📝 docs: planning auth route

issues/2020-12Dec/auth-route-YNQAQKJS.md

@@ -98,7 +98,7 @@ stronger is ready.
 - (X) Clean up scraper endpoint
 - (X) Add (almost) end-to-end tests for test scraper endpoint
 - (X) Thread server endpoints through relay scraper auth
-- ( ) Add tests for other scraper endpoints
+- (don't care) Add tests for other scraper endpoints
 - (don't care) Factor v1 API into v1 module
 - (X) Add real scraper endpoints
 - ( ) Manually create SQLite DB for scraper keys, add 1 hash
@@ -139,6 +139,74 @@ These will all be JSON for now since Python, Rust, C++, C#, etc. can handle it.
 For compatibility with wget spidering, I _might_ do XML or HTML that's
 machine-readable. We'll see.
 
+## DB / UI impl
+
+Sprint 1:
+
+- Look up keys by their hash
+- not_before
+- not_after
+- name
+- X-Email associated with key
+
+Sprint 2:
+
+- UI to generate / revoke keys
+
+## SQL schema
+
+Migration
+
+```
+create table scraper_keys (
+	hash text primary key,        -- Using blake3 for this because it's not a password
+	not_before integer not null,  -- Seconds since epoch 
+	not_after integer not null,   -- Seconds since epoch
+	name text not null,           -- Human-friendly nickname
+	email text not null           -- Email address that created the key
+);
+```
+
+Look up hash
+
+```
+select not_before, not_after name, email 
+from scraper_keys 
+where 
+	hash = $1 and 
+	strftime ('%s') >= not_before and 
+	strftime ('%s') < not_after
+;
+```
+
+Create key
+
+```
+-- Generate entropy in app code
+insert into scraper_keys (
+	hash,
+	not_before,
+	not_after,
+	name,
+	email
+) values (
+	$1, 
+	strftime ('%s'),
+	strftime ('%s') + 2592000,
+	$4,
+	$5
+);
+
+-- Respond to client with plaintext key and then forget it.
+-- If a network blip causes the key to evaporate, the client should revoke it.
+```
+
+Revoke key
+
+```
+
+```
+
 ## Decision journal
 
 **Who generates the API key? The scraper client, or the PTTH relay server?**