Skip to content

Commit f416cbf

Browse files
GrantGryczanGrantGryczan
committed
Fix excessive timestamp resolution
1 parent e9a752b commit f416cbf

1 file changed

Lines changed: 21 additions & 13 deletions

File tree

migrations/20240522023049_initialize.sql

Lines changed: 21 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,28 @@
11
CREATE EXTENSION citext;
22

3+
-- `timestamptz` has microsecond resolution by default, which needlessly
4+
-- increases the attack surface for timing attacks. `timestamptz(3)` only has
5+
-- millisecond resolution and should always be used instead.
6+
--
7+
-- TODO: Something in CI should guarantee this, and that should have a code
8+
-- comment instead of this database migration comment, because migrations can't
9+
-- be edited once deployed.
10+
311
CREATE TABLE terms_version (
412
constrain_table_to_one_row boolean NOT NULL UNIQUE DEFAULT TRUE
513
CHECK (constrain_table_to_one_row),
6-
updated_at timestamptz PRIMARY KEY
14+
updated_at timestamptz(3) PRIMARY KEY
715
GENERATED ALWAYS AS (GREATEST(terms_updated_at, privacy_updated_at))
816
STORED,
9-
terms_updated_at timestamptz NOT NULL DEFAULT now(),
10-
privacy_updated_at timestamptz NOT NULL DEFAULT now(),
17+
terms_updated_at timestamptz(3) NOT NULL DEFAULT now(),
18+
privacy_updated_at timestamptz(3) NOT NULL DEFAULT now(),
1119
terms_hash bytea NOT NULL,
1220
privacy_hash bytea NOT NULL
1321
);
1422

1523
CREATE TABLE users (
16-
created_at timestamptz NOT NULL DEFAULT now(),
17-
accepted_terms_at timestamptz NOT NULL,
24+
created_at timestamptz(3) NOT NULL DEFAULT now(),
25+
accepted_terms_at timestamptz(3) NOT NULL,
1826
id bytea PRIMARY KEY,
1927
email citext NOT NULL UNIQUE,
2028
name text NOT NULL,
@@ -23,9 +31,9 @@ CREATE TABLE users (
2331
);
2432

2533
CREATE TABLE unverified_emails (
26-
created_at timestamptz NOT NULL DEFAULT now(),
34+
created_at timestamptz(3) NOT NULL DEFAULT now(),
2735
token_hash bytea PRIMARY KEY,
28-
user_accepted_terms_at timestamptz NOT NULL DEFAULT now(),
36+
user_accepted_terms_at timestamptz(3) NOT NULL DEFAULT now(),
2937
user_id bytea UNIQUE REFERENCES users (id) ON DELETE CASCADE,
3038
email citext NOT NULL,
3139
code_hash text
@@ -35,14 +43,14 @@ CREATE UNIQUE INDEX unverified_user_emails ON unverified_emails (email)
3543
WHERE user_id IS NULL;
3644

3745
CREATE TABLE password_resets (
38-
created_at timestamptz NOT NULL DEFAULT now(),
46+
created_at timestamptz(3) NOT NULL DEFAULT now(),
3947
token_hash bytea PRIMARY KEY,
4048
user_id bytea NOT NULL UNIQUE REFERENCES users (id) ON DELETE CASCADE
4149
);
4250

4351
CREATE TABLE sessions (
44-
created_at timestamptz NOT NULL DEFAULT now(),
45-
accessed_at timestamptz NOT NULL DEFAULT now(),
52+
created_at timestamptz(3) NOT NULL DEFAULT now(),
53+
accessed_at timestamptz(3) NOT NULL DEFAULT now(),
4654
token_hash bytea PRIMARY KEY,
4755
user_id bytea NOT NULL REFERENCES users (id) ON DELETE CASCADE
4856
);
@@ -53,8 +61,8 @@ CREATE INDEX sessions_by_user_id ON sessions (user_id);
5361
CREATE TYPE encoding AS ENUM ('br');
5462

5563
CREATE TABLE files (
56-
created_at timestamptz NOT NULL DEFAULT now(),
57-
modified_at timestamptz NOT NULL DEFAULT now(),
64+
created_at timestamptz(3) NOT NULL DEFAULT now(),
65+
modified_at timestamptz(3) NOT NULL DEFAULT now(),
5866
id bytea PRIMARY KEY,
5967
name text NOT NULL,
6068
owner_id bytea NOT NULL REFERENCES users (id) ON DELETE CASCADE,
@@ -73,7 +81,7 @@ CREATE TABLE files (
7381
CREATE INDEX files_by_id_path ON files (owner_id, parent_id_path, id);
7482

7583
CREATE TABLE folders (
76-
created_at timestamptz NOT NULL DEFAULT now(),
84+
created_at timestamptz(3) NOT NULL DEFAULT now(),
7785
id bytea PRIMARY KEY,
7886
name text NOT NULL,
7987
owner_id bytea NOT NULL REFERENCES users (id) ON DELETE CASCADE,

0 commit comments

Comments
 (0)