mnm-store 0.2.0

Postgres + pgvector storage layer for midnight-manual (sqlx-backed).
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166

//! `rate_limit_override` entity queries.
//!
//! The `cidr` column uses the Postgres `cidr` type, which the workspace's sqlx
//! build cannot decode natively (the `ipnetwork` feature is intentionally
//! off). Every query therefore casts `cidr::text` on the way out and binds the
//! input as text on the way in. Inserts wrap the bind in `network($1::inet)`
//! rather than `$1::cidr`: the `cidr` type rejects any address with host bits
//! set to the right of the prefix (e.g. `169.155.237.15/25`), whereas
//! `network(inet)` masks those bits off and yields the canonical block
//! (`169.155.237.0/25`) — the correct semantics for a per-block override.

use mnm_core::types::RateLimitOverride;
use sqlx::PgPool;
use time::OffsetDateTime;
use uuid::Uuid;

use crate::error::{Result, StoreError};

/// `SELECT` column list shared by every read, with `cidr` rendered as text.
const COLS: &str = "id, cidr::text AS cidr, limit_rps, expires_at, note, created_by, created_at";

/// Insert a new override, returning the freshly-stored row.
///
/// `cidr` is masked to its network address (host bits dropped). Callers should
/// validate the string is a well-formed `addr/prefix` first so malformed input
/// becomes a clean caller error rather than a database error.
///
/// # Errors
///
/// Returns [`StoreError::CheckViolation`] if `limit_rps <= 0`, or
/// [`StoreError::Database`] if `cidr` is not a parseable network address.
pub async fn insert(
    pool: &PgPool,
    cidr: &str,
    limit_rps: i32,
    expires_at: OffsetDateTime,
    note: Option<&str>,
    created_by: &str,
) -> Result<RateLimitOverride> {
    let row = sqlx::query_as::<_, OverrideRow>(
        "INSERT INTO rate_limit_override (cidr, limit_rps, expires_at, note, created_by) \
         VALUES (network($1::inet), $2, $3, $4, $5) \
         RETURNING id, cidr::text AS cidr, limit_rps, expires_at, note, created_by, created_at",
    )
    .bind(cidr)
    .bind(limit_rps)
    .bind(expires_at)
    .bind(note)
    .bind(created_by)
    .fetch_one(pool)
    .await?;
    Ok(row.into())
}

/// List overrides that are still in effect (`expires_at > now()`), newest
/// first.
///
/// # Errors
///
/// Returns [`StoreError::Database`] on driver failure.
pub async fn list_active(pool: &PgPool) -> Result<Vec<RateLimitOverride>> {
    let rows = sqlx::query_as::<_, OverrideRow>(&format!(
        "SELECT {COLS} FROM rate_limit_override \
         WHERE expires_at > now() ORDER BY created_at DESC"
    ))
    .fetch_all(pool)
    .await?;
    Ok(rows.into_iter().map(Into::into).collect())
}

/// Fetch one override by id.
///
/// # Errors
///
/// Returns [`StoreError::NotFound`] if `id` does not exist.
pub async fn get_by_id(pool: &PgPool, id: Uuid) -> Result<RateLimitOverride> {
    let row = sqlx::query_as::<_, OverrideRow>(&format!(
        "SELECT {COLS} FROM rate_limit_override WHERE id = $1"
    ))
    .bind(id)
    .fetch_one(pool)
    .await?;
    Ok(row.into())
}

/// Sparse patch applied by [`update`] — `Some(value)` updates the column,
/// `None` leaves it untouched.
#[derive(Debug, Default, Clone)]
pub struct RateLimitPatch {
    /// New expiry, when set.
    pub expires_at: Option<OffsetDateTime>,
    /// New requests-per-second ceiling, when set.
    pub limit_rps: Option<i32>,
    /// New operator note, when set.
    pub note: Option<String>,
}

/// Apply a sparse patch to one override by id, returning the updated row.
///
/// Uses `COALESCE` per column so a single `UPDATE ... RETURNING` covers every
/// patch shape — no dynamic SQL.
///
/// # Errors
///
/// Returns [`StoreError::NotFound`] if `id` is unknown, or
/// [`StoreError::CheckViolation`] if the patched `limit_rps` is non-positive.
pub async fn update(pool: &PgPool, id: Uuid, patch: RateLimitPatch) -> Result<RateLimitOverride> {
    let row = sqlx::query_as::<_, OverrideRow>(
        "UPDATE rate_limit_override SET \
            expires_at = COALESCE($2, expires_at), \
            limit_rps = COALESCE($3, limit_rps), \
            note = COALESCE($4, note) \
         WHERE id = $1 \
         RETURNING id, cidr::text AS cidr, limit_rps, expires_at, note, created_by, created_at",
    )
    .bind(id)
    .bind(patch.expires_at)
    .bind(patch.limit_rps)
    .bind(patch.note)
    .fetch_optional(pool)
    .await?;
    row.map_or(Err(StoreError::NotFound), |r| Ok(r.into()))
}

/// Hard-delete one override by id, returning the row that was removed.
///
/// These are operational rows, not user content, so there is no soft-delete.
///
/// # Errors
///
/// Returns [`StoreError::NotFound`] if `id` does not exist.
pub async fn delete(pool: &PgPool, id: Uuid) -> Result<RateLimitOverride> {
    let row = sqlx::query_as::<_, OverrideRow>(
        "DELETE FROM rate_limit_override WHERE id = $1 \
         RETURNING id, cidr::text AS cidr, limit_rps, expires_at, note, created_by, created_at",
    )
    .bind(id)
    .fetch_optional(pool)
    .await?;
    row.map_or(Err(StoreError::NotFound), |r| Ok(r.into()))
}

#[derive(sqlx::FromRow)]
struct OverrideRow {
    id: Uuid,
    cidr: String,
    limit_rps: i32,
    expires_at: OffsetDateTime,
    note: Option<String>,
    created_by: String,
    created_at: OffsetDateTime,
}

impl From<OverrideRow> for RateLimitOverride {
    fn from(r: OverrideRow) -> Self {
        Self {
            id: r.id,
            cidr: r.cidr,
            limit_rps: r.limit_rps,
            expires_at: r.expires_at,
            note: r.note,
            created_by: r.created_by,
            created_at: r.created_at,
        }
    }
}