From c373f183365902ecf70273c14c822faec8844ec1 Mon Sep 17 00:00:00 2001
From: MrMelon54 <github@mrmelon54.com>
Date: Fri, 31 Jan 2025 18:54:12 +0000
Subject: [PATCH] Change certificates.not_after and certificates.renew_retry to
 allow null values

---
 database/certificate.sql.go                   | 36 +++++++++----------
 database/certificate_domains.sql.go           |  2 +-
 database/db.go                                |  2 +-
 .../20250131183447_null_not_after.down.sql    |  0
 .../20250131183447_null_not_after.up.sql      | 29 +++++++++++++++
 database/models.go                            |  6 ++--
 database/queries/certificate.sql              |  2 +-
 renewal/service.go                            |  4 +--
 servers/api.go                                |  6 ++--
 sqlc.yaml                                     |  5 +++
 10 files changed, 63 insertions(+), 29 deletions(-)
 create mode 100644 database/migrations/20250131183447_null_not_after.down.sql
 create mode 100644 database/migrations/20250131183447_null_not_after.up.sql

diff --git a/database/certificate.sql.go b/database/certificate.sql.go
index 2ec4e30..5d74a33 100644
--- a/database/certificate.sql.go
+++ b/database/certificate.sql.go
@@ -1,6 +1,6 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
-//   sqlc v1.25.0
+//   sqlc v1.28.0
 // source: certificate.sql
 
 package database
@@ -19,7 +19,7 @@ VALUES (?, ?, ?, ?)
 type AddCertificateParams struct {
 	Owner     string        `json:"owner"`
 	Dns       sql.NullInt64 `json:"dns"`
-	NotAfter  time.Time     `json:"not_after"`
+	NotAfter  sql.NullTime  `json:"not_after"`
 	UpdatedAt time.Time     `json:"updated_at"`
 }
 
@@ -75,7 +75,7 @@ FROM certificates AS cert
 WHERE cert.active = 1
   AND (cert.auto_renew = 1 OR cert.not_after IS NULL)
   AND cert.renewing = 0
-  AND DATETIME() > DATETIME(cert.renew_retry)
+  AND (cert.renew_retry IS NULL OR DATETIME() > DATETIME(cert.renew_retry))
   AND (cert.not_after IS NULL OR DATETIME(cert.not_after, 'utc', '-30 days') < DATETIME())
 ORDER BY cert.temp_parent, cert.not_after DESC NULLS FIRST
 LIMIT 1
@@ -83,7 +83,7 @@ LIMIT 1
 
 type FindNextCertRow struct {
 	ID         int64          `json:"id"`
-	NotAfter   time.Time      `json:"not_after"`
+	NotAfter   sql.NullTime   `json:"not_after"`
 	Type       sql.NullString `json:"type"`
 	Token      sql.NullString `json:"token"`
 	TempParent sql.NullInt64  `json:"temp_parent"`
@@ -116,14 +116,14 @@ FROM certificates AS cert
 `
 
 type FindOwnedCertsRow struct {
-	ID         int64     `json:"id"`
-	AutoRenew  bool      `json:"auto_renew"`
-	Active     bool      `json:"active"`
-	Renewing   bool      `json:"renewing"`
-	RenewRetry time.Time `json:"renew_retry"`
-	NotAfter   time.Time `json:"not_after"`
-	UpdatedAt  time.Time `json:"updated_at"`
-	Domain     string    `json:"domain"`
+	ID         int64        `json:"id"`
+	AutoRenew  bool         `json:"auto_renew"`
+	Active     bool         `json:"active"`
+	Renewing   bool         `json:"renewing"`
+	RenewRetry sql.NullTime `json:"renew_retry"`
+	NotAfter   sql.NullTime `json:"not_after"`
+	UpdatedAt  time.Time    `json:"updated_at"`
+	Domain     string       `json:"domain"`
 }
 
 func (q *Queries) FindOwnedCerts(ctx context.Context) ([]FindOwnedCertsRow, error) {
@@ -190,9 +190,9 @@ WHERE id = ?
 `
 
 type UpdateCertAfterRenewalParams struct {
-	NotAfter  time.Time `json:"not_after"`
-	UpdatedAt time.Time `json:"updated_at"`
-	ID        int64     `json:"id"`
+	NotAfter  sql.NullTime `json:"not_after"`
+	UpdatedAt time.Time    `json:"updated_at"`
+	ID        int64        `json:"id"`
 }
 
 func (q *Queries) UpdateCertAfterRenewal(ctx context.Context, arg UpdateCertAfterRenewalParams) error {
@@ -208,9 +208,9 @@ WHERE id = ?
 `
 
 type UpdateRenewingStateParams struct {
-	Renewing   bool      `json:"renewing"`
-	RenewRetry time.Time `json:"renew_retry"`
-	ID         int64     `json:"id"`
+	Renewing   bool         `json:"renewing"`
+	RenewRetry sql.NullTime `json:"renew_retry"`
+	ID         int64        `json:"id"`
 }
 
 func (q *Queries) UpdateRenewingState(ctx context.Context, arg UpdateRenewingStateParams) error {
diff --git a/database/certificate_domains.sql.go b/database/certificate_domains.sql.go
index 5f328be..07df858 100644
--- a/database/certificate_domains.sql.go
+++ b/database/certificate_domains.sql.go
@@ -1,6 +1,6 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
-//   sqlc v1.25.0
+//   sqlc v1.28.0
 // source: certificate_domains.sql
 
 package database
diff --git a/database/db.go b/database/db.go
index 61f5bf4..bad7c4b 100644
--- a/database/db.go
+++ b/database/db.go
@@ -1,6 +1,6 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
-//   sqlc v1.25.0
+//   sqlc v1.28.0
 
 package database
 
diff --git a/database/migrations/20250131183447_null_not_after.down.sql b/database/migrations/20250131183447_null_not_after.down.sql
new file mode 100644
index 0000000..e69de29
diff --git a/database/migrations/20250131183447_null_not_after.up.sql b/database/migrations/20250131183447_null_not_after.up.sql
new file mode 100644
index 0000000..997ba21
--- /dev/null
+++ b/database/migrations/20250131183447_null_not_after.up.sql
@@ -0,0 +1,29 @@
+-- null not after
+
+ALTER TABLE certificates
+    RENAME COLUMN not_after TO not_after_2;
+
+ALTER TABLE certificates
+    ADD COLUMN not_after DATETIME NULL;
+
+UPDATE certificates
+SET not_after = not_after_2
+WHERE not_after IS NULL;
+
+ALTER TABLE certificates
+    DROP COLUMN not_after_2;
+
+-- null renew retry
+
+ALTER TABLE certificates
+    RENAME COLUMN renew_retry TO renew_retry_2;
+
+ALTER TABLE certificates
+    ADD COLUMN renew_retry DATETIME NULL;
+
+UPDATE certificates
+SET renew_retry = renew_retry_2
+WHERE renew_retry IS NULL;
+
+ALTER TABLE certificates
+    DROP COLUMN renew_retry_2;
diff --git a/database/models.go b/database/models.go
index 7286181..954c8dd 100644
--- a/database/models.go
+++ b/database/models.go
@@ -1,6 +1,6 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
-//   sqlc v1.25.0
+//   sqlc v1.28.0
 
 package database
 
@@ -16,10 +16,10 @@ type Certificate struct {
 	AutoRenew  bool          `json:"auto_renew"`
 	Active     bool          `json:"active"`
 	Renewing   bool          `json:"renewing"`
-	NotAfter   time.Time     `json:"not_after"`
+	NotAfter   sql.NullTime  `json:"not_after"`
 	UpdatedAt  time.Time     `json:"updated_at"`
 	TempParent sql.NullInt64 `json:"temp_parent"`
-	RenewRetry time.Time     `json:"renew_retry"`
+	RenewRetry sql.NullTime  `json:"renew_retry"`
 }
 
 type CertificateDomain struct {
diff --git a/database/queries/certificate.sql b/database/queries/certificate.sql
index d1c978d..8ad6257 100644
--- a/database/queries/certificate.sql
+++ b/database/queries/certificate.sql
@@ -5,7 +5,7 @@ FROM certificates AS cert
 WHERE cert.active = 1
   AND (cert.auto_renew = 1 OR cert.not_after IS NULL)
   AND cert.renewing = 0
-  AND DATETIME() > DATETIME(cert.renew_retry)
+  AND (cert.renew_retry IS NULL OR DATETIME() > DATETIME(cert.renew_retry))
   AND (cert.not_after IS NULL OR DATETIME(cert.not_after, 'utc', '-30 days') < DATETIME())
 ORDER BY cert.temp_parent, cert.not_after DESC NULLS FIRST
 LIMIT 1;
diff --git a/renewal/service.go b/renewal/service.go
index f4cde2e..11a26ff 100644
--- a/renewal/service.go
+++ b/renewal/service.go
@@ -292,7 +292,7 @@ func (s *Service) findNextCertificateToRenew() (*localCertData, error) {
 	d.id = row.ID
 	d.dns.name = row.Type
 	d.dns.token = row.Token
-	d.notAfter = row.NotAfter
+	d.notAfter = row.NotAfter.Time
 	d.tempParent = row.TempParent
 
 	return d, nil
@@ -412,7 +412,7 @@ func (s *Service) renewCert(localData *localCertData) error {
 
 	// set the NotAfter/NotBefore in the database
 	err = s.db.UpdateCertAfterRenewal(context.Background(), database.UpdateCertAfterRenewalParams{
-		NotAfter:  cert.NotAfter,
+		NotAfter:  sql.NullTime{Time: cert.NotAfter, Valid: true},
 		UpdatedAt: cert.NotBefore,
 		ID:        localData.id,
 	})
diff --git a/servers/api.go b/servers/api.go
index 7edab6d..2cdd50b 100644
--- a/servers/api.go
+++ b/servers/api.go
@@ -73,8 +73,8 @@ func NewApiServer(listen string, db *database.Queries, signer *mjwt.KeyStore, do
 				AutoRenew:  row.AutoRenew,
 				Active:     row.Active,
 				Renewing:   row.Renewing,
-				RenewRetry: row.RenewRetry,
-				NotAfter:   row.NotAfter,
+				RenewRetry: row.RenewRetry.Time,
+				NotAfter:   row.NotAfter.Time,
 				UpdatedAt:  row.UpdatedAt,
 			}
 			d := row.Domain
@@ -136,7 +136,7 @@ func NewApiServer(listen string, db *database.Queries, signer *mjwt.KeyStore, do
 		err := db.AddCertificate(req.Context(), database.AddCertificateParams{
 			Owner:     b.Subject,
 			Dns:       sql.NullInt64{},
-			NotAfter:  time.Now(),
+			NotAfter:  sql.NullTime{Time: time.Now(), Valid: true},
 			UpdatedAt: time.Now(),
 		})
 		if err != nil {
diff --git a/sqlc.yaml b/sqlc.yaml
index 7e08599..3661da7 100644
--- a/sqlc.yaml
+++ b/sqlc.yaml
@@ -8,3 +8,8 @@ sql:
         package: "database"
         out: "database"
         emit_json_tags: true
+        overrides:
+          - column: certificates.not_after
+            go_type: database/sql.NullTime
+          - column: certificates.renew_retry
+            go_type: database/sql.NullTime