> Right BackendTag
+    5 -> Right NoRegistrationTag
+    6 -> Right PreAuthorizedTag
+    n -> Left $ "Unexpected DomainRedirectTag value: " <> Text.pack (show n)
+
+instance PostgresUnmarshall Int32 TeamInviteTag where
+  postgresUnmarshall = \case
+    1 -> Right AllowedTag
+    2 -> Right NotAllowedTag
+    3 -> Right TeamTag
+    n -> Left $ "Unexpected TeamInviteTag value: " <> Text.pack (show n)
+
+instance PostgresUnmarshall UUID SAML.IdPId where
+  postgresUnmarshall = Right . SAML.IdPId
+
 ---
 
 lmapPG :: (PostgresMarshall db domain, Profunctor p) => p db x -> p domain x

libs/wire-subsystems/src/Wire/DomainRegistrationStore.hs

@@ -1,3 +1,4 @@
+{-# LANGUAGE RecordWildCards #-}
 {-# LANGUAGE TemplateHaskell #-}
 
 -- This file is part of the Wire Server implementation.
@@ -25,6 +26,7 @@ module Wire.DomainRegistrationStore
     lookup,
     lookupByTeam,
     delete,
+    DomainRegistrationRow,
   )
 where
 
@@ -36,6 +38,7 @@ import Data.Domain as Domain
 import Data.Id
 import Data.Misc
 import Data.Text as T
+import Data.UUID (UUID)
 import Database.CQL.Protocol (Record (..), TupleType, recordInstance)
 import Imports hiding (lookup)
 import Polysemy
@@ -45,6 +48,7 @@ import Polysemy.TinyLog qualified as Log
 import SAML2.WebSSO qualified as SAML
 import System.Logger.Message qualified as Log
 import Wire.API.EnterpriseLogin
+import Wire.API.PostgresMarshall
 
 newtype DomainKey = DomainKey {unDomainKey :: CI Text}
   deriving stock (Eq, Ord, Show)
@@ -61,6 +65,64 @@ instance Cql DomainKey where
   fromCql (CqlText txt) = pure . DomainKey . CI.mk $ txt
   fromCql _ = Left "DomainKey: Text expected"
 
+instance PostgresMarshall Text DomainKey where
+  postgresMarshall = CI.foldedCase . unDomainKey
+
+instance PostgresUnmarshall Text DomainKey where
+  postgresUnmarshall = Right . DomainKey . CI.mk
+
+type DomainRegistrationRow =
+  ( Text,
+    Maybe Int32,
+    Maybe Int32,
+    Maybe UUID,
+    Maybe ByteString,
+    Maybe UUID,
+    Maybe Text,
+    Maybe ByteString,
+    Maybe UUID,
+    Maybe ByteString
+  )
+
+instance PostgresMarshall DomainRegistrationRow StoredDomainRegistration where
+  postgresMarshall StoredDomainRegistration {..} =
+    ( postgresMarshall domain,
+      postgresMarshall domainRedirect,
+      postgresMarshall teamInvite,
+      postgresMarshall idpId,
+      postgresMarshall backendUrl,
+      postgresMarshall team,
+      postgresMarshall dnsVerificationToken,
+      postgresMarshall authTokenHash,
+      postgresMarshall authorizedTeam,
+      postgresMarshall webappUrl
+    )
+
+instance PostgresUnmarshall DomainRegistrationRow StoredDomainRegistration where
+  postgresUnmarshall
+    ( domain,
+      domainRedirect,
+      teamInvite,
+      idpId,
+      backendUrl,
+      team,
+      dnsVerificationToken,
+      authTokenHash,
+      authorizedTeam,
+      webappUrl
+      ) =
+      StoredDomainRegistration
+        <$> postgresUnmarshall domain
+        <*> postgresUnmarshall domainRedirect
+        <*> postgresUnmarshall teamInvite
+        <*> postgresUnmarshall idpId
+        <*> postgresUnmarshall backendUrl
+        <*> postgresUnmarshall team
+        <*> postgresUnmarshall dnsVerificationToken
+        <*> postgresUnmarshall authTokenHash
+        <*> postgresUnmarshall authorizedTeam
+        <*> postgresUnmarshall webappUrl
+
 data StoredDomainRegistration = StoredDomainRegistration
   { domain :: DomainKey,
     domainRedirect :: Maybe DomainRedirectTag,

libs/wire-subsystems/src/Wire/DomainRegistrationStore/Postgres.hs

@@ -0,0 +1,111 @@
+{-# LANGUAGE RecordWildCards #-}
+
+-- This file is part of the Wire Server implementation.
+--
+-- Copyright (C) 2026 Wire Swiss GmbH <opensource@wire.com>
+--
+-- This program is free software: you can redistribute it and/or modify it under
+-- the terms of the GNU Affero General Public License as published by the Free
+-- Software Foundation, either version 3 of the License, or (at your option) any
+-- later version.
+--
+-- This program is distributed in the hope that it will be useful, but WITHOUT
+-- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+-- FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+-- details.
+--
+-- You should have received a copy of the GNU Affero General Public License along
+-- with this program. If not, see <https://www.gnu.org/licenses/>.
+
+module Wire.DomainRegistrationStore.Postgres
+  ( interpretDomainRegistrationStoreToPostgres,
+  )
+where
+
+import Data.Id (TeamId)
+import Data.UUID (UUID)
+import Data.Vector (Vector)
+import Data.Vector qualified as Vector
+import Hasql.Statement qualified as Hasql
+import Hasql.TH
+import Imports hiding (lookup)
+import Polysemy
+import Wire.API.PostgresMarshall
+import Wire.DomainRegistrationStore
+import Wire.Postgres
+
+interpretDomainRegistrationStoreToPostgres ::
+  (PGConstraints r) =>
+  InterpreterFor DomainRegistrationStore r
+interpretDomainRegistrationStoreToPostgres = interpret $ \case
+  UpsertInternal dr -> upsertImpl dr
+  LookupInternal domain -> lookupImpl domain
+  LookupByTeamInternal tid -> lookupByTeamInternalImpl tid
+  DeleteInternal domain -> deleteImpl domain
+
+upsertImpl :: (PGConstraints r) => StoredDomainRegistration -> Sem r ()
+upsertImpl dr =
+  runStatement dr upsertStatement
+  where
+    upsertStatement :: Hasql.Statement StoredDomainRegistration ()
+    upsertStatement =
+      lmapPG
+        [resultlessStatement|INSERT INTO domain_registration
+                               (domain, domain_redirect, team_invite, idp_id, backend_url,
+                                team, dns_verification_token, ownership_token_hash, authorized_team, webapp_url)
+                             VALUES
+                               ($1 :: text, $2 :: int?, $3 :: int?, $4 :: uuid?, $5 :: bytea?,
+                                $6 :: uuid?, $7 :: text?, $8 :: bytea?, $9 :: uuid?, $10 :: bytea?)
+                             ON CONFLICT (domain) DO UPDATE
+                             SET domain_redirect = ($2 :: int?),
+                                 team_invite = ($3 :: int?),
+                                 idp_id = ($4 :: uuid?),
+                                 backend_url = ($5 :: bytea?),
+                                 team = ($6 :: uuid?),
+                                 dns_verification_token = ($7 :: text?),
+                                 ownership_token_hash = ($8 :: bytea?),
+                                 authorized_team = ($9 :: uuid?),
+                                 webapp_url = ($10 :: bytea?)
+                          |]
+
+lookupImpl :: (PGConstraints r) => DomainKey -> Sem r (Maybe StoredDomainRegistration)
+lookupImpl domain =
+  runStatement domain selectStatement
+  where
+    selectStatement :: Hasql.Statement DomainKey (Maybe StoredDomainRegistration)
+    selectStatement =
+      dimapPG @Text @DomainKey @(Maybe DomainRegistrationRow) @(Maybe StoredDomainRegistration) $
+        [maybeStatement|SELECT (domain :: text), (domain_redirect :: int?), (team_invite :: int?),
+                                 (idp_id :: uuid?), (backend_url :: bytea?), (team :: uuid?),
+                                 (dns_verification_token :: text?), (ownership_token_hash :: bytea?),
+                                 (authorized_team :: uuid?), (webapp_url :: bytea?)
+                          FROM domain_registration
+                          WHERE domain = ($1 :: text)
+                         |]
+
+lookupByTeamInternalImpl :: (PGConstraints r) => TeamId -> Sem r [StoredDomainRegistration]
+lookupByTeamInternalImpl tid = do
+  rows <- runStatement tid selectByTeamStatement
+  pure $ Vector.toList rows
+  where
+    selectByTeamStatement :: Hasql.Statement TeamId (Vector StoredDomainRegistration)
+    selectByTeamStatement =
+      dimapPG @UUID @TeamId @(Vector DomainRegistrationRow) @(Vector StoredDomainRegistration) $
+        [vectorStatement|SELECT (domain :: text), (domain_redirect :: int?), (team_invite :: int?),
+                                  (idp_id :: uuid?), (backend_url :: bytea?), (team :: uuid?),
+                                  (dns_verification_token :: text?), (ownership_token_hash :: bytea?),
+                                  (authorized_team :: uuid?), (webapp_url :: bytea?)
+                           FROM domain_registration
+                           WHERE authorized_team = ($1 :: uuid)
+                          |]
+
+deleteImpl :: (PGConstraints r) => DomainKey -> Sem r ()
+deleteImpl domain =
+  runStatement domain deleteStatement
+  where
+    deleteStatement :: Hasql.Statement DomainKey ()
+    deleteStatement =
+      lmapPG
+        [resultlessStatement|DELETE FROM domain_registration
+                             WHERE domain = ($1 :: text)
+                            |]

libs/wire-subsystems/wire-subsystems.cabal

@@ -268,6 +268,7 @@ library
     Wire.DeleteQueue.InMemory
     Wire.DomainRegistrationStore
     Wire.DomainRegistrationStore.Cassandra
+    Wire.DomainRegistrationStore.Postgres
     Wire.DomainVerificationChallengeStore
     Wire.DomainVerificationChallengeStore.Cassandra
     Wire.EmailSending