Avoid Native Queries

[overheadhunter]

Fixes #222 by reverting native queries back to @NamedQuery.

AccessToken

The unlock @NamedQuery avoids any join on User:

SELECT token
FROM AccessToken token
INNER JOIN EffectiveVaultAccess perm ON token.id.vaultId = perm.id.vaultId AND token.id.userId = perm.id.authorityId
WHERE token.id.vaultId = :vaultId AND token.id.userId = :userId

Hibernate translates this to the following:

    select
        a1_0."user_id",
        a1_0."vault_id",
        a1_0."vault_masterkey" 
    from
        "access_token" a1_0 
    join
        "effective_vault_access" e1_0 
            on a1_0."vault_id"=e1_0."vault_id" 
            and a1_0."user_id"=e1_0."authority_id" 
    where
        a1_0."vault_id"=? 
        and a1_0."user_id"=? fetch first ? rows only

LegacyAccessToken

This is the @NamedQuery:

SELECT token
FROM LegacyAccessToken token
INNER JOIN LegacyDevice device ON device.id = token.id.deviceId
INNER JOIN EffectiveVaultAccess perm ON token.id.vaultId = perm.id.vaultId AND device.ownerId = perm.id.authorityId
WHERE token.id.vaultId = :vaultId AND token.id.deviceId = :deviceId AND device.ownerId = :userId

Hibernate translates this to the following:

    select
        l1_0."device_id",
        l1_0."vault_id",
        l1_0."jwe" 
    from
        "access_token_legacy" l1_0 
    join
        "device_legacy" l2_0 
            on l2_0."id"=l1_0."device_id" 
    join
        "effective_vault_access" e1_0 
            on l1_0."vault_id"=e1_0."vault_id" 
            and l2_0."owner_id"=e1_0."authority_id" 
    where
        l1_0."vault_id"=? 
        and l1_0."device_id"=? 
        and l2_0."owner_id"=?

Summary by CodeRabbit

• Refactor
  • Updated access token retrieval to use a named query for improved maintainability.
  • Transitioned from native SQL to JPQL in LegacyAccessToken to enhance database compatibility.
• New Features
  • Introduced an ownerId field to LegacyDevice for better ownership tracking.

[coderabbitai]

Walkthrough

The recent updates involve modifying the AccessToken and LegacyAccessToken classes to favor JPQL over native SQL queries and introducing a new field in the LegacyDevice class. These changes aim to enhance maintainability and compatibility with Hibernate ORM, addressing concerns related to the use of native SQL for unlocking mechanisms and ensuring that the refactored access management system is robust before its release.

Changes

File Path	Change Summary
.../entities/AccessToken.java	Added a JPQL named query for retrieving access tokens and updated the unlock method.
.../entities/LegacyAccessToken.java	Replaced @NamedNativeQuery with @NamedQuery using JPQL syntax.
.../entities/LegacyDevice.java	Added a new ownerId field of type String.

Assessment against linked issues

Objective	Addressed	Explanation
Revert the specific commit affecting native unlock calls before shipping the refactored access management (#222)	✅
Avoid downgrading Quarkus or Hibernate ORM due to compatibility issues (#222)	✅
Ensure the changes align with Hibernate ORM's anticipated versions (#222)	✅

Poem

In the realm of code, where bugs often hop,
A rabbit worked hard, making changes non-stop.
With JPQL in place, and SQL aside,
🐇💻 Celebrates the release, with joy and pride.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit-tests for this file.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit tests for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository from git and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit tests.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

[coderabbitai]

Review Status

Actionable comments generated: 1

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 3dc07d3 and 9786f95.

Files selected for processing (3)

• backend/src/main/java/org/cryptomator/hub/entities/AccessToken.java (2 hunks)
• backend/src/main/java/org/cryptomator/hub/entities/LegacyAccessToken.java (2 hunks)
• backend/src/main/java/org/cryptomator/hub/entities/LegacyDevice.java (1 hunks)

Additional comments: 3

backend/src/main/java/org/cryptomator/hub/entities/AccessToken.java (2)

• 23-28: The JPQL query in the @NamedQuery annotation for AccessToken.get correctly replaces the native SQL query, aligning with the PR's objectives. Ensure that the join conditions and where clause accurately reflect the intended logic for access token retrieval. Additionally, validate the query's performance, especially considering the joins, to ensure it meets the application's scalability and efficiency requirements.
• 50-50: The update to the unlock method to use the new AccessToken.get named query is a direct application of the PR's objectives. Ensure that all usages of this method have been tested with the new JPQL query to confirm that the functionality remains consistent with the previous native SQL implementation.

backend/src/main/java/org/cryptomator/hub/entities/LegacyAccessToken.java (1)

• 19-31: The transition from native SQL to JPQL in the @NamedQuery annotations for LegacyAccessToken.get and LegacyAccessToken.getByDevice is in line with the PR's goals. It's crucial to ensure that the JPQL syntax is correct and that the queries accurately represent the intended data retrieval logic. Pay special attention to the join conditions and where clauses to confirm they match the application's requirements. Additionally, consider the impact of these changes on performance and test accordingly.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 9786f95 and b1161ae.

Files selected for processing (1)

• backend/src/main/java/org/cryptomator/hub/entities/LegacyDevice.java (1 hunks)

Files skipped from review as they are similar to previous changes (1)

• backend/src/main/java/org/cryptomator/hub/entities/LegacyDevice.java

[SailReal]

LGTM, nice improvement and thanks for fixing :)