fediglam/src/main/api.zig

const std = @import("std");
const util = @import("util");

const db = @import("./db.zig");

const models = @import("./db/models.zig");
pub const DateTime = util.DateTime;
pub const Uuid = util.Uuid;

const PwHash = std.crypto.pwhash.scrypt;
const pw_hash_params = PwHash.Params.interactive;
const pw_hash_encoding = .phc;
const pw_hash_buf_size = 128;

const token_len = 20;
const token_str_len = std.base64.standard.Encoder.calcSize(token_len);

// Frees an api struct and its fields allocated from alloc
pub fn free(alloc: std.mem.Allocator, val: anytype) void {
    switch (@typeInfo(@TypeOf(val))) {
        .Pointer => |ptr_info| switch (ptr_info.size) {
            .One => {
                free(alloc, val.*);
                alloc.destroy(val);
            },
            .Slice => {
                for (val) |elem| free(alloc, elem);
                alloc.free(val);
            },
            else => unreachable,
        },
        .Struct => inline for (std.meta.fields(@TypeOf(val))) |f| free(alloc, @field(val, f.name)),
        .Array => for (val) |elem| free(alloc, elem),
        .Optional => if (val) |opt| free(alloc, opt),
        .Bool, .Int, .Float, .Enum => {},
        else => unreachable,
    }
}

pub fn CreateInfo(comptime T: type) type {
    const t_fields = std.meta.fields(T);
    var fields: [t_fields.len - 1]std.builtin.Type.StructField = undefined;
    var count = 0;

    inline for (t_fields) |f| {
        if (std.mem.eql(u8, f.name, "id")) continue;

        fields[count] = f;
        count += 1;
    }

    return @Type(.{ .Struct = .{
        .layout = .Auto,
        .fields = &fields,
        .decls = &[0]std.builtin.Type.Declaration{},
        .is_tuple = false,
    } });
}

fn reify(comptime T: type, id: Uuid, val: CreateInfo(T)) T {
    var result: T = undefined;
    result.id = id;
    inline for (std.meta.fields(CreateInfo(T))) |f| {
        @field(result, f.name) = @field(val, f.name);
    }
    return result;
}

pub const NoteCreateInfo = struct {
    content: []const u8,
};

pub const RegistrationInfo = struct {
    username: []const u8,
    password: []const u8,
    email: ?[]const u8,
};

pub const LoginResult = struct {
    user_id: Uuid,
    token: [token_str_len]u8,
    issued_at: DateTime,
};

threadlocal var prng: std.rand.DefaultPrng = undefined;

pub fn initThreadPrng(seed: u64) void {
    prng = std.rand.DefaultPrng.init(seed +% std.Thread.getCurrentId());
}

pub const ApiSource = struct {
    db: db.Database,
    internal_alloc: std.mem.Allocator,

    pub const Conn = ApiConn(db.Database);

    pub fn init(alloc: std.mem.Allocator) !ApiSource {
        return ApiSource{
            .db = try db.Database.init(),
            .internal_alloc = alloc,
        };
    }

    pub fn connectUnauthorized(self: *ApiSource, alloc: std.mem.Allocator) !Conn {
        return Conn{
            .db = self.db,
            .internal_alloc = self.internal_alloc,
            .as_user = null,
            .arena = std.heap.ArenaAllocator.init(alloc),
        };
    }

    pub fn connectToken(self: *ApiSource, token: []const u8, alloc: std.mem.Allocator) !Conn {
        const decoded_len = std.base64.standard.Decoder.calcSizeForSlice(token) catch return error.InvalidToken;
        if (decoded_len != token_len) return error.InvalidToken;

        var decoded: [token_len]u8 = undefined;
        std.base64.standard.Decoder.decode(&decoded, token) catch return error.InvalidToken;

        var hash: models.ByteArray(models.Token.hash_len) = undefined;
        models.Token.HashFn.hash(&decoded, &hash.data, .{});

        var arena = std.heap.ArenaAllocator.init(alloc);

        const db_token = (try self.db.getBy(models.Token, .hash, hash, arena.allocator())) orelse return error.InvalidToken;

        return Conn{
            .db = self.db,
            .internal_alloc = self.internal_alloc,
            .as_user = db_token.user_id,
            .arena = arena,
        };
    }
};

fn ApiConn(comptime DbConn: type) type {
    return struct {
        const Self = @This();

        db: DbConn,
        internal_alloc: std.mem.Allocator, // used *only* for large, internal buffers
        as_user: ?Uuid,
        arena: std.heap.ArenaAllocator,

        pub fn close(self: *Self) void {
            self.arena.deinit();
        }

        fn getAuthenticatedUser(self: *Self) !models.LocalUser {
            if (self.as_user) |user_id| {
                const local_user = try self.db.getBy(models.LocalUser, .id, user_id, self.arena.allocator());
                if (local_user == null) return error.UserNotFound;

                return local_user.?;
            } else {
                return error.NotAuthenticated;
            }
        }

        fn getAuthenticatedActor(self: *Self) !models.Actor {
            const user = try self.getAuthenticatedUser();
            if (user.actor_id) |actor_id| {
                const actor = try self.db.getBy(models.Actor, .id, actor_id, self.arena);
                return actor.?;
            } else {
                return error.NoActor;
            }
        }

        pub fn createNote(self: *Self, info: NoteCreateInfo) !models.Note {
            const id = Uuid.randV4(prng.random());
            const user = try self.getAuthenticatedUser();

            const note = models.Note{
                .id = id,
                .author_id = user.actor_id orelse return error.NotAuthorized,
                .content = info.content,

                .created_at = DateTime.now(),
            };
            try self.db.insert(models.Note, note);

            return note;
        }

        pub fn getNote(self: *Self, id: Uuid) !?models.Note {
            return self.db.getBy(models.Note, .id, id, self.arena.allocator());
        }

        pub fn getActor(self: *Self, id: Uuid) !?models.Actor {
            return self.db.getBy(models.Actor, .id, id, self.arena.allocator());
        }

        pub fn getActorByHandle(self: *Self, handle: []const u8) !?models.Actor {
            return self.db.getBy(models.Actor, .handle, handle, self.arena.allocator());
        }

        pub fn react(self: *Self, note_id: Uuid) !void {
            const id = Uuid.randV4(prng.random());
            const user = try self.getAuthenticatedUser();
            try self.db.insert(models.Reaction, .{ .id = id, .note_id = note_id, .reactor_id = user.actor_id orelse return error.NotAuthorized, .created_at = DateTime.now() });
        }

        pub fn listReacts(self: *Self, note_id: Uuid) ![]models.Reaction {
            return try self.db.getWhereEq(models.Reaction, .note_id, note_id, self.arena.allocator());
        }

        pub fn register(self: *Self, info: RegistrationInfo) !models.Actor {
            const actor_id = Uuid.randV4(prng.random());
            const user_id = Uuid.randV4(prng.random());
            // TODO: transaction?

            if (try self.db.existsWhereEq(models.LocalUser, .username, info.username)) {
                return error.UsernameUnavailable;
            }

            if (try self.db.existsWhereEq(models.Actor, .handle, info.username)) {
                return error.InconsistentDb;
            }

            // use internal alloc because necessary buffer is *big*
            var buf: [pw_hash_buf_size]u8 = undefined;
            const hash = try PwHash.strHash(info.password, .{ .allocator = self.internal_alloc, .params = pw_hash_params, .encoding = pw_hash_encoding }, &buf);
            const now = DateTime.now();

            const actor = models.Actor{
                .id = actor_id,
                .handle = info.username,
                .created_at = now,
            };
            const user = models.LocalUser{
                .id = user_id,
                .actor_id = actor_id,
                .username = info.username,
                .email = info.email,
                .hashed_password = hash,
                .password_changed_at = now,
                .created_at = now,
            };
            try self.db.insert(models.Actor, actor);
            try self.db.insert(models.LocalUser, user);

            // TODO: return token instead
            return actor;
        }

        pub fn login(self: *Self, username: []const u8, password: []const u8) !LoginResult {
            // TODO: This gives away the existence of a user through a timing side channel. is that acceptable?
            const user_info = (try self.db.getBy(models.LocalUser, .username, username, self.arena.allocator())) orelse return error.InvalidLogin;
            //defer free(self.arena.allocator(), user_info);

            const Hash = std.crypto.pwhash.scrypt;
            Hash.strVerify(user_info.hashed_password, password, .{ .allocator = self.internal_alloc }) catch |err| switch (err) {
                error.PasswordVerificationFailed => return error.InvalidLogin,
                else => return err,
            };

            const token = try self.createToken(user_info);

            var token_enc: [token_str_len]u8 = undefined;
            _ = std.base64.standard.Encoder.encode(&token_enc, &token.value);

            return LoginResult{
                .user_id = user_info.id,
                .token = token_enc,
                .issued_at = token.info.issued_at,
            };
        }

        const TokenResult = struct {
            info: models.Token,
            value: [token_len]u8,
        };
        fn createToken(self: *Self, user: models.LocalUser) !TokenResult {
            var token: [token_len]u8 = undefined;
            std.crypto.random.bytes(&token);

            var hash: [models.Token.hash_len]u8 = undefined;
            models.Token.HashFn.hash(&token, &hash, .{});

            const db_token = models.Token{
                .id = Uuid.randV4(prng.random()),
                .hash = .{ .data = hash },
                .user_id = user.id,
                .issued_at = DateTime.now(),
            };

            try self.db.insert(models.Token, db_token);
            return TokenResult{
                .info = db_token,
                .value = token,
            };
        }
    };
}
Basic api server 2022-07-13 03:40:48 +00:00			`const std = @import("std");`
Use Uuids for id 2022-07-13 04:16:33 +00:00			`const util = @import("util");`
Basic api server 2022-07-13 03:40:48 +00:00
			`const db = @import("./db.zig");`

Move models to db subdir 2022-07-24 09:01:17 +00:00			`const models = @import("./db/models.zig");`
Track creation time for notes 2022-07-18 07:37:10 +00:00			`pub const DateTime = util.DateTime;`
Use Uuids for id 2022-07-13 04:16:33 +00:00			`pub const Uuid = util.Uuid;`
Basic api server 2022-07-13 03:40:48 +00:00
Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`const PwHash = std.crypto.pwhash.scrypt;`
			`const pw_hash_params = PwHash.Params.interactive;`
			`const pw_hash_encoding = .phc;`
			`const pw_hash_buf_size = 128;`

Issue tokens on login 2022-07-24 05:19:32 +00:00			`const token_len = 20;`
Verify incoming tokens 2022-07-25 00:04:44 +00:00			`const token_str_len = std.base64.standard.Encoder.calcSize(token_len);`
Issue tokens on login 2022-07-24 05:19:32 +00:00
Remove references to memdb 2022-07-16 18:44:46 +00:00			`// Frees an api struct and its fields allocated from alloc`
			`pub fn free(alloc: std.mem.Allocator, val: anytype) void {`
Fully implement api free() 2022-07-19 09:22:19 +00:00			`switch (@typeInfo(@TypeOf(val))) {`
			`.Pointer => \|ptr_info\| switch (ptr_info.size) {`
			`.One => {`
			`free(alloc, val.*);`
			`alloc.destroy(val);`
			`},`
			`.Slice => {`
			`for (val) \|elem\| free(alloc, elem);`
			`alloc.free(val);`
			`},`
			`else => unreachable,`
			`},`
			`.Struct => inline for (std.meta.fields(@TypeOf(val))) \|f\| free(alloc, @field(val, f.name)),`
			`.Array => for (val) \|elem\| free(alloc, elem),`
			`.Optional => if (val) \|opt\| free(alloc, opt),`
			`.Bool, .Int, .Float, .Enum => {},`
			`else => unreachable,`
Remove references to memdb 2022-07-16 18:44:46 +00:00			`}`
			`}`

Basic api server 2022-07-13 03:40:48 +00:00			`pub fn CreateInfo(comptime T: type) type {`
			`const t_fields = std.meta.fields(T);`
			`var fields: [t_fields.len - 1]std.builtin.Type.StructField = undefined;`
			`var count = 0;`

			`inline for (t_fields) \|f\| {`
			`if (std.mem.eql(u8, f.name, "id")) continue;`

			`fields[count] = f;`
			`count += 1;`
			`}`

			`return @Type(.{ .Struct = .{`
			`.layout = .Auto,`
			`.fields = &fields,`
			`.decls = &[0]std.builtin.Type.Declaration{},`
			`.is_tuple = false,`
			`} });`
			`}`

Use Uuids for id 2022-07-13 04:16:33 +00:00			`fn reify(comptime T: type, id: Uuid, val: CreateInfo(T)) T {`
Basic api server 2022-07-13 03:40:48 +00:00			`var result: T = undefined;`
			`result.id = id;`
			`inline for (std.meta.fields(CreateInfo(T))) \|f\| {`
			`@field(result, f.name) = @field(val, f.name);`
			`}`
			`return result;`
			`}`

Refactor api calls 2022-07-26 02:07:05 +00:00			`pub const NoteCreateInfo = struct {`
Collect author id from user context 2022-07-18 06:11:42 +00:00			`content: []const u8,`
			`};`

Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`pub const RegistrationInfo = struct {`
			`username: []const u8,`
			`password: []const u8,`
			`email: ?[]const u8,`
			`};`

Refactor api calls 2022-07-26 02:07:05 +00:00			`pub const LoginResult = struct {`
			`user_id: Uuid,`
			`token: [token_str_len]u8,`
			`issued_at: DateTime,`
			`};`

Use threadlocal prng 2022-07-25 00:18:25 +00:00			`threadlocal var prng: std.rand.DefaultPrng = undefined;`

			`pub fn initThreadPrng(seed: u64) void {`
			`prng = std.rand.DefaultPrng.init(seed +% std.Thread.getCurrentId());`
			`}`

Refactor api calls 2022-07-26 02:07:05 +00:00			`pub const ApiSource = struct {`
Store notes in SQLite 2022-07-15 07:27:27 +00:00			`db: db.Database,`
Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`internal_alloc: std.mem.Allocator,`
Basic sqlite adapter 2022-07-15 00:58:08 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`pub const Conn = ApiConn(db.Database);`

			`pub fn init(alloc: std.mem.Allocator) !ApiSource {`
			`return ApiSource{`
Store notes in SQLite 2022-07-15 07:27:27 +00:00			`.db = try db.Database.init(),`
Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`.internal_alloc = alloc,`
Basic api server 2022-07-13 03:40:48 +00:00			`};`
Create user contexts 2022-07-17 23:21:03 +00:00			`}`

Refactor api calls 2022-07-26 02:07:05 +00:00			`pub fn connectUnauthorized(self: *ApiSource, alloc: std.mem.Allocator) !Conn {`
			`return Conn{`
			`.db = self.db,`
			`.internal_alloc = self.internal_alloc,`
			`.as_user = null,`
			`.arena = std.heap.ArenaAllocator.init(alloc),`
			`};`
			`}`

			`pub fn connectToken(self: *ApiSource, token: []const u8, alloc: std.mem.Allocator) !Conn {`
Verify incoming tokens 2022-07-25 00:04:44 +00:00			`const decoded_len = std.base64.standard.Decoder.calcSizeForSlice(token) catch return error.InvalidToken;`
			`if (decoded_len != token_len) return error.InvalidToken;`
Create user contexts 2022-07-17 23:21:03 +00:00
Verify incoming tokens 2022-07-25 00:04:44 +00:00			`var decoded: [token_len]u8 = undefined;`
			`std.base64.standard.Decoder.decode(&decoded, token) catch return error.InvalidToken;`
Create user contexts 2022-07-17 23:21:03 +00:00
Verify incoming tokens 2022-07-25 00:04:44 +00:00			`var hash: models.ByteArray(models.Token.hash_len) = undefined;`
			`models.Token.HashFn.hash(&decoded, &hash.data, .{});`

Refactor api calls 2022-07-26 02:07:05 +00:00			`var arena = std.heap.ArenaAllocator.init(alloc);`
Verify incoming tokens 2022-07-25 00:04:44 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`const db_token = (try self.db.getBy(models.Token, .hash, hash, arena.allocator())) orelse return error.InvalidToken;`
Create user contexts 2022-07-17 23:21:03 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`return Conn{`
			`.db = self.db,`
			`.internal_alloc = self.internal_alloc,`
			`.as_user = db_token.user_id,`
			`.arena = arena,`
Create user contexts 2022-07-17 23:21:03 +00:00			`};`
Basic api server 2022-07-13 03:40:48 +00:00			`}`
Refactor api calls 2022-07-26 02:07:05 +00:00			`};`
Basic api server 2022-07-13 03:40:48 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`fn ApiConn(comptime DbConn: type) type {`
			`return struct {`
			`const Self = @This();`
Track creation time for notes 2022-07-18 07:37:10 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`db: DbConn,`
			`internal_alloc: std.mem.Allocator, // used only for large, internal buffers`
			`as_user: ?Uuid,`
			`arena: std.heap.ArenaAllocator,`
Collect author id from user context 2022-07-18 06:11:42 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`pub fn close(self: *Self) void {`
			`self.arena.deinit();`
			`}`
Collect author id from user context 2022-07-18 06:11:42 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`fn getAuthenticatedUser(self: *Self) !models.LocalUser {`
			`if (self.as_user) \|user_id\| {`
			`const local_user = try self.db.getBy(models.LocalUser, .id, user_id, self.arena.allocator());`
			`if (local_user == null) return error.UserNotFound;`
Check users for duplicates 2022-07-13 05:35:39 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`return local_user.?;`
			`} else {`
			`return error.NotAuthenticated;`
			`}`
Check user handle is available 2022-07-16 19:30:47 +00:00			`}`
Add users 2022-07-13 04:56:47 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`fn getAuthenticatedActor(self: *Self) !models.Actor {`
			`const user = try self.getAuthenticatedUser();`
			`if (user.actor_id) \|actor_id\| {`
			`const actor = try self.db.getBy(models.Actor, .id, actor_id, self.arena);`
			`return actor.?;`
			`} else {`
			`return error.NoActor;`
			`}`
Split users into actors and localusers 2022-07-22 04:19:08 +00:00			`}`

Refactor api calls 2022-07-26 02:07:05 +00:00			`pub fn createNote(self: *Self, info: NoteCreateInfo) !models.Note {`
			`const id = Uuid.randV4(prng.random());`
			`const user = try self.getAuthenticatedUser();`
Split users into actors and localusers 2022-07-22 04:19:08 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`const note = models.Note{`
			`.id = id,`
			`.author_id = user.actor_id orelse return error.NotAuthorized,`
			`.content = info.content,`
Split users into actors and localusers 2022-07-22 04:19:08 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`.created_at = DateTime.now(),`
			`};`
			`try self.db.insert(models.Note, note);`
Split users into actors and localusers 2022-07-22 04:19:08 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`return note;`
			`}`
Add users 2022-07-13 04:56:47 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`pub fn getNote(self: *Self, id: Uuid) !?models.Note {`
			`return self.db.getBy(models.Note, .id, id, self.arena.allocator());`
			`}`
Issue tokens on login 2022-07-24 05:19:32 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`pub fn getActor(self: *Self, id: Uuid) !?models.Actor {`
			`return self.db.getBy(models.Actor, .id, id, self.arena.allocator());`
			`}`
Verify incoming tokens 2022-07-25 00:04:44 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`pub fn getActorByHandle(self: *Self, handle: []const u8) !?models.Actor {`
			`return self.db.getBy(models.Actor, .handle, handle, self.arena.allocator());`
			`}`
Issue tokens on login 2022-07-24 05:19:32 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`pub fn react(self: *Self, note_id: Uuid) !void {`
			`const id = Uuid.randV4(prng.random());`
			`const user = try self.getAuthenticatedUser();`
			`try self.db.insert(models.Reaction, .{ .id = id, .note_id = note_id, .reactor_id = user.actor_id orelse return error.NotAuthorized, .created_at = DateTime.now() });`
			`}`
Issue tokens on login 2022-07-24 05:19:32 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`pub fn listReacts(self: *Self, note_id: Uuid) ![]models.Reaction {`
			`return try self.db.getWhereEq(models.Reaction, .note_id, note_id, self.arena.allocator());`
			`}`
Add users 2022-07-13 04:56:47 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`pub fn register(self: *Self, info: RegistrationInfo) !models.Actor {`
			`const actor_id = Uuid.randV4(prng.random());`
			`const user_id = Uuid.randV4(prng.random());`
			`// TODO: transaction?`

			`if (try self.db.existsWhereEq(models.LocalUser, .username, info.username)) {`
			`return error.UsernameUnavailable;`
			`}`

			`if (try self.db.existsWhereEq(models.Actor, .handle, info.username)) {`
			`return error.InconsistentDb;`
			`}`

			`// use internal alloc because necessary buffer is big`
			`var buf: [pw_hash_buf_size]u8 = undefined;`
			`const hash = try PwHash.strHash(info.password, .{ .allocator = self.internal_alloc, .params = pw_hash_params, .encoding = pw_hash_encoding }, &buf);`
			`const now = DateTime.now();`

			`const actor = models.Actor{`
			`.id = actor_id,`
			`.handle = info.username,`
			`.created_at = now,`
			`};`
			`const user = models.LocalUser{`
			`.id = user_id,`
			`.actor_id = actor_id,`
			`.username = info.username,`
			`.email = info.email,`
			`.hashed_password = hash,`
			`.password_changed_at = now,`
			`.created_at = now,`
			`};`
			`try self.db.insert(models.Actor, actor);`
			`try self.db.insert(models.LocalUser, user);`

			`// TODO: return token instead`
			`return actor;`
			`}`
Use sql api for users 2022-07-16 18:41:09 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`pub fn login(self: *Self, username: []const u8, password: []const u8) !LoginResult {`
			`// TODO: This gives away the existence of a user through a timing side channel. is that acceptable?`
			`const user_info = (try self.db.getBy(models.LocalUser, .username, username, self.arena.allocator())) orelse return error.InvalidLogin;`
			`//defer free(self.arena.allocator(), user_info);`
Basic reacts 2022-07-19 07:07:01 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`const Hash = std.crypto.pwhash.scrypt;`
			`Hash.strVerify(user_info.hashed_password, password, .{ .allocator = self.internal_alloc }) catch \|err\| switch (err) {`
			`error.PasswordVerificationFailed => return error.InvalidLogin,`
			`else => return err,`
			`};`
Basic password auth 2022-07-21 05:26:13 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`const token = try self.createToken(user_info);`
Basic reacts 2022-07-19 07:07:01 +00:00
Refactor api calls 2022-07-26 02:07:05 +00:00			`var token_enc: [token_str_len]u8 = undefined;`
			`_ = std.base64.standard.Encoder.encode(&token_enc, &token.value);`

			`return LoginResult{`
			`.user_id = user_info.id,`
			`.token = token_enc,`
			`.issued_at = token.info.issued_at,`
			`};`
			`}`

			`const TokenResult = struct {`
			`info: models.Token,`
			`value: [token_len]u8,`
			`};`
			`fn createToken(self: *Self, user: models.LocalUser) !TokenResult {`
			`var token: [token_len]u8 = undefined;`
			`std.crypto.random.bytes(&token);`

			`var hash: [models.Token.hash_len]u8 = undefined;`
			`models.Token.HashFn.hash(&token, &hash, .{});`

			`const db_token = models.Token{`
			`.id = Uuid.randV4(prng.random()),`
			`.hash = .{ .data = hash },`
			`.user_id = user.id,`
			`.issued_at = DateTime.now(),`
			`};`

			`try self.db.insert(models.Token, db_token);`
			`return TokenResult{`
			`.info = db_token,`
			`.value = token,`
			`};`
			`}`
			`};`
			`}`