Fix db inconsistencies (#1798)

Author: pilcrowonpaper

pages/sessions/basic-api/drizzle-orm.md

@@ -22,11 +22,15 @@ import type { InferSelectModel } from "drizzle-orm";
 const connection = await mysql.createConnection();
 const db = drizzle(connection);
 
+// your user table
 export const userTable = mysqlTable("user", {
-	id: int("id").primaryKey().autoincrement()
+	id: int("id").primaryKey().autoincrement(),
+	username: varchar("username", {
+		length: 31
+	}).notNull()
 });
 
-export const sessionTable = mysqlTable("session", {
+export const userSessionTable = mysqlTable("user_session", {
 	id: varchar("id", {
 		length: 255
 	}).primaryKey(),
@@ -37,7 +41,7 @@ export const sessionTable = mysqlTable("session", {
 });
 
 export type User = InferSelectModel<typeof userTable>;
-export type Session = InferSelectModel<typeof sessionTable>;
+export type Session = InferSelectModel<typeof userSessionTable>;
 ```
 
 ### PostgreSQL
@@ -52,11 +56,13 @@ import type { InferSelectModel } from "drizzle-orm";
 const pool = new pg.Pool();
 const db = drizzle(pool);
 
+// your user table
 export const userTable = pgTable("user", {
-	id: serial("id").primaryKey()
+	id: serial("id").primaryKey(),
+	username: text("username").notNull()
 });
 
-export const sessionTable = pgTable("session", {
+export const userSessionTable = pgTable("user_session", {
 	id: text("id").primaryKey(),
 	userId: integer("user_id")
 		.notNull()
@@ -68,7 +74,7 @@ export const sessionTable = pgTable("session", {
 });
 
 export type User = InferSelectModel<typeof userTable>;
-export type Session = InferSelectModel<typeof sessionTable>;
+export type Session = InferSelectModel<typeof userSessionTable>;
 ```
 
 ### SQLite
@@ -83,11 +89,13 @@ import type { InferSelectModel } from "drizzle-orm";
 const sqliteDB = sqlite(":memory:");
 const db = drizzle(sqliteDB);
 
+// your user table
 export const userTable = sqliteTable("user", {
-	id: integer("id").primaryKey()
+	id: integer("id").primaryKey(),
+	username: text("username").notNull()
 });
 
-export const sessionTable = sqliteTable("session", {
+export const userSessionTable = sqliteTable("user_session", {
 	id: text("id").primaryKey(),
 	userId: integer("user_id")
 		.notNull()
@@ -98,7 +106,7 @@ export const sessionTable = sqliteTable("session", {
 });
 
 export type User = InferSelectModel<typeof userTable>;
-export type Session = InferSelectModel<typeof sessionTable>;
+export type Session = InferSelectModel<typeof userSessionTable>;
 ```
 
 ## Install dependencies
@@ -167,7 +175,7 @@ export function generateSessionToken(): string {
 The session ID will be SHA-256 hash of the token. We'll set the expiration to 30 days.
 
 ```ts
-import { db, userTable, sessionTable } from "./db.js";
+import { db, userTable, userSessionTable } from "./db.js";
 import { eq } from "drizzle-orm";
 import { encodeBase32LowerCaseNoPadding, encodeHexLowerCase } from "@oslojs/encoding";
 import { sha256 } from "@oslojs/crypto/sha2";
@@ -181,7 +189,7 @@ export async function createSession(token: string, userId: number): Promise<Sess
 		userId,
 		expiresAt: new Date(Date.now() + 1000 * 60 * 60 * 24 * 30)
 	};
-	await db.insert(sessionTable).values(session);
+	await db.insert(userSessionTable).values(session);
 	return session;
 }
 ```
@@ -196,7 +204,7 @@ We'll also extend the session expiration when it's close to expiration. This ens
 For convenience, we'll return both the session and user object tied to the session ID.
 
 ```ts
-import { db, userTable, sessionTable } from "./db.js";
+import { db, userTable, userSessionTable } from "./db.js";
 import { eq } from "drizzle-orm";
 import { encodeBase32LowerCaseNoPadding, encodeHexLowerCase } from "@oslojs/encoding";
 import { sha256 } from "@oslojs/crypto/sha2";
@@ -206,26 +214,26 @@ import { sha256 } from "@oslojs/crypto/sha2";
 export async function validateSessionToken(token: string): Promise<SessionValidationResult> {
 	const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
 	const result = await db
-		.select({ user: userTable, session: sessionTable })
-		.from(sessionTable)
-		.innerJoin(userTable, eq(sessionTable.userId, userTable.id))
-		.where(eq(sessionTable.id, sessionId));
+		.select({ user: userTable, session: userSessionTable })
+		.from(userSessionTable)
+		.innerJoin(userTable, eq(userSessionTable.userId, userTable.id))
+		.where(eq(userSessionTable.id, sessionId));
 	if (result.length < 1) {
 		return { session: null, user: null };
 	}
 	const { user, session } = result[0];
 	if (Date.now() >= session.expiresAt.getTime()) {
-		await db.delete(sessionTable).where(eq(sessionTable.id, session.id));
+		await db.delete(userSessionTable).where(eq(userSessionTable.id, session.id));
 		return { session: null, user: null };
 	}
 	if (Date.now() >= session.expiresAt.getTime() - 1000 * 60 * 60 * 24 * 15) {
 		session.expiresAt = new Date(Date.now() + 1000 * 60 * 60 * 24 * 30);
 		await db
-			.update(sessionTable)
+			.update(userSessionTable)
 			.set({
 				expiresAt: session.expiresAt
 			})
-			.where(eq(sessionTable.id, session.id));
+			.where(eq(userSessionTable.id, session.id));
 	}
 	return { session, user };
 }
@@ -234,24 +242,24 @@ export async function validateSessionToken(token: string): Promise<SessionValida
 Finally, invalidate sessions by simply deleting it from the database.
 
 ```ts
-import { db, userTable, sessionTable } from "./db.js";
+import { db, userTable, userSessionTable } from "./db.js";
 import { eq } from "drizzle-orm";
 
 // ...
 
 export async function invalidateSession(sessionId: string): Promise<void> {
-	await db.delete(sessionTable).where(eq(sessionTable.id, sessionId));
+	await db.delete(userSessionTable).where(eq(userSessionTable.id, sessionId));
 }
 
 export async function invalidateAllSessions(userId: number): Promise<void> {
-	await db.delete(sessionTable).where(eq(sessionTable.userId, userId));
+	await db.delete(userSessionTable).where(eq(userSessionTable.userId, userId));
 }
 ```
 
 Here's the full code:
 
 ```ts
-import { db, userTable, sessionTable } from "./db.js";
+import { db, userTable, userSessionTable } from "./db.js";
 import { eq } from "drizzle-orm";
 import { encodeBase32LowerCaseNoPadding, encodeHexLowerCase } from "@oslojs/encoding";
 import { sha256 } from "@oslojs/crypto/sha2";
@@ -272,43 +280,43 @@ export async function createSession(token: string, userId: number): Promise<Sess
 		userId,
 		expiresAt: new Date(Date.now() + 1000 * 60 * 60 * 24 * 30)
 	};
-	await db.insert(sessionTable).values(session);
+	await db.insert(userSessionTable).values(session);
 	return session;
 }
 
 export async function validateSessionToken(token: string): Promise<SessionValidationResult> {
 	const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
 	const result = await db
-		.select({ user: userTable, session: sessionTable })
-		.from(sessionTable)
-		.innerJoin(userTable, eq(sessionTable.userId, userTable.id))
-		.where(eq(sessionTable.id, sessionId));
+		.select({ user: userTable, session: userSessionTable })
+		.from(userSessionTable)
+		.innerJoin(userTable, eq(userSessionTable.userId, userTable.id))
+		.where(eq(userSessionTable.id, sessionId));
 	if (result.length < 1) {
 		return { session: null, user: null };
 	}
 	const { user, session } = result[0];
 	if (Date.now() >= session.expiresAt.getTime()) {
-		await db.delete(sessionTable).where(eq(sessionTable.id, session.id));
+		await db.delete(userSessionTable).where(eq(userSessionTable.id, session.id));
 		return { session: null, user: null };
 	}
 	if (Date.now() >= session.expiresAt.getTime() - 1000 * 60 * 60 * 24 * 15) {
 		session.expiresAt = new Date(Date.now() + 1000 * 60 * 60 * 24 * 30);
 		await db
-			.update(sessionTable)
+			.update(userSessionTable)
 			.set({
 				expiresAt: session.expiresAt
 			})
-			.where(eq(sessionTable.id, session.id));
+			.where(eq(userSessionTable.id, session.id));
 	}
 	return { session, user };
 }
 
 export async function invalidateSession(sessionId: string): Promise<void> {
-	await db.delete(sessionTable).where(eq(sessionTable.id, sessionId));
+	await db.delete(userSessionTable).where(eq(userSessionTable.id, sessionId));
 }
 
 export async function invalidateAllSessions(userId: number): Promise<void> {
-	await db.delete(sessionTable).where(eq(sessionTable.userId, userId));
+	await db.delete(userSessionTable).where(eq(userSessionTable.userId, userId));
 }
 
 export type SessionValidationResult =

pages/sessions/basic-api/mysql.md

@@ -11,6 +11,7 @@ Users will use a session token linked to a session instead of the ID directly. T
 Create a session table with a field for a text ID, user ID, and expiration.
 
 ```
+-- your user table
 CREATE TABLE user (
     id INT PRIMARY KEY AUTO_INCREMENT,
     username VARCHAR(255) NOT NULL UNIQUE
@@ -142,6 +143,7 @@ import { sha256 } from "@oslojs/crypto/sha2";
 
 export async function validateSessionToken(token: string): Promise<SessionValidationResult> {
 	const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
+	// TODO: update query to match your user table
 	const row = await db.queryOne(
 		"SELECT user_session.id, user_session.user_id, user_session.expires_at, user.id FROM user_session INNER JOIN user ON user.id = user_session.user_id WHERE id = ?",
 		sessionId
@@ -221,6 +223,7 @@ export async function createSession(token: string, userId: number): Promise<Sess
 
 export async function validateSessionToken(token: string): Promise<SessionValidationResult> {
 	const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
+	// TODO: update query to match your user table
 	const row = await db.queryOne(
 		"SELECT user_session.id, user_session.user_id, user_session.expires_at, user.id FROM user_session INNER JOIN user ON user.id = user_session.user_id WHERE id = ?",
 		sessionId

pages/sessions/basic-api/postgresql.md

@@ -11,6 +11,8 @@ Users will use a session token linked to a session instead of the ID directly. T
 Create a session table with a field for a text ID, user ID, and expiration.
 
 ```
+-- your user table
+-- "app_user" instead of "user" to avoid name collisions
 CREATE TABLE app_user (
     id SERIAL PRIMARY KEY,
     username TEXT NOT NULL UNIQUE
@@ -142,6 +144,7 @@ import { sha256 } from "@oslojs/crypto/sha2";
 
 export async function validateSessionToken(token: string): Promise<SessionValidationResult> {
 	const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
+	// TODO: update query to match your user table
 	const row = await db.queryOne(
 		"SELECT user_session.id, user_session.user_id, user_session.expires_at, app_user.id FROM user_session INNER JOIN user ON app_user.id = user_session.user_id WHERE id = ?",
 		sessionId
@@ -221,6 +224,7 @@ export async function createSession(token: string, userId: number): Promise<Sess
 
 export async function validateSessionToken(token: string): Promise<SessionValidationResult> {
 	const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
+	// TODO: update query to match your user table
 	const row = await db.queryOne(
 		"SELECT user_session.id, user_session.user_id, user_session.expires_at, app_user.id FROM user_session INNER JOIN user ON app_user.id = user_session.user_id WHERE id = ?",
 		sessionId

pages/sessions/basic-api/prisma.md

@@ -8,15 +8,17 @@ Users will use a session token linked to a session instead of the ID directly. T
 
 ## Declare your schema
 
-Create a session model with a field for a text ID, user ID, and expiration.
+Create a session model with a field for a text ID, user ID, and expiration. Add a relation field to your user table.
 
 ```
+// your user table
 model User {
   id       Int       @id @default(autoincrement())
+  username String
   sessions Session[]
 }
 
-model Session {
+model UserSession {
   id        String   @id
   userId    Int
   expiresAt DateTime
@@ -40,17 +42,17 @@ Here's what our API will look like. What each method does should be pretty self
 If you just need the full code without the explanation, skip to the end of this section.
 
 ```ts
-import type { User, Session } from "@prisma/client";
+import type { User, UserSession } from "@prisma/client";
 
 export function generateSessionToken(): string {
 	// TODO
 }
 
-export async function createSession(token: string, userId: number): Promise<Session> {
+export async function createSession(token: string, userId: number): Promise<UserSession> {
 	// TODO
 }
 
-export async function validateSessionToken(token: string): Promise<SessionValidationResult> {
+export async function validateSessionToken(token: string): Promise<UserSessionValidationResult> {
 	// TODO
 }
 
@@ -62,8 +64,8 @@ export async function invalidateAllSessions(userId: number): Promise<void> {
 	// TODO
 }
 
-export type SessionValidationResult =
-	| { session: Session; user: User }
+export type UserSessionValidationResult =
+	| { session: UserSession; user: User }
 	| { session: null; user: null };
 ```
 
@@ -99,9 +101,9 @@ import { sha256 } from "@oslojs/crypto/sha2";
 
 // ...
 
-export async function createSession(token: string, userId: number): Promise<Session> {
+export async function createSession(token: string, userId: number): Promise<UserSession> {
 	const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
-	const session: Session = {
+	const session: UserSession = {
 		id: sessionId,
 		userId,
 		expiresAt: new Date(Date.now() + 1000 * 60 * 60 * 24 * 30)
@@ -129,7 +131,7 @@ import { sha256 } from "@oslojs/crypto/sha2";
 
 // ...
 
-export async function validateSessionToken(token: string): Promise<SessionValidationResult> {
+export async function validateSessionToken(token: string): Promise<UserSessionValidationResult> {
 	const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
 	const result = await prisma.session.findUnique({
 		where: {
@@ -189,7 +191,7 @@ import { prisma } from "./db.js";
 import { encodeBase32LowerCaseNoPadding, encodeHexLowerCase } from "@oslojs/encoding";
 import { sha256 } from "@oslojs/crypto/sha2";
 
-import type { User, Session } from "@prisma/client";
+import type { User, UserSession } from "@prisma/client";
 
 export function generateSessionToken(): string {
 	const bytes = new Uint8Array(20);
@@ -198,9 +200,9 @@ export function generateSessionToken(): string {
 	return token;
 }
 
-export async function createSession(token: string, userId: number): Promise<Session> {
+export async function createSession(token: string, userId: number): Promise<UserSession> {
 	const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
-	const session: Session = {
+	const session: UserSession = {
 		id: sessionId,
 		userId,
 		expiresAt: new Date(Date.now() + 1000 * 60 * 60 * 24 * 30)
@@ -211,7 +213,7 @@ export async function createSession(token: string, userId: number): Promise<Sess
 	return session;
 }
 
-export async function validateSessionToken(token: string): Promise<SessionValidationResult> {
+export async function validateSessionToken(token: string): Promise<UserSessionValidationResult> {
 	const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
 	const result = await prisma.session.findUnique({
 		where: {
@@ -255,8 +257,8 @@ export async function invalidateAllSessions(userId: number): Promise<void> {
 	});
 }
 
-export type SessionValidationResult =
-	| { session: Session; user: User }
+export type UserSessionValidationResult =
+	| { session: UserSession; user: User }
 	| { session: null; user: null };
 ```