Unit tests, integration testing, and code cleanup for oauth support. Part of T705.

5 years ago · bf3b6a5ba0
parent 7a0863f71b
commit bf3b6a5ba0
13 changed files with 777 additions and 52 deletions
--- a/database.go
+++ b/database.go
@ -128,6 +128,11 @@ type writestore interface {
 	GetUserLastPostTime(id int64) (*time.Time, error)
 	GetCollectionLastPostTime(id int64) (*time.Time, error)

+	GetIDForRemoteUser(ctx context.Context, remoteUserID int64) (int64, error)
+	RecordRemoteUserID(ctx context.Context, localUserID, remoteUserID int64) error
+	ValidateOAuthState(ctx context.Context, state string) error
+	GenerateOAuthState(ctx context.Context) (string, error)
+
 	DatabaseInitialized() bool
 }

@ -2489,7 +2494,7 @@ func (db *datastore) RecordRemoteUserID(ctx context.Context, localUserID, remote
 	if db.driverName == driverSQLite {
 		_, err = db.ExecContext(ctx, "INSERT OR REPLACE INTO users_oauth (user_id, remote_user_id) VALUES (?, ?)", localUserID, remoteUserID)
 	} else {
-		_, err = db.ExecContext(ctx, "INSERT INTO users_oauth (user_id, remote_user_id) VALUES (?, ?) "+db.upsert("user_id"), localUserID, remoteUserID)
+		_, err = db.ExecContext(ctx, "INSERT INTO users_oauth (user_id, remote_user_id) VALUES (?, ?) "+db.upsert("user_id") + " user_id = ?", localUserID, remoteUserID, localUserID)
 	}
 	if err != nil {
 		log.Error("Unable to INSERT users_oauth for '%d': %v", localUserID, err)
--- a/database_test.go
+++ b/database_test.go
@ -0,0 +1,43 @@
+package writefreely
+
+import (
+	"context"
+	"database/sql"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestOAuthDatastore(t *testing.T) {
+	if !runMySQLTests() {
+		t.Skip("skipping mysql tests")
+	}
+	withTestDB(t, func(db *sql.DB) {
+		ctx := context.Background()
+		ds := &datastore{
+			DB:         db,
+			driverName: "",
+		}
+
+		state, err := ds.GenerateOAuthState(ctx)
+		assert.NoError(t, err)
+		assert.Len(t, state, 24)
+
+		countRows(t, ctx, db, 1, "SELECT COUNT(*) FROM `oauth_client_state` WHERE `state` = ? AND `used` = false", state)
+
+		err = ds.ValidateOAuthState(ctx, state)
+		assert.NoError(t, err)
+
+		countRows(t, ctx, db, 1, "SELECT COUNT(*) FROM `oauth_client_state` WHERE `state` = ? AND `used` = true", state)
+
+		var localUserID int64 = 99
+		var remoteUserID int64 = 100
+		err = ds.RecordRemoteUserID(ctx, localUserID, remoteUserID)
+		assert.NoError(t, err)
+
+		countRows(t, ctx, db, 1, "SELECT COUNT(*) FROM `users_oauth` WHERE `user_id` = ? AND `remote_user_id` = ?", localUserID, remoteUserID)
+
+		foundUserID, err := ds.GetIDForRemoteUser(ctx, remoteUserID)
+		assert.NoError(t, err)
+		assert.Equal(t, localUserID, foundUserID)
+	})
+}
--- a/db/create.go
+++ b/db/create.go
@ -0,0 +1,271 @@
+package db
+
+import (
+	"fmt"
+	"strings"
+)
+
+type DialectType int
+type ColumnType int
+
+type OptionalInt struct {
+	Set   bool
+	Value int
+}
+
+type OptionalString struct {
+	Set   bool
+	Value string
+}
+
+type SQLBuilder interface {
+	ToSQL() (string, error)
+}
+
+type Column struct {
+	Dialect    DialectType
+	Name       string
+	Nullable   bool
+	Default    OptionalString
+	Type       ColumnType
+	Size       OptionalInt
+	PrimaryKey bool
+}
+
+type CreateTableSqlBuilder struct {
+	Dialect     DialectType
+	Name        string
+	IfNotExists bool
+	ColumnOrder []string
+	Columns     map[string]*Column
+	Constraints []string
+}
+
+const (
+	DialectSQLite DialectType = iota
+	DialectMySQL  DialectType = iota
+)
+
+const (
+	ColumnTypeBool     ColumnType = iota
+	ColumnTypeSmallInt ColumnType = iota
+	ColumnTypeInteger  ColumnType = iota
+	ColumnTypeChar     ColumnType = iota
+	ColumnTypeVarChar  ColumnType = iota
+	ColumnTypeText     ColumnType = iota
+	ColumnTypeDateTime ColumnType = iota
+)
+
+var _ SQLBuilder = &CreateTableSqlBuilder{}
+
+var UnsetSize OptionalInt = OptionalInt{Set: false, Value: 0}
+var UnsetDefault OptionalString = OptionalString{Set: false, Value: ""}
+
+func (d DialectType) Column(name string, t ColumnType, size OptionalInt) *Column {
+	switch d {
+	case DialectSQLite:
+		return &Column{Dialect: DialectSQLite, Name: name, Type: t, Size: size}
+	case DialectMySQL:
+		return &Column{Dialect: DialectMySQL, Name: name, Type: t, Size: size}
+	default:
+		panic(fmt.Sprintf("unexpected dialect: %d", d))
+	}
+}
+
+func (d DialectType) Table(name string) *CreateTableSqlBuilder {
+	switch d {
+	case DialectSQLite:
+		return &CreateTableSqlBuilder{Dialect: DialectSQLite, Name: name}
+	case DialectMySQL:
+		return &CreateTableSqlBuilder{Dialect: DialectMySQL, Name: name}
+	default:
+		panic(fmt.Sprintf("unexpected dialect: %d", d))
+	}
+}
+
+func (d ColumnType) Format(dialect DialectType, size OptionalInt) (string, error) {
+	if dialect != DialectMySQL && dialect != DialectSQLite {
+		return "", fmt.Errorf("unsupported column type %d for dialect %d and size %v", d, dialect, size)
+	}
+	switch d {
+	case ColumnTypeSmallInt:
+		{
+			if dialect == DialectSQLite {
+				return "INTEGER", nil
+			}
+			mod := ""
+			if size.Set {
+				mod = fmt.Sprintf("(%d)", size.Value)
+			}
+			return "SMALLINT" + mod, nil
+		}
+	case ColumnTypeInteger:
+		{
+			if dialect == DialectSQLite {
+				return "INTEGER", nil
+			}
+			mod := ""
+			if size.Set {
+				mod = fmt.Sprintf("(%d)", size.Value)
+			}
+			return "INT" + mod, nil
+		}
+	case ColumnTypeChar:
+		{
+			if dialect == DialectSQLite {
+				return "TEXT", nil
+			}
+			mod := ""
+			if size.Set {
+				mod = fmt.Sprintf("(%d)", size.Value)
+			}
+			return "CHAR" + mod, nil
+		}
+	case ColumnTypeVarChar:
+		{
+			if dialect == DialectSQLite {
+				return "TEXT", nil
+			}
+			mod := ""
+			if size.Set {
+				mod = fmt.Sprintf("(%d)", size.Value)
+			}
+			return "VARCHAR" + mod, nil
+		}
+	case ColumnTypeBool:
+		{
+			if dialect == DialectSQLite {
+				return "INTEGER", nil
+			}
+			return "TINYINT(1)", nil
+		}
+	case ColumnTypeDateTime:
+		return "DATETIME", nil
+	case ColumnTypeText:
+		return "TEXT", nil
+	}
+	return "", fmt.Errorf("unsupported column type %d for dialect %d and size %v", d, dialect, size)
+}
+
+func (c *Column) SetName(name string) *Column {
+	c.Name = name
+	return c
+}
+
+func (c *Column) SetNullable(nullable bool) *Column {
+	c.Nullable = nullable
+	return c
+}
+
+func (c *Column) SetPrimaryKey(pk bool) *Column {
+	c.PrimaryKey = pk
+	return c
+}
+
+func (c *Column) SetDefault(value string) *Column {
+	c.Default = OptionalString{Set: true, Value: value}
+	return c
+}
+
+func (c *Column) SetType(t ColumnType) *Column {
+	c.Type = t
+	return c
+}
+
+func (c *Column) SetSize(size int) *Column {
+	c.Size = OptionalInt{Set: true, Value: size}
+	return c
+}
+
+func (c *Column) String() (string, error) {
+	var str strings.Builder
+
+	str.WriteString(c.Name)
+
+	str.WriteString(" ")
+	typeStr, err := c.Type.Format(c.Dialect, c.Size)
+	if err != nil {
+		return "", err
+	}
+
+	str.WriteString(typeStr)
+
+	if !c.Nullable {
+		str.WriteString(" NOT NULL")
+	}
+
+	if c.Default.Set {
+		str.WriteString(" DEFAULT ")
+		str.WriteString(c.Default.Value)
+	}
+
+	if c.PrimaryKey {
+		str.WriteString(" PRIMARY KEY")
+	}
+
+	return str.String(), nil
+}
+
+func (b *CreateTableSqlBuilder) Column(column *Column) *CreateTableSqlBuilder {
+	if b.Columns == nil {
+		b.Columns = make(map[string]*Column)
+	}
+	b.Columns[column.Name] = column
+	b.ColumnOrder = append(b.ColumnOrder, column.Name)
+	return b
+}
+
+func (b *CreateTableSqlBuilder) UniqueConstraint(columns ...string) *CreateTableSqlBuilder {
+	for _, column := range columns {
+		if _, ok := b.Columns[column]; !ok {
+			// This fails silently.
+			return b
+		}
+	}
+	b.Constraints = append(b.Constraints, fmt.Sprintf("UNIQUE(%s)", strings.Join(columns, ",")))
+	return b
+}
+
+func (b *CreateTableSqlBuilder) SetIfNotExists(ine bool) *CreateTableSqlBuilder {
+	b.IfNotExists = ine
+	return b
+}
+
+func (b *CreateTableSqlBuilder) ToSQL() (string, error) {
+	var str strings.Builder
+
+	str.WriteString("CREATE TABLE ")
+	if b.IfNotExists {
+		str.WriteString("IF NOT EXISTS ")
+	}
+	str.WriteString(b.Name)
+
+	var things []string
+	for _, columnName := range b.ColumnOrder {
+		column, ok := b.Columns[columnName]
+		if !ok {
+			return "", fmt.Errorf("column not found: %s", columnName)
+		}
+		columnStr, err := column.String()
+		if err != nil {
+			return "", err
+		}
+		things = append(things, columnStr)
+	}
+	for _, constraint := range b.Constraints {
+		things = append(things, constraint)
+	}
+
+	if thingLen := len(things); thingLen > 0 {
+		str.WriteString(" ( ")
+		for i, thing := range things {
+			str.WriteString(thing)
+			if i < thingLen-1 {
+				str.WriteString(", ")
+			}
+		}
+		str.WriteString(" )")
+	}
+
+	return str.String(), nil
+}
--- a/db/create_test.go
+++ b/db/create_test.go
@ -0,0 +1,146 @@
+package db
+
+import (
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestDialect_Column(t *testing.T) {
+	c1 := DialectSQLite.Column("foo", ColumnTypeBool, UnsetSize)
+	assert.Equal(t, DialectSQLite, c1.Dialect)
+	c2 := DialectMySQL.Column("foo", ColumnTypeBool, UnsetSize)
+	assert.Equal(t, DialectMySQL, c2.Dialect)
+}
+
+func TestColumnType_Format(t *testing.T) {
+	type args struct {
+		dialect DialectType
+		size    OptionalInt
+	}
+	tests := []struct {
+		name    string
+		d       ColumnType
+		args    args
+		want    string
+		wantErr bool
+	}{
+		{"Sqlite bool", ColumnTypeBool, args{dialect: DialectSQLite}, "INTEGER", false},
+		{"Sqlite small int", ColumnTypeSmallInt, args{dialect: DialectSQLite}, "INTEGER", false},
+		{"Sqlite int", ColumnTypeInteger, args{dialect: DialectSQLite}, "INTEGER", false},
+		{"Sqlite char", ColumnTypeChar, args{dialect: DialectSQLite}, "TEXT", false},
+		{"Sqlite varchar", ColumnTypeVarChar, args{dialect: DialectSQLite}, "TEXT", false},
+		{"Sqlite text", ColumnTypeText, args{dialect: DialectSQLite}, "TEXT", false},
+		{"Sqlite datetime", ColumnTypeDateTime, args{dialect: DialectSQLite}, "DATETIME", false},
+
+		{"MySQL bool", ColumnTypeBool, args{dialect: DialectMySQL}, "TINYINT(1)", false},
+		{"MySQL small int", ColumnTypeSmallInt, args{dialect: DialectMySQL}, "SMALLINT", false},
+		{"MySQL small int with param", ColumnTypeSmallInt, args{dialect: DialectMySQL, size: OptionalInt{true, 3}}, "SMALLINT(3)", false},
+		{"MySQL int", ColumnTypeInteger, args{dialect: DialectMySQL}, "INT", false},
+		{"MySQL int with param", ColumnTypeInteger, args{dialect: DialectMySQL, size: OptionalInt{true, 11}}, "INT(11)", false},
+		{"MySQL char", ColumnTypeChar, args{dialect: DialectMySQL}, "CHAR", false},
+		{"MySQL char with param", ColumnTypeChar, args{dialect: DialectMySQL, size: OptionalInt{true, 4}}, "CHAR(4)", false},
+		{"MySQL varchar", ColumnTypeVarChar, args{dialect: DialectMySQL}, "VARCHAR", false},
+		{"MySQL varchar with param", ColumnTypeVarChar, args{dialect: DialectMySQL, size: OptionalInt{true, 25}}, "VARCHAR(25)", false},
+		{"MySQL text", ColumnTypeText, args{dialect: DialectMySQL}, "TEXT", false},
+		{"MySQL datetime", ColumnTypeDateTime, args{dialect: DialectMySQL}, "DATETIME", false},
+
+		{"invalid column type", 10000, args{dialect: DialectMySQL}, "", true},
+		{"invalid dialect", ColumnTypeBool, args{dialect: 10000}, "", true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := tt.d.Format(tt.args.dialect, tt.args.size)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Format() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != tt.want {
+				t.Errorf("Format() got = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestColumn_Build(t *testing.T) {
+	type fields struct {
+		Dialect    DialectType
+		Name       string
+		Nullable   bool
+		Default    OptionalString
+		Type       ColumnType
+		Size       OptionalInt
+		PrimaryKey bool
+	}
+	tests := []struct {
+		name    string
+		fields  fields
+		want    string
+		wantErr bool
+	}{
+		{"Sqlite bool", fields{DialectSQLite, "foo", false, UnsetDefault, ColumnTypeBool, UnsetSize, false}, "foo INTEGER NOT NULL", false},
+		{"Sqlite bool nullable", fields{DialectSQLite, "foo", true, UnsetDefault, ColumnTypeBool, UnsetSize, false}, "foo INTEGER", false},
+		{"Sqlite small int", fields{DialectSQLite, "foo", false, UnsetDefault, ColumnTypeSmallInt, UnsetSize, true}, "foo INTEGER NOT NULL PRIMARY KEY", false},
+		{"Sqlite small int nullable", fields{DialectSQLite, "foo", true, UnsetDefault, ColumnTypeSmallInt, UnsetSize, false}, "foo INTEGER", false},
+		{"Sqlite int", fields{DialectSQLite, "foo", false, UnsetDefault, ColumnTypeInteger, UnsetSize, false}, "foo INTEGER NOT NULL", false},
+		{"Sqlite int nullable", fields{DialectSQLite, "foo", true, UnsetDefault, ColumnTypeInteger, UnsetSize, false}, "foo INTEGER", false},
+		{"Sqlite char", fields{DialectSQLite, "foo", false, UnsetDefault, ColumnTypeChar, UnsetSize, false}, "foo TEXT NOT NULL", false},
+		{"Sqlite char nullable", fields{DialectSQLite, "foo", true, UnsetDefault, ColumnTypeChar, UnsetSize, false}, "foo TEXT", false},
+		{"Sqlite varchar", fields{DialectSQLite, "foo", false, UnsetDefault, ColumnTypeVarChar, UnsetSize, false}, "foo TEXT NOT NULL", false},
+		{"Sqlite varchar nullable", fields{DialectSQLite, "foo", true, UnsetDefault, ColumnTypeVarChar, UnsetSize, false}, "foo TEXT", false},
+		{"Sqlite text", fields{DialectSQLite, "foo", false, UnsetDefault, ColumnTypeText, UnsetSize, false}, "foo TEXT NOT NULL", false},
+		{"Sqlite text nullable", fields{DialectSQLite, "foo", true, UnsetDefault, ColumnTypeText, UnsetSize, false}, "foo TEXT", false},
+		{"Sqlite datetime", fields{DialectSQLite, "foo", false, UnsetDefault, ColumnTypeDateTime, UnsetSize, false}, "foo DATETIME NOT NULL", false},
+		{"Sqlite datetime nullable", fields{DialectSQLite, "foo", true, UnsetDefault, ColumnTypeDateTime, UnsetSize, false}, "foo DATETIME", false},
+
+		{"MySQL bool", fields{DialectMySQL, "foo", false, UnsetDefault, ColumnTypeBool, UnsetSize, false}, "foo TINYINT(1) NOT NULL", false},
+		{"MySQL bool nullable", fields{DialectMySQL, "foo", true, UnsetDefault, ColumnTypeBool, UnsetSize, false}, "foo TINYINT(1)", false},
+		{"MySQL small int", fields{DialectMySQL, "foo", false, UnsetDefault, ColumnTypeSmallInt, UnsetSize, true}, "foo SMALLINT NOT NULL PRIMARY KEY", false},
+		{"MySQL small int nullable", fields{DialectMySQL, "foo", true, UnsetDefault, ColumnTypeSmallInt, UnsetSize, false}, "foo SMALLINT", false},
+		{"MySQL int", fields{DialectMySQL, "foo", false, UnsetDefault, ColumnTypeInteger, UnsetSize, false}, "foo INT NOT NULL", false},
+		{"MySQL int nullable", fields{DialectMySQL, "foo", true, UnsetDefault, ColumnTypeInteger, UnsetSize, false}, "foo INT", false},
+		{"MySQL char", fields{DialectMySQL, "foo", false, UnsetDefault, ColumnTypeChar, UnsetSize, false}, "foo CHAR NOT NULL", false},
+		{"MySQL char nullable", fields{DialectMySQL, "foo", true, UnsetDefault, ColumnTypeChar, UnsetSize, false}, "foo CHAR", false},
+		{"MySQL varchar", fields{DialectMySQL, "foo", false, UnsetDefault, ColumnTypeVarChar, UnsetSize, false}, "foo VARCHAR NOT NULL", false},
+		{"MySQL varchar nullable", fields{DialectMySQL, "foo", true, UnsetDefault, ColumnTypeVarChar, UnsetSize, false}, "foo VARCHAR", false},
+		{"MySQL text", fields{DialectMySQL, "foo", false, UnsetDefault, ColumnTypeText, UnsetSize, false}, "foo TEXT NOT NULL", false},
+		{"MySQL text nullable", fields{DialectMySQL, "foo", true, UnsetDefault, ColumnTypeText, UnsetSize, false}, "foo TEXT", false},
+		{"MySQL datetime", fields{DialectMySQL, "foo", false, UnsetDefault, ColumnTypeDateTime, UnsetSize, false}, "foo DATETIME NOT NULL", false},
+		{"MySQL datetime nullable", fields{DialectMySQL, "foo", true, UnsetDefault, ColumnTypeDateTime, UnsetSize, false}, "foo DATETIME", false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			c := &Column{
+				Dialect:    tt.fields.Dialect,
+				Name:       tt.fields.Name,
+				Nullable:   tt.fields.Nullable,
+				Default:    tt.fields.Default,
+				Type:       tt.fields.Type,
+				Size:       tt.fields.Size,
+				PrimaryKey: tt.fields.PrimaryKey,
+			}
+			if got, err := c.String(); got != tt.want {
+				if (err != nil) != tt.wantErr {
+					t.Errorf("String() error = %v, wantErr %v", err, tt.wantErr)
+					return
+				}
+				if got != tt.want {
+					t.Errorf("String() got = %v, want %v", got, tt.want)
+				}
+			}
+		})
+	}
+}
+
+func TestCreateTableSqlBuilder_ToSQL(t *testing.T) {
+	sql, err := DialectMySQL.
+		Table("foo").
+		SetIfNotExists(true).
+		Column(DialectMySQL.Column("bar", ColumnTypeInteger, UnsetSize).SetPrimaryKey(true)).
+		Column(DialectMySQL.Column("baz", ColumnTypeText, UnsetSize)).
+		Column(DialectMySQL.Column("qux", ColumnTypeDateTime, UnsetSize).SetDefault("NOW()")).
+		UniqueConstraint("bar").
+		UniqueConstraint("bar", "baz").
+		ToSQL()
+	assert.NoError(t, err)
+	assert.Equal(t, "CREATE TABLE IF NOT EXISTS foo ( bar INT NOT NULL PRIMARY KEY, baz TEXT NOT NULL, qux DATETIME NOT NULL DEFAULT NOW(), UNIQUE(bar), UNIQUE(bar,baz) )", sql)
+}
--- a/db/tx.go
+++ b/db/tx.go
@ -0,0 +1,26 @@
+package db
+
+import (
+	"context"
+	"database/sql"
+)
+
+// TransactionScopedWork describes code executed within a database transaction.
+type TransactionScopedWork func(ctx context.Context, db *sql.Tx) error
+
+// RunTransactionWithOptions executes a block of code within a database transaction.
+func RunTransactionWithOptions(ctx context.Context, db *sql.DB, txOpts *sql.TxOptions, txWork TransactionScopedWork) error {
+	tx, err := db.BeginTx(ctx, txOpts)
+	if err != nil {
+		return err
+	}
+
+	if err = txWork(ctx, tx); err != nil {
+		if txErr := tx.Rollback(); txErr != nil {
+			return txErr
+		}
+		return err
+	}
+	return tx.Commit()
+}
+
--- a/go.mod
+++ b/go.mod
@ -49,7 +49,7 @@ require (
 	golang.org/x/lint v0.0.0-20181217174547-8f45f776aaf1 // indirect
 	golang.org/x/net v0.0.0-20190206173232-65e2d4e15006 // indirect
 	golang.org/x/sys v0.0.0-20190209173611-3b5209105503 // indirect
-	golang.org/x/tools v0.0.0-20190208222737-3744606dbb67 // indirect
+	golang.org/x/tools v0.0.0-20190208222737-3744606dbb67
 	google.golang.org/appengine v1.4.0 // indirect
 	gopkg.in/alecthomas/kingpin.v3-unstable v3.0.0-20180810215634-df19058c872c // indirect
 	gopkg.in/ini.v1 v1.41.0
--- a/go.sum
+++ b/go.sum
@ -64,7 +64,6 @@ github.com/jtolds/gls v4.2.1+incompatible h1:fSuqC+Gmlu6l/ZYAoZzx2pyucC8Xza35fpR
 github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a h1:FaWFmfWdAUKbSCtOU2QjDaorUexogfaMgbipgYATUMU=
 github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a/go.mod h1:UJSiEoRfvx3hP73CvoARgeLjaIOjybY9vj8PUPPFGeU=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
--- a/main_test.go
+++ b/main_test.go
@ -1,18 +1,153 @@
 package writefreely

 import (
+	"context"
+	"database/sql"
 	"encoding/gob"
+	"errors"
+	"fmt"
+	uuid "github.com/nu7hatch/gouuid"
+	"github.com/stretchr/testify/assert"
 	"math/rand"
 	"os"
+	"strings"
 	"testing"
 	"time"
 )

+var testDB *sql.DB
+
+type ScopedTestBody func(*sql.DB)
+
 // TestMain provides testing infrastructure within this package.
 func TestMain(m *testing.M) {
 	rand.Seed(time.Now().UTC().UnixNano())
-
 	gob.Register(&User{})

-	os.Exit(m.Run())
+	if runMySQLTests() {
+		var err error
+
+		testDB, err = initMySQL(os.Getenv("WF_USER"), os.Getenv("WF_PASSWORD"), os.Getenv("WF_DB"), os.Getenv("WF_HOST"))
+		if err != nil {
+			fmt.Println(err)
+			return
+		}
+	}
+
+	code := m.Run()
+	if runMySQLTests() {
+		if closeErr := testDB.Close(); closeErr != nil {
+			fmt.Println(closeErr)
+		}
+	}
+	os.Exit(code)
+}
+
+func runMySQLTests() bool {
+	return len(os.Getenv("TEST_MYSQL")) > 0
+}
+
+func initMySQL(dbUser, dbPassword, dbName, dbHost string) (*sql.DB, error) {
+	if dbUser == "" || dbPassword == "" {
+		return nil, errors.New("database user or password not set")
+	}
+	if dbHost == "" {
+		dbHost = "localhost"
+	}
+	if dbName == "" {
+		dbName = "writefreely"
+	}
+
+	dsn := fmt.Sprintf("%s:%s@tcp(%s:3306)/%s?charset=utf8mb4&parseTime=true", dbUser, dbPassword, dbHost, dbName)
+	db, err := sql.Open("mysql", dsn)
+	if err != nil {
+		return nil, err
+	}
+	if err := ensureMySQL(db); err != nil {
+		return nil, err
+	}
+	return db, nil
+}
+
+func ensureMySQL(db *sql.DB) error {
+	if err := db.Ping(); err != nil {
+		return err
+	}
+	db.SetMaxOpenConns(250)
+	return nil
+}
+
+// withTestDB provides a scoped database connection.
+func withTestDB(t *testing.T, testBody ScopedTestBody) {
+	db, cleanup, err := newTestDatabase(testDB,
+		os.Getenv("WF_USER"),
+		os.Getenv("WF_PASSWORD"),
+		os.Getenv("WF_DB"),
+		os.Getenv("WF_HOST"),
+	)
+	assert.NoError(t, err)
+	defer func() {
+		assert.NoError(t, cleanup())
+	}()
+
+	testBody(db)
+}
+
+// newTestDatabase creates a new temporary test database. When a test
+// database connection is returned, it will have created a new database and
+// initialized it with tables from a reference database.
+func newTestDatabase(base *sql.DB, dbUser, dbPassword, dbName, dbHost string) (*sql.DB, func() error, error) {
+	var err error
+	var baseName = dbName
+
+	if baseName == "" {
+		row := base.QueryRow("SELECT DATABASE()")
+		err := row.Scan(&baseName)
+		if err != nil {
+			return nil, nil, err
+		}
+	}
+	tUUID, _ := uuid.NewV4()
+	suffix := strings.Replace(tUUID.String(), "-", "_", -1)
+	newDBName := baseName + suffix
+	_, err = base.Exec("CREATE DATABASE " + newDBName)
+	if err != nil {
+		return nil, nil, err
+	}
+	newDB, err := initMySQL(dbUser, dbPassword, newDBName, dbHost)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	rows, err := base.Query("SHOW TABLES IN " + baseName)
+	if err != nil {
+		return nil, nil, err
+	}
+	for rows.Next() {
+		var tableName string
+		if err := rows.Scan(&tableName); err != nil {
+			return nil, nil, err
+		}
+		query := fmt.Sprintf("CREATE TABLE %s LIKE %s.%s", tableName, baseName, tableName)
+		if _, err := newDB.Exec(query); err != nil {
+			return nil, nil, err
+		}
+	}
+
+	cleanup := func() error {
+		if closeErr := newDB.Close(); closeErr != nil {
+			fmt.Println(closeErr)
+		}
+
+		_, err = base.Exec("DROP DATABASE " + newDBName)
+		return err
+	}
+	return newDB, cleanup, nil
+}
+
+func countRows(t *testing.T, ctx context.Context, db *sql.DB, count int, query string, args ...interface{}) {
+	var returned int
+	err := db.QueryRowContext(ctx, query, args...).Scan(&returned)
+	assert.NoError(t, err, "error executing query %s and args %s", query, args)
+	assert.Equal(t, count, returned, "unexpected return count %d, expected %d from %s and args %s", returned, count, query, args)
 }
--- a/migrations/migrations.go
+++ b/migrations/migrations.go
@ -59,6 +59,7 @@ var migrations = []Migration{
 	New("support user invites", supportUserInvites),             // -> V1 (v0.8.0)
 	New("support dynamic instance pages", supportInstancePages), // V1 -> V2 (v0.9.0)
 	New("support users suspension", supportUserStatus),          // V2 -> V3 (v0.11.0)
+	New("support oauth", oauth), // V3 -> V4
 }

 // CurrentVer returns the current migration version the application is on
--- a/migrations/v4.go
+++ b/migrations/v4.go
@ -0,0 +1,46 @@
+package migrations
+
+import (
+	"context"
+	"database/sql"
+
+	wf_db "github.com/writeas/writefreely/db"
+)
+
+func oauth(db *datastore) error {
+	dialect := wf_db.DialectMySQL
+	if db.driverName == driverSQLite {
+		dialect = wf_db.DialectSQLite
+	}
+	return wf_db.RunTransactionWithOptions(context.Background(), db.DB, &sql.TxOptions{}, func(ctx context.Context, tx *sql.Tx) error {
+		createTableUsersOauth, err := dialect.
+			Table("users_oauth").
+			SetIfNotExists(true).
+			Column(dialect.Column("user_id", wf_db.ColumnTypeInteger, wf_db.UnsetSize)).
+			Column(dialect.Column("remote_user_id", wf_db.ColumnTypeInteger, wf_db.UnsetSize)).
+			UniqueConstraint("user_id").
+			UniqueConstraint("remote_user_id").
+			ToSQL()
+		if err != nil {
+			return err
+		}
+		createTableOauthClientState, err := dialect.
+			Table("oauth_client_state").
+			SetIfNotExists(true).
+			Column(dialect.Column("state", wf_db.ColumnTypeVarChar, wf_db.OptionalInt{Set: true, Value: 255})).
+			Column(dialect.Column("used", wf_db.ColumnTypeBool, wf_db.UnsetSize)).
+			Column(dialect.Column("created_at", wf_db.ColumnTypeDateTime, wf_db.UnsetSize).SetDefault("NOW()")).
+			UniqueConstraint("state").
+			ToSQL()
+		if err != nil {
+			return err
+		}
+
+		for _, table := range []string{createTableUsersOauth, createTableOauthClientState} {
+			if _, err := tx.ExecContext(ctx, table); err != nil {
+				return err
+			}
+		}
+		return nil
+	})
+}
--- a/oauth.go
+++ b/oauth.go
@ -3,9 +3,9 @@ package writefreely
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"github.com/gorilla/sessions"
 	"github.com/guregu/null/zero"
-	"github.com/writeas/impart"
 	"github.com/writeas/web-core/auth"
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely/config"
@ -67,12 +67,15 @@ type HttpClient interface {
 }

 type oauthHandler struct {
+	Config     *config.Config
+	DB         OAuthDatastore
+	Store      sessions.Store
 	HttpClient HttpClient
 }

 // buildAuthURL returns a URL used to initiate authentication.
-func buildAuthURL(app OAuthDatastoreProvider, ctx context.Context, clientID, authLocation, callbackURL string) (string, error) {
-	state, err := app.DB().GenerateOAuthState(ctx)
+func buildAuthURL(db OAuthDatastore, ctx context.Context, clientID, authLocation, callbackURL string) (string, error) {
+	state, err := db.GenerateOAuthState(ctx)
 	if err != nil {
 		return "", err
 	}
@ -91,44 +94,50 @@ func buildAuthURL(app OAuthDatastoreProvider, ctx context.Context, clientID, aut
 	return u.String(), nil
 }

-func (h oauthHandler) viewOauthInit(app OAuthDatastoreProvider, w http.ResponseWriter, r *http.Request) error {
-	location, err := buildAuthURL(app, r.Context(), app.Config().App.OAuthClientID, app.Config().App.OAuthProviderAuthLocation, app.Config().App.OAuthClientCallbackLocation)
+// app *App, w http.ResponseWriter, r *http.Request
+func (h oauthHandler) viewOauthInit(w http.ResponseWriter, r *http.Request) {
+	location, err := buildAuthURL(h.DB, r.Context(), h.Config.App.OAuthClientID, h.Config.App.OAuthProviderAuthLocation, h.Config.App.OAuthClientCallbackLocation)
 	if err != nil {
-		log.ErrorLog.Println(err)
-		return impart.HTTPError{Status: http.StatusInternalServerError, Message: "Could not prepare OAuth redirect URL."}
+		failOAuthRequest(w, http.StatusInternalServerError, "could not prepare oauth redirect url")
+		return
 	}
 	http.Redirect(w, r, location, http.StatusTemporaryRedirect)
-	return nil
 }

-func (h oauthHandler) viewOauthCallback(app OAuthDatastoreProvider, w http.ResponseWriter, r *http.Request) error {
+func (h oauthHandler) viewOauthCallback(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()

 	code := r.FormValue("code")
 	state := r.FormValue("state")

-	err := app.DB().ValidateOAuthState(ctx, state)
+	err := h.DB.ValidateOAuthState(ctx, state)
 	if err != nil {
-		return err
+		failOAuthRequest(w, http.StatusInternalServerError, err.Error())
+		return
 	}

-	tokenResponse, err := h.exchangeOauthCode(app, ctx, code)
+	tokenResponse, err := h.exchangeOauthCode(ctx, code)
 	if err != nil {
-		return err
+		failOAuthRequest(w, http.StatusInternalServerError, err.Error())
+		return
 	}

 	// Now that we have the access token, let's use it real quick to make sur
 	// it really really works.
-	tokenInfo, err := h.inspectOauthAccessToken(app, ctx, tokenResponse.AccessToken)
+	tokenInfo, err := h.inspectOauthAccessToken(ctx, tokenResponse.AccessToken)
 	if err != nil {
-		return err
+		failOAuthRequest(w, http.StatusInternalServerError, err.Error())
+		return
 	}

-	localUserID, err := app.DB().GetIDForRemoteUser(ctx, tokenInfo.UserID)
+	localUserID, err := h.DB.GetIDForRemoteUser(ctx, tokenInfo.UserID)
 	if err != nil {
-		return err
+		failOAuthRequest(w, http.StatusInternalServerError, err.Error())
+		return
 	}

+	fmt.Println("local user id", localUserID)
+
 	if localUserID == -1 {
 		// We don't have, nor do we want, the password from the origin, so we
 		//create a random string. If the user needs to set a password, they
@ -136,12 +145,14 @@ func (h oauthHandler) viewOauthCallback(app OAuthDatastoreProvider, w http.Respo
 		//flow.
 		randPass, err := randString(14)
 		if err != nil {
-			return err
+			failOAuthRequest(w, http.StatusInternalServerError, err.Error())
+			return
 		}
 		hashedPass, err := auth.HashPass([]byte(randPass))
 		if err != nil {
 			log.ErrorLog.Println(err)
-			return impart.HTTPError{http.StatusInternalServerError, "Could not create password hash."}
+			failOAuthRequest(w, http.StatusInternalServerError, "unable to create password hash")
+			return
 		}
 		newUser := &User{
 			Username:   tokenInfo.Username,
@ -151,32 +162,40 @@ func (h oauthHandler) viewOauthCallback(app OAuthDatastoreProvider, w http.Respo
 			Created:    time.Now().Truncate(time.Second).UTC(),
 		}

-		err = app.DB().CreateUser(app.Config(), newUser, newUser.Username)
+		err = h.DB.CreateUser(h.Config, newUser, newUser.Username)
 		if err != nil {
-			return err
+			failOAuthRequest(w, http.StatusInternalServerError, err.Error())
+			return
 		}

-		err = app.DB().RecordRemoteUserID(ctx, newUser.ID, tokenInfo.UserID)
+		err = h.DB.RecordRemoteUserID(ctx, newUser.ID, tokenInfo.UserID)
 		if err != nil {
-			return err
+			failOAuthRequest(w, http.StatusInternalServerError, err.Error())
+			return
 		}

-		return loginOrFail(app, w, r, newUser)
+		if err := loginOrFail(h.Store, w, r, newUser); err != nil {
+			failOAuthRequest(w, http.StatusInternalServerError, err.Error())
+		}
+		return
 	}

-	user, err := app.DB().GetUserForAuthByID(localUserID)
+	user, err := h.DB.GetUserForAuthByID(localUserID)
 	if err != nil {
-		return err
+		failOAuthRequest(w, http.StatusInternalServerError, err.Error())
+		return
+	}
+	if err = loginOrFail(h.Store, w, r, user); err != nil {
+		failOAuthRequest(w, http.StatusInternalServerError, err.Error())
 	}
-	return loginOrFail(app, w, r, user)
 }

-func (h oauthHandler) exchangeOauthCode(app OAuthDatastoreProvider, ctx context.Context, code string) (*TokenResponse, error) {
+func (h oauthHandler) exchangeOauthCode(ctx context.Context, code string) (*TokenResponse, error) {
 	form := url.Values{}
 	form.Add("grant_type", "authorization_code")
-	form.Add("redirect_uri", app.Config().App.OAuthClientCallbackLocation)
+	form.Add("redirect_uri", h.Config.App.OAuthClientCallbackLocation)
 	form.Add("code", code)
-	req, err := http.NewRequest("POST", app.Config().App.OAuthProviderTokenLocation, strings.NewReader(form.Encode()))
+	req, err := http.NewRequest("POST", h.Config.App.OAuthProviderTokenLocation, strings.NewReader(form.Encode()))
 	if err != nil {
 		return nil, err
 	}
@ -184,7 +203,7 @@ func (h oauthHandler) exchangeOauthCode(app OAuthDatastoreProvider, ctx context.
 	req.Header.Set("User-Agent", "writefreely")
 	req.Header.Set("Accept", "application/json")
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
-	req.SetBasicAuth(app.Config().App.OAuthClientID, app.Config().App.OAuthClientSecret)
+	req.SetBasicAuth(h.Config.App.OAuthClientID, h.Config.App.OAuthClientSecret)

 	resp, err := h.HttpClient.Do(req)
 	if err != nil {
@ -207,8 +226,8 @@ func (h oauthHandler) exchangeOauthCode(app OAuthDatastoreProvider, ctx context.
 	return &tokenResponse, nil
 }

-func (h oauthHandler) inspectOauthAccessToken(app OAuthDatastoreProvider, ctx context.Context, accessToken string) (*InspectResponse, error) {
-	req, err := http.NewRequest("GET", app.Config().App.OAuthProviderInspectLocation, nil)
+func (h oauthHandler) inspectOauthAccessToken(ctx context.Context, accessToken string) (*InspectResponse, error) {
+	req, err := http.NewRequest("GET", h.Config.App.OAuthProviderInspectLocation, nil)
 	if err != nil {
 		return nil, err
 	}
@ -238,15 +257,27 @@ func (h oauthHandler) inspectOauthAccessToken(app OAuthDatastoreProvider, ctx co
 	return &inspectResponse, nil
 }

-func loginOrFail(app OAuthDatastoreProvider, w http.ResponseWriter, r *http.Request, user *User) error {
-	session, err := app.SessionStore().Get(r, cookieName)
-	if err != nil {
-		return err
-	}
+func loginOrFail(store sessions.Store, w http.ResponseWriter, r *http.Request, user *User) error {
+	// An error may be returned, but a valid session should always be returned.
+	session, _ := store.Get(r, cookieName)
 	session.Values[cookieUserVal] = user.Cookie()
-	if err = session.Save(r, w); err != nil {
+	if err := session.Save(r, w); err != nil {
+		fmt.Println("error saving session", err)
 		return err
 	}
 	http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
 	return nil
 }
+
+// failOAuthRequest is an HTTP handler helper that formats returned error
+// messages.
+func failOAuthRequest(w http.ResponseWriter, statusCode int, message string) {
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(statusCode)
+	err := json.NewEncoder(w).Encode(map[string]interface{}{
+		"error": message,
+	})
+	if err != nil {
+		panic(err)
+	}
+}
--- a/oauth_test.go
+++ b/oauth_test.go
@ -5,7 +5,6 @@ import (
 	"fmt"
 	"github.com/gorilla/sessions"
 	"github.com/stretchr/testify/assert"
-	"github.com/writeas/impart"
 	"github.com/writeas/writefreely/config"
 	"net/http"
 	"net/http/httptest"
@ -125,14 +124,18 @@ func (m *MockOAuthDatastore) GenerateOAuthState(ctx context.Context) (string, er
 }

 func TestViewOauthInit(t *testing.T) {
-	h := oauthHandler{}
+
 	t.Run("success", func(t *testing.T) {
 		app := &MockOAuthDatastoreProvider{}
+		h := oauthHandler{
+			Config: app.Config(),
+			DB:     app.DB(),
+			Store:  app.SessionStore(),
+		}
 		req, err := http.NewRequest("GET", "/oauth/client", nil)
 		assert.NoError(t, err)
 		rr := httptest.NewRecorder()
-		err = h.viewOauthInit(app, rr, req)
-		assert.NoError(t, err)
+		h.viewOauthInit(rr, req)
 		assert.Equal(t, http.StatusTemporaryRedirect, rr.Code)
 		locURI, err := url.Parse(rr.Header().Get("Location"))
 		assert.NoError(t, err)
@ -153,12 +156,18 @@ func TestViewOauthInit(t *testing.T) {
 				}
 			},
 		}
+		h := oauthHandler{
+			Config: app.Config(),
+			DB:     app.DB(),
+			Store:  app.SessionStore(),
+		}
 		req, err := http.NewRequest("GET", "/oauth/client", nil)
 		assert.NoError(t, err)
 		rr := httptest.NewRecorder()
-		err = h.viewOauthInit(app, rr, req)
-		assert.Error(t, err)
-		assert.Equal(t, impart.HTTPError{Status: http.StatusInternalServerError, Message: "Could not prepare OAuth redirect URL."}, err)
+		h.viewOauthInit(rr, req)
+		assert.Equal(t, http.StatusInternalServerError, rr.Code)
+		expected := `{"error":"could not prepare oauth redirect url"}` + "\n"
+		assert.Equal(t, expected, rr.Body.String())
 	})
 }

@ -166,6 +175,9 @@ func TestViewOauthCallback(t *testing.T) {
 	t.Run("success", func(t *testing.T) {
 		app := &MockOAuthDatastoreProvider{}
 		h := oauthHandler{
+			Config: app.Config(),
+			DB:     app.DB(),
+			Store:  app.SessionStore(),
 			HttpClient: &MockHTTPClient{
 				DoDo: func(req *http.Request) (*http.Response, error) {
 					switch req.URL.String() {
@ -190,7 +202,7 @@ func TestViewOauthCallback(t *testing.T) {
 		req, err := http.NewRequest("GET", "/oauth/callback", nil)
 		assert.NoError(t, err)
 		rr := httptest.NewRecorder()
-		err = h.viewOauthCallback(app, rr, req)
+		h.viewOauthCallback(rr, req)
 		assert.NoError(t, err)
 		assert.Equal(t, http.StatusTemporaryRedirect, rr.Code)

--- a/routes.go
+++ b/routes.go
@ -80,6 +80,16 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 	auth.HandleFunc("/read", handler.WebErrors(handleWebCollectionUnlock, UserLevelNone)).Methods("POST")
 	auth.HandleFunc("/me", handler.All(handleAPILogout)).Methods("DELETE")

+	oauthHandler := oauthHandler{
+		HttpClient: &http.Client{},
+		Config:     apper.App().Config(),
+		DB:         apper.App().DB(),
+		Store:      apper.App().SessionStore(),
+	}
+
+	write.HandleFunc("/oauth/write.as", oauthHandler.viewOauthInit).Methods("GET")
+	write.HandleFunc("/oauth/callback", oauthHandler.viewOauthCallback).Methods("GET")
+
 	// Handle logged in user sections
 	me := write.PathPrefix("/me").Subrouter()
 	me.HandleFunc("/", handler.Redirect("/me", UserLevelUser))