| 1 | -- SPDX-License-Identifier: AGPL-3.0-or-later |
| 2 | |
| 3 | -- name: InsertUserSSHKey :one |
| 4 | INSERT INTO user_ssh_keys (user_id, title, fingerprint_sha256, key_type, key_bits, public_key) |
| 5 | VALUES ($1, $2, $3, $4, $5, $6) |
| 6 | RETURNING id, user_id, title, fingerprint_sha256, key_type, key_bits, public_key, |
| 7 | last_used_at, last_used_ip, created_at; |
| 8 | |
| 9 | -- name: ListUserSSHKeys :many |
| 10 | SELECT id, user_id, title, fingerprint_sha256, key_type, key_bits, public_key, |
| 11 | last_used_at, last_used_ip, created_at |
| 12 | FROM user_ssh_keys |
| 13 | WHERE user_id = $1 |
| 14 | ORDER BY created_at DESC; |
| 15 | |
| 16 | -- name: CountUserSSHKeys :one |
| 17 | SELECT count(*) FROM user_ssh_keys WHERE user_id = $1; |
| 18 | |
| 19 | -- name: DeleteUserSSHKey :execrows |
| 20 | -- Scoped delete: caller must pass the owning user_id so a hijacked |
| 21 | -- handler can never delete keys it doesn't own. |
| 22 | DELETE FROM user_ssh_keys WHERE id = $1 AND user_id = $2; |
| 23 | |
| 24 | -- name: GetUserSSHKeyByFingerprint :one |
| 25 | -- Hot path for sshd's AuthorizedKeysCommand. Index lookup via the UNIQUE |
| 26 | -- index on fingerprint_sha256. |
| 27 | SELECT id, user_id, title, fingerprint_sha256, key_type, key_bits, public_key, |
| 28 | last_used_at, last_used_ip, created_at |
| 29 | FROM user_ssh_keys |
| 30 | WHERE fingerprint_sha256 = $1; |
| 31 | |
| 32 | -- name: TouchSSHKeyLastUsed :exec |
| 33 | UPDATE user_ssh_keys |
| 34 | SET last_used_at = now(), |
| 35 | last_used_ip = $2 |
| 36 | WHERE id = $1; |
| 37 |