fix: add unique constraint to hashed columns (#67210)

Adds `unique=True` to the `hashed_token` and `hashed_refresh_token`
columns to generate indexes for the columns to avoid slow DB
queries/sequential scans.

fixtures/backup/model_dependencies/detailed.json

@@ -706,6 +706,12 @@
     ],
     "table_name": "sentry_apitoken",
     "uniques": [
+      [
+        "hashed_refresh_token"
+      ],
+      [
+        "hashed_token"
+      ],
       [
         "refresh_token"
       ],

migrations_lockfile.txt

@@ -9,5 +9,5 @@ feedback: 0004_index_together
 hybridcloud: 0015_apitokenreplica_hashed_token_index
 nodestore: 0002_nodestore_no_dictfield
 replays: 0004_index_together
-sentry: 0675_dashboard_widget_query_rename_priority_sort_to_trends
+sentry: 0676_apitoken_hashed_indexes
 social_auth: 0002_default_auto_field

src/sentry/migrations/0676_apitoken_hashed_indexes.py

@@ -0,0 +1,36 @@
+# Generated by Django 5.0.2 on 2024-03-18 23:08
+
+from django.db import migrations, models
+
+from sentry.new_migrations.migrations import CheckedMigration
+
+
+class Migration(CheckedMigration):
+    # This flag is used to mark that a migration shouldn't be automatically run in production. For
+    # the most part, this should only be used for operations where it's safe to run the migration
+    # after your code has deployed. So this should not be used for most operations that alter the
+    # schema of a table.
+    # Here are some things that make sense to mark as dangerous:
+    # - Large data migrations. Typically we want these to be run manually by ops so that they can
+    #   be monitored and not block the deploy for a long period of time while they run.
+    # - Adding indexes to large tables. Since this can take a long time, we'd generally prefer to
+    #   have ops run this and not block the deploy. Note that while adding an index is a schema
+    #   change, it's completely safe to run the operation after the code has deployed.
+    is_dangerous = True
+
+    dependencies = [
+        ("sentry", "0675_dashboard_widget_query_rename_priority_sort_to_trends"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="apitoken",
+            name="hashed_refresh_token",
+            field=models.CharField(max_length=128, null=True, unique=True),
+        ),
+        migrations.AlterField(
+            model_name="apitoken",
+            name="hashed_token",
+            field=models.CharField(max_length=128, null=True, unique=True),
+        ),
+    ]

src/sentry/models/apitoken.py

@@ -42,11 +42,11 @@ class ApiToken(ReplicatedControlModel, HasApiScopes):
     user = FlexibleForeignKey("sentry.User")
     name = models.CharField(max_length=255, null=True)
     token = models.CharField(max_length=71, unique=True, default=generate_token)
-    hashed_token = models.CharField(max_length=128, null=True)
+    hashed_token = models.CharField(max_length=128, unique=True, null=True)
     token_type = models.CharField(max_length=7, choices=AuthTokenType, null=True)
     token_last_characters = models.CharField(max_length=4, null=True)
     refresh_token = models.CharField(max_length=71, unique=True, null=True, default=generate_token)
-    hashed_refresh_token = models.CharField(max_length=128, null=True)
+    hashed_refresh_token = models.CharField(max_length=128, unique=True, null=True)
     expires_at = models.DateTimeField(null=True, default=default_expiration)
     date_added = models.DateTimeField(default=timezone.now)