From 3098313981d9db194c402f1a15ffab16473c61bd Mon Sep 17 00:00:00 2001 From: Marc 'risson' Schmitt Date: Mon, 13 Jan 2025 19:35:06 +0100 Subject: [PATCH] core: add indexes on ExpiringModel (#12658) --- ...authentik_c_expires_08251d_idx_and_more.py | 45 ++++++++++++ authentik/core/models.py | 10 ++- ...authentik_e_expires_3f2956_idx_and_more.py | 27 +++++++ authentik/enterprise/models.py | 1 + ...authentik_p_expires_91f148_idx_and_more.py | 28 ++++++++ authentik/enterprise/providers/rac/models.py | 1 + ...authentik_e_expires_8c73a8_idx_and_more.py | 41 +++++++++++ authentik/events/models.py | 3 +- ...authentik_p_expires_da493f_idx_and_more.py | 30 ++++++++ authentik/policies/reputation/models.py | 2 +- ...authentik_p_expires_9f24a5_idx_and_more.py | 72 +++++++++++++++++++ authentik/providers/oauth2/models.py | 6 +- ...authentik_s_expires_0e99e8_idx_and_more.py | 30 ++++++++ authentik/stages/consent/models.py | 1 + ...authentik_s_expires_96f4b8_idx_and_more.py | 30 ++++++++ authentik/stages/invitation/models.py | 1 + 16 files changed, 323 insertions(+), 5 deletions(-) create mode 100644 authentik/core/migrations/0042_authenticatedsession_authentik_c_expires_08251d_idx_and_more.py create mode 100644 authentik/enterprise/migrations/0004_licenseusage_authentik_e_expires_3f2956_idx_and_more.py create mode 100644 authentik/enterprise/providers/rac/migrations/0006_connectiontoken_authentik_p_expires_91f148_idx_and_more.py create mode 100644 authentik/events/migrations/0008_event_authentik_e_expires_8c73a8_idx_and_more.py create mode 100644 authentik/policies/reputation/migrations/0008_reputation_authentik_p_expires_da493f_idx_and_more.py create mode 100644 authentik/providers/oauth2/migrations/0027_accesstoken_authentik_p_expires_9f24a5_idx_and_more.py create mode 100644 authentik/stages/consent/migrations/0007_userconsent_authentik_s_expires_0e99e8_idx_and_more.py create mode 100644 authentik/stages/invitation/migrations/0009_invitation_authentik_s_expires_96f4b8_idx_and_more.py diff --git a/authentik/core/migrations/0042_authenticatedsession_authentik_c_expires_08251d_idx_and_more.py b/authentik/core/migrations/0042_authenticatedsession_authentik_c_expires_08251d_idx_and_more.py new file mode 100644 index 0000000000..ca93fba6cd --- /dev/null +++ b/authentik/core/migrations/0042_authenticatedsession_authentik_c_expires_08251d_idx_and_more.py @@ -0,0 +1,45 @@ +# Generated by Django 5.0.10 on 2025-01-13 18:05 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_core", "0041_applicationentitlement"), + ] + + operations = [ + migrations.AddIndex( + model_name="authenticatedsession", + index=models.Index(fields=["expires"], name="authentik_c_expires_08251d_idx"), + ), + migrations.AddIndex( + model_name="authenticatedsession", + index=models.Index(fields=["expiring"], name="authentik_c_expirin_9cd839_idx"), + ), + migrations.AddIndex( + model_name="authenticatedsession", + index=models.Index( + fields=["expiring", "expires"], name="authentik_c_expirin_195a84_idx" + ), + ), + migrations.AddIndex( + model_name="authenticatedsession", + index=models.Index(fields=["session_key"], name="authentik_c_session_d0f005_idx"), + ), + migrations.AddIndex( + model_name="token", + index=models.Index(fields=["expires"], name="authentik_c_expires_a62b4b_idx"), + ), + migrations.AddIndex( + model_name="token", + index=models.Index(fields=["expiring"], name="authentik_c_expirin_a1b838_idx"), + ), + migrations.AddIndex( + model_name="token", + index=models.Index( + fields=["expiring", "expires"], name="authentik_c_expirin_ba04d9_idx" + ), + ), + ] diff --git a/authentik/core/models.py b/authentik/core/models.py index 696bdf4bbd..cd98077a87 100644 --- a/authentik/core/models.py +++ b/authentik/core/models.py @@ -846,6 +846,11 @@ class ExpiringModel(models.Model): class Meta: abstract = True + indexes = [ + models.Index(fields=["expires"]), + models.Index(fields=["expiring"]), + models.Index(fields=["expiring", "expires"]), + ] def expire_action(self, *args, **kwargs): """Handler which is called when this object is expired. By @@ -901,7 +906,7 @@ class Token(SerializerModel, ManagedModel, ExpiringModel): class Meta: verbose_name = _("Token") verbose_name_plural = _("Tokens") - indexes = [ + indexes = ExpiringModel.Meta.indexes + [ models.Index(fields=["identifier"]), models.Index(fields=["key"]), ] @@ -1001,6 +1006,9 @@ class AuthenticatedSession(ExpiringModel): class Meta: verbose_name = _("Authenticated Session") verbose_name_plural = _("Authenticated Sessions") + indexes = ExpiringModel.Meta.indexes + [ + models.Index(fields=["session_key"]), + ] def __str__(self) -> str: return f"Authenticated Session {self.session_key[:10]}" diff --git a/authentik/enterprise/migrations/0004_licenseusage_authentik_e_expires_3f2956_idx_and_more.py b/authentik/enterprise/migrations/0004_licenseusage_authentik_e_expires_3f2956_idx_and_more.py new file mode 100644 index 0000000000..900c4daac8 --- /dev/null +++ b/authentik/enterprise/migrations/0004_licenseusage_authentik_e_expires_3f2956_idx_and_more.py @@ -0,0 +1,27 @@ +# Generated by Django 5.0.10 on 2025-01-13 18:05 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_enterprise", "0003_remove_licenseusage_within_limits_and_more"), + ] + + operations = [ + migrations.AddIndex( + model_name="licenseusage", + index=models.Index(fields=["expires"], name="authentik_e_expires_3f2956_idx"), + ), + migrations.AddIndex( + model_name="licenseusage", + index=models.Index(fields=["expiring"], name="authentik_e_expirin_11d3d7_idx"), + ), + migrations.AddIndex( + model_name="licenseusage", + index=models.Index( + fields=["expiring", "expires"], name="authentik_e_expirin_4d558f_idx" + ), + ), + ] diff --git a/authentik/enterprise/models.py b/authentik/enterprise/models.py index 3130e29eb9..2ef24311b8 100644 --- a/authentik/enterprise/models.py +++ b/authentik/enterprise/models.py @@ -93,3 +93,4 @@ class LicenseUsage(ExpiringModel): class Meta: verbose_name = _("License Usage") verbose_name_plural = _("License Usage Records") + indexes = ExpiringModel.Meta.indexes diff --git a/authentik/enterprise/providers/rac/migrations/0006_connectiontoken_authentik_p_expires_91f148_idx_and_more.py b/authentik/enterprise/providers/rac/migrations/0006_connectiontoken_authentik_p_expires_91f148_idx_and_more.py new file mode 100644 index 0000000000..0daa7328f7 --- /dev/null +++ b/authentik/enterprise/providers/rac/migrations/0006_connectiontoken_authentik_p_expires_91f148_idx_and_more.py @@ -0,0 +1,28 @@ +# Generated by Django 5.0.10 on 2025-01-13 18:05 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_core", "0042_authenticatedsession_authentik_c_expires_08251d_idx_and_more"), + ("authentik_providers_rac", "0005_alter_racpropertymapping_options"), + ] + + operations = [ + migrations.AddIndex( + model_name="connectiontoken", + index=models.Index(fields=["expires"], name="authentik_p_expires_91f148_idx"), + ), + migrations.AddIndex( + model_name="connectiontoken", + index=models.Index(fields=["expiring"], name="authentik_p_expirin_59a5a7_idx"), + ), + migrations.AddIndex( + model_name="connectiontoken", + index=models.Index( + fields=["expiring", "expires"], name="authentik_p_expirin_aed3ca_idx" + ), + ), + ] diff --git a/authentik/enterprise/providers/rac/models.py b/authentik/enterprise/providers/rac/models.py index ca54a55b04..5c93c08d1c 100644 --- a/authentik/enterprise/providers/rac/models.py +++ b/authentik/enterprise/providers/rac/models.py @@ -211,3 +211,4 @@ class ConnectionToken(ExpiringModel): class Meta: verbose_name = _("RAC Connection token") verbose_name_plural = _("RAC Connection tokens") + indexes = ExpiringModel.Meta.indexes diff --git a/authentik/events/migrations/0008_event_authentik_e_expires_8c73a8_idx_and_more.py b/authentik/events/migrations/0008_event_authentik_e_expires_8c73a8_idx_and_more.py new file mode 100644 index 0000000000..6828e00ba4 --- /dev/null +++ b/authentik/events/migrations/0008_event_authentik_e_expires_8c73a8_idx_and_more.py @@ -0,0 +1,41 @@ +# Generated by Django 5.0.10 on 2025-01-13 18:05 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_events", "0007_event_authentik_e_action_9a9dd9_idx_and_more"), + ] + + operations = [ + migrations.AddIndex( + model_name="event", + index=models.Index(fields=["expires"], name="authentik_e_expires_8c73a8_idx"), + ), + migrations.AddIndex( + model_name="event", + index=models.Index(fields=["expiring"], name="authentik_e_expirin_b5cb5e_idx"), + ), + migrations.AddIndex( + model_name="event", + index=models.Index( + fields=["expiring", "expires"], name="authentik_e_expirin_e37180_idx" + ), + ), + migrations.AddIndex( + model_name="systemtask", + index=models.Index(fields=["expires"], name="authentik_e_expires_4d3985_idx"), + ), + migrations.AddIndex( + model_name="systemtask", + index=models.Index(fields=["expiring"], name="authentik_e_expirin_81d649_idx"), + ), + migrations.AddIndex( + model_name="systemtask", + index=models.Index( + fields=["expiring", "expires"], name="authentik_e_expirin_eb3598_idx" + ), + ), + ] diff --git a/authentik/events/models.py b/authentik/events/models.py index 1a21462b2d..e7e0256e81 100644 --- a/authentik/events/models.py +++ b/authentik/events/models.py @@ -306,7 +306,7 @@ class Event(SerializerModel, ExpiringModel): class Meta: verbose_name = _("Event") verbose_name_plural = _("Events") - indexes = [ + indexes = ExpiringModel.Meta.indexes + [ models.Index(fields=["action"]), models.Index(fields=["user"]), models.Index(fields=["app"]), @@ -694,3 +694,4 @@ class SystemTask(SerializerModel, ExpiringModel): permissions = [("run_task", _("Run task"))] verbose_name = _("System Task") verbose_name_plural = _("System Tasks") + indexes = ExpiringModel.Meta.indexes diff --git a/authentik/policies/reputation/migrations/0008_reputation_authentik_p_expires_da493f_idx_and_more.py b/authentik/policies/reputation/migrations/0008_reputation_authentik_p_expires_da493f_idx_and_more.py new file mode 100644 index 0000000000..6b836ec667 --- /dev/null +++ b/authentik/policies/reputation/migrations/0008_reputation_authentik_p_expires_da493f_idx_and_more.py @@ -0,0 +1,30 @@ +# Generated by Django 5.0.10 on 2025-01-13 18:05 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ( + "authentik_policies_reputation", + "0007_reputation_authentik_p_identif_9434d7_idx_and_more", + ), + ] + + operations = [ + migrations.AddIndex( + model_name="reputation", + index=models.Index(fields=["expires"], name="authentik_p_expires_da493f_idx"), + ), + migrations.AddIndex( + model_name="reputation", + index=models.Index(fields=["expiring"], name="authentik_p_expirin_2ab34f_idx"), + ), + migrations.AddIndex( + model_name="reputation", + index=models.Index( + fields=["expiring", "expires"], name="authentik_p_expirin_2a8ec7_idx" + ), + ), + ] diff --git a/authentik/policies/reputation/models.py b/authentik/policies/reputation/models.py index c3c7ab1ebf..cea4d79162 100644 --- a/authentik/policies/reputation/models.py +++ b/authentik/policies/reputation/models.py @@ -96,7 +96,7 @@ class Reputation(ExpiringModel, SerializerModel): verbose_name = _("Reputation Score") verbose_name_plural = _("Reputation Scores") unique_together = ("identifier", "ip") - indexes = [ + indexes = ExpiringModel.Meta.indexes + [ models.Index(fields=["identifier"]), models.Index(fields=["ip"]), models.Index(fields=["ip", "identifier"]), diff --git a/authentik/providers/oauth2/migrations/0027_accesstoken_authentik_p_expires_9f24a5_idx_and_more.py b/authentik/providers/oauth2/migrations/0027_accesstoken_authentik_p_expires_9f24a5_idx_and_more.py new file mode 100644 index 0000000000..d287cf34ce --- /dev/null +++ b/authentik/providers/oauth2/migrations/0027_accesstoken_authentik_p_expires_9f24a5_idx_and_more.py @@ -0,0 +1,72 @@ +# Generated by Django 5.0.10 on 2025-01-13 18:05 + +from django.conf import settings +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_core", "0042_authenticatedsession_authentik_c_expires_08251d_idx_and_more"), + ("authentik_providers_oauth2", "0026_alter_accesstoken_session_and_more"), + migrations.swappable_dependency(settings.AUTH_USER_MODEL), + ] + + operations = [ + migrations.AddIndex( + model_name="accesstoken", + index=models.Index(fields=["expires"], name="authentik_p_expires_9f24a5_idx"), + ), + migrations.AddIndex( + model_name="accesstoken", + index=models.Index(fields=["expiring"], name="authentik_p_expirin_2d9205_idx"), + ), + migrations.AddIndex( + model_name="accesstoken", + index=models.Index( + fields=["expiring", "expires"], name="authentik_p_expirin_c74005_idx" + ), + ), + migrations.AddIndex( + model_name="authorizationcode", + index=models.Index(fields=["expires"], name="authentik_p_expires_f594b2_idx"), + ), + migrations.AddIndex( + model_name="authorizationcode", + index=models.Index(fields=["expiring"], name="authentik_p_expirin_6a5e2c_idx"), + ), + migrations.AddIndex( + model_name="authorizationcode", + index=models.Index( + fields=["expiring", "expires"], name="authentik_p_expirin_c0f353_idx" + ), + ), + migrations.AddIndex( + model_name="devicetoken", + index=models.Index(fields=["expires"], name="authentik_p_expires_961437_idx"), + ), + migrations.AddIndex( + model_name="devicetoken", + index=models.Index(fields=["expiring"], name="authentik_p_expirin_4fd278_idx"), + ), + migrations.AddIndex( + model_name="devicetoken", + index=models.Index( + fields=["expiring", "expires"], name="authentik_p_expirin_cd6b1c_idx" + ), + ), + migrations.AddIndex( + model_name="refreshtoken", + index=models.Index(fields=["expires"], name="authentik_p_expires_c479a7_idx"), + ), + migrations.AddIndex( + model_name="refreshtoken", + index=models.Index(fields=["expiring"], name="authentik_p_expirin_d4d17f_idx"), + ), + migrations.AddIndex( + model_name="refreshtoken", + index=models.Index( + fields=["expiring", "expires"], name="authentik_p_expirin_acb4a5_idx" + ), + ), + ] diff --git a/authentik/providers/oauth2/models.py b/authentik/providers/oauth2/models.py index e075d513bc..0a06d8bf16 100644 --- a/authentik/providers/oauth2/models.py +++ b/authentik/providers/oauth2/models.py @@ -425,6 +425,7 @@ class AuthorizationCode(SerializerModel, ExpiringModel, BaseGrantModel): class Meta: verbose_name = _("Authorization Code") verbose_name_plural = _("Authorization Codes") + indexes = ExpiringModel.Meta.indexes def __str__(self): return f"Authorization code for {self.provider_id} for user {self.user_id}" @@ -453,7 +454,7 @@ class AccessToken(SerializerModel, ExpiringModel, BaseGrantModel): _id_token = models.TextField() class Meta: - indexes = [ + indexes = ExpiringModel.Meta.indexes + [ HashIndex(fields=["token"]), ] verbose_name = _("OAuth2 Access Token") @@ -504,7 +505,7 @@ class RefreshToken(SerializerModel, ExpiringModel, BaseGrantModel): ) class Meta: - indexes = [ + indexes = ExpiringModel.Meta.indexes + [ HashIndex(fields=["token"]), ] verbose_name = _("OAuth2 Refresh Token") @@ -556,6 +557,7 @@ class DeviceToken(ExpiringModel): class Meta: verbose_name = _("Device Token") verbose_name_plural = _("Device Tokens") + indexes = ExpiringModel.Meta.indexes def __str__(self): return f"Device Token for {self.provider_id}" diff --git a/authentik/stages/consent/migrations/0007_userconsent_authentik_s_expires_0e99e8_idx_and_more.py b/authentik/stages/consent/migrations/0007_userconsent_authentik_s_expires_0e99e8_idx_and_more.py new file mode 100644 index 0000000000..2885737def --- /dev/null +++ b/authentik/stages/consent/migrations/0007_userconsent_authentik_s_expires_0e99e8_idx_and_more.py @@ -0,0 +1,30 @@ +# Generated by Django 5.0.10 on 2025-01-13 18:05 + +from django.conf import settings +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_core", "0042_authenticatedsession_authentik_c_expires_08251d_idx_and_more"), + ("authentik_stages_consent", "0006_alter_userconsent_expires"), + migrations.swappable_dependency(settings.AUTH_USER_MODEL), + ] + + operations = [ + migrations.AddIndex( + model_name="userconsent", + index=models.Index(fields=["expires"], name="authentik_s_expires_0e99e8_idx"), + ), + migrations.AddIndex( + model_name="userconsent", + index=models.Index(fields=["expiring"], name="authentik_s_expirin_8f51e5_idx"), + ), + migrations.AddIndex( + model_name="userconsent", + index=models.Index( + fields=["expiring", "expires"], name="authentik_s_expirin_e50090_idx" + ), + ), + ] diff --git a/authentik/stages/consent/models.py b/authentik/stages/consent/models.py index b180082e60..230a6550ce 100644 --- a/authentik/stages/consent/models.py +++ b/authentik/stages/consent/models.py @@ -71,3 +71,4 @@ class UserConsent(SerializerModel, ExpiringModel): unique_together = (("user", "application", "permissions"),) verbose_name = _("User Consent") verbose_name_plural = _("User Consents") + indexes = ExpiringModel.Meta.indexes diff --git a/authentik/stages/invitation/migrations/0009_invitation_authentik_s_expires_96f4b8_idx_and_more.py b/authentik/stages/invitation/migrations/0009_invitation_authentik_s_expires_96f4b8_idx_and_more.py new file mode 100644 index 0000000000..d027301f9f --- /dev/null +++ b/authentik/stages/invitation/migrations/0009_invitation_authentik_s_expires_96f4b8_idx_and_more.py @@ -0,0 +1,30 @@ +# Generated by Django 5.0.10 on 2025-01-13 18:05 + +from django.conf import settings +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_flows", "0027_auto_20231028_1424"), + ("authentik_stages_invitation", "0008_alter_invitation_expires"), + migrations.swappable_dependency(settings.AUTH_USER_MODEL), + ] + + operations = [ + migrations.AddIndex( + model_name="invitation", + index=models.Index(fields=["expires"], name="authentik_s_expires_96f4b8_idx"), + ), + migrations.AddIndex( + model_name="invitation", + index=models.Index(fields=["expiring"], name="authentik_s_expirin_4f8f35_idx"), + ), + migrations.AddIndex( + model_name="invitation", + index=models.Index( + fields=["expiring", "expires"], name="authentik_s_expirin_4f8096_idx" + ), + ), + ] diff --git a/authentik/stages/invitation/models.py b/authentik/stages/invitation/models.py index b1ead478f5..738dc66405 100644 --- a/authentik/stages/invitation/models.py +++ b/authentik/stages/invitation/models.py @@ -84,3 +84,4 @@ class Invitation(SerializerModel, ExpiringModel): class Meta: verbose_name = _("Invitation") verbose_name_plural = _("Invitations") + indexes = ExpiringModel.Meta.indexes