ENGINE: Adjusted Persistent Assets

2025-12-16 12:05:48 -07:00 · 2025-10-29 19:33:28 -06:00
parent 99e7e914ba
commit e68b52ef5a
12 changed files with 496 additions and 12 deletions
--- a/Data/Server/Modules/admin/routes.py
+++ b/Data/Server/Modules/admin/routes.py
@@ -195,7 +195,8 @@ def register(
            cur = conn.cursor()
            created_by = _lookup_user_id(cur, username) or username or "system"
            code_value = _generate_install_code()
-            expires_at = _now() + timedelta(hours=ttl_hours)
+            issued_at = _now()
+            expires_at = issued_at + timedelta(hours=ttl_hours)
            record_id = str(uuid.uuid4())
            cur.execute(
                """
@@ -206,6 +207,40 @@ def register(
                """,
                (record_id, code_value, _iso(expires_at), created_by, max_uses),
            )
+            cur.execute(
+                """
+                INSERT INTO enrollment_install_codes_persistent (
+                    id,
+                    code,
+                    created_at,
+                    expires_at,
+                    created_by_user_id,
+                    used_at,
+                    used_by_guid,
+                    max_uses,
+                    last_known_use_count,
+                    last_used_at,
+                    is_active,
+                    archived_at,
+                    consumed_at
+                )
+                VALUES (?, ?, ?, ?, ?, NULL, NULL, ?, 0, NULL, 1, NULL, NULL)
+                ON CONFLICT(id) DO UPDATE
+                      SET code = excluded.code,
+                          created_at = excluded.created_at,
+                          expires_at = excluded.expires_at,
+                          created_by_user_id = excluded.created_by_user_id,
+                          max_uses = excluded.max_uses,
+                          last_known_use_count = 0,
+                          used_at = NULL,
+                          used_by_guid = NULL,
+                          last_used_at = NULL,
+                          is_active = 1,
+                          archived_at = NULL,
+                          consumed_at = NULL
+                """,
+                (record_id, code_value, _iso(issued_at), _iso(expires_at), created_by, max_uses),
+            )
            conn.commit()
        finally:
            conn.close()
@@ -235,6 +270,17 @@ def register(
                (code_id,),
            )
            deleted = cur.rowcount
+            if deleted:
+                archive_ts = _iso(_now())
+                cur.execute(
+                    """
+                    UPDATE enrollment_install_codes_persistent
+                       SET is_active = 0,
+                           archived_at = COALESCE(archived_at, ?)
+                     WHERE id = ?
+                    """,
+                    (archive_ts, code_id),
+                )
            conn.commit()
        finally:
            conn.close()
--- a/Data/Server/Modules/db_migrations.py
+++ b/Data/Server/Modules/db_migrations.py
@@ -27,6 +27,7 @@ def apply_all(conn: sqlite3.Connection) -> None:
    _ensure_device_aux_tables(conn)
    _ensure_refresh_token_table(conn)
    _ensure_install_code_table(conn)
+    _ensure_install_code_persistence_table(conn)
    _ensure_device_approval_table(conn)

    conn.commit()
@@ -190,6 +191,92 @@ def _ensure_install_code_table(conn: sqlite3.Connection) -> None:
        )


+def _ensure_install_code_persistence_table(conn: sqlite3.Connection) -> None:
+    cur = conn.cursor()
+    cur.execute(
+        """
+        CREATE TABLE IF NOT EXISTS enrollment_install_codes_persistent (
+            id TEXT PRIMARY KEY,
+            code TEXT NOT NULL UNIQUE,
+            created_at TEXT NOT NULL,
+            expires_at TEXT NOT NULL,
+            created_by_user_id TEXT,
+            used_at TEXT,
+            used_by_guid TEXT,
+            max_uses INTEGER NOT NULL DEFAULT 1,
+            last_known_use_count INTEGER NOT NULL DEFAULT 0,
+            last_used_at TEXT,
+            is_active INTEGER NOT NULL DEFAULT 1,
+            archived_at TEXT,
+            consumed_at TEXT
+        )
+        """
+    )
+    cur.execute(
+        """
+        CREATE INDEX IF NOT EXISTS idx_eicp_active
+            ON enrollment_install_codes_persistent(is_active, expires_at)
+        """
+    )
+    cur.execute(
+        """
+        CREATE UNIQUE INDEX IF NOT EXISTS uq_eicp_code
+            ON enrollment_install_codes_persistent(code)
+        """
+    )
+
+    columns = {row[1] for row in _table_info(cur, "enrollment_install_codes_persistent")}
+    if "last_known_use_count" not in columns:
+        cur.execute(
+            """
+            ALTER TABLE enrollment_install_codes_persistent
+                ADD COLUMN last_known_use_count INTEGER NOT NULL DEFAULT 0
+            """
+        )
+    if "archived_at" not in columns:
+        cur.execute(
+            """
+            ALTER TABLE enrollment_install_codes_persistent
+                ADD COLUMN archived_at TEXT
+            """
+        )
+    if "consumed_at" not in columns:
+        cur.execute(
+            """
+            ALTER TABLE enrollment_install_codes_persistent
+                ADD COLUMN consumed_at TEXT
+            """
+        )
+    if "is_active" not in columns:
+        cur.execute(
+            """
+            ALTER TABLE enrollment_install_codes_persistent
+                ADD COLUMN is_active INTEGER NOT NULL DEFAULT 1
+            """
+        )
+    if "used_at" not in columns:
+        cur.execute(
+            """
+            ALTER TABLE enrollment_install_codes_persistent
+                ADD COLUMN used_at TEXT
+            """
+        )
+    if "used_by_guid" not in columns:
+        cur.execute(
+            """
+            ALTER TABLE enrollment_install_codes_persistent
+                ADD COLUMN used_by_guid TEXT
+            """
+        )
+    if "last_used_at" not in columns:
+        cur.execute(
+            """
+            ALTER TABLE enrollment_install_codes_persistent
+                ADD COLUMN last_used_at TEXT
+            """
+        )
+
+
 def _ensure_device_approval_table(conn: sqlite3.Connection) -> None:
    cur = conn.cursor()
    cur.execute(
--- a/Data/Server/Modules/enrollment/routes.py
+++ b/Data/Server/Modules/enrollment/routes.py
@@ -671,6 +671,32 @@ def register(
                        enrollment_code_id,
                    ),
                )
+                cur.execute(
+                    """
+                    UPDATE enrollment_install_codes_persistent
+                       SET last_known_use_count = ?,
+                           used_by_guid = ?,
+                           last_used_at = ?,
+                           used_at = CASE WHEN ? THEN ? ELSE used_at END,
+                           is_active = CASE WHEN ? THEN 0 ELSE is_active END,
+                           consumed_at = CASE WHEN ? THEN COALESCE(consumed_at, ?) ELSE consumed_at END,
+                           archived_at = CASE WHEN ? THEN COALESCE(archived_at, ?) ELSE archived_at END
+                     WHERE id = ?
+                    """,
+                    (
+                        new_count,
+                        effective_guid,
+                        now_iso,
+                        1 if consumed else 0,
+                        now_iso,
+                        1 if consumed else 0,
+                        1 if consumed else 0,
+                        now_iso,
+                        1 if consumed else 0,
+                        now_iso,
+                        enrollment_code_id,
+                    ),
+                )

            # Update approval record with final state
            cur.execute(
--- a/Data/Server/Modules/jobs/prune.py
+++ b/Data/Server/Modules/jobs/prune.py
@@ -1,7 +1,7 @@
 from __future__ import annotations

 from datetime import datetime, timedelta, timezone
-from typing import Callable, Optional
+from typing import Callable, List, Optional

 import eventlet
 from flask_socketio import SocketIO
@@ -31,6 +31,27 @@ def _run_once(db_conn_factory: Callable[[], any], log: Callable[[str, str, Optio
    conn = db_conn_factory()
    try:
        cur = conn.cursor()
+        persistent_table_exists = False
+        try:
+            cur.execute(
+                "SELECT 1 FROM sqlite_master WHERE type='table' AND name='enrollment_install_codes_persistent'"
+            )
+            persistent_table_exists = cur.fetchone() is not None
+        except Exception:
+            persistent_table_exists = False
+
+        expired_ids: List[str] = []
+        if persistent_table_exists:
+            cur.execute(
+                """
+                SELECT id
+                  FROM enrollment_install_codes
+                 WHERE use_count = 0
+                   AND expires_at < ?
+                """,
+                (now_iso,),
+            )
+            expired_ids = [str(row[0]) for row in cur.fetchall() if row and row[0]]
        cur.execute(
            """
            DELETE FROM enrollment_install_codes
@@ -40,6 +61,21 @@ def _run_once(db_conn_factory: Callable[[], any], log: Callable[[str, str, Optio
            (now_iso,),
        )
        codes_pruned = cur.rowcount or 0
+        if expired_ids:
+            placeholders = ",".join("?" for _ in expired_ids)
+            try:
+                cur.execute(
+                    f"""
+                    UPDATE enrollment_install_codes_persistent
+                       SET is_active = 0,
+                           archived_at = COALESCE(archived_at, ?)
+                     WHERE id IN ({placeholders})
+                    """,
+                    (now_iso, *expired_ids),
+                )
+            except Exception:
+                # Best-effort archival; continue if the persistence table is absent.
+                pass

        cur.execute(
            """