shithub Public

Watch 1 Fork 0 Star 0
Go · 15787 bytes Raw Blame History
1 // Code generated by sqlc. DO NOT EDIT.
2 // versions:
3 // sqlc v1.31.1
4
5 package usersdb
6
7 import (
8 "context"
9
10 "github.com/jackc/pgx/v5/pgtype"
11 )
12
13 type Querier interface {
14 // Records the user's approval and links the freshly minted PAT.
15 // Idempotency is preserved by the caller — the orchestrator only
16 // calls this once per row.
17 ApproveDeviceAuthorization(ctx context.Context, db DBTX, arg ApproveDeviceAuthorizationParams) error
18 // SPDX-License-Identifier: AGPL-3.0-or-later
19 // Increments the hit counter for (scope, identifier). When the existing
20 // window is older than the supplied window-start cutoff, resets to 1 and
21 // starts a new window. Returns the post-bump (hits, window_started_at).
22 BumpAuthThrottle(ctx context.Context, db DBTX, arg BumpAuthThrottleParams) (BumpAuthThrottleRow, error)
23 // Atomically advances last_used_counter only when the proposed counter is
24 // strictly greater. Returns rows affected — 0 means a replay attempt and
25 // the caller should reject the code.
26 BumpTOTPCounter(ctx context.Context, db DBTX, arg BumpTOTPCounterParams) (int64, error)
27 BumpUserSessionEpoch(ctx context.Context, db DBTX, id int64) error
28 // Sets confirmed_at on a pending row. Returns the number of rows updated;
29 // callers MUST check this to handle the parallel-enrollment race
30 // (only one of two concurrent confirms wins).
31 ConfirmUserTOTP(ctx context.Context, db DBTX, arg ConfirmUserTOTPParams) (int64, error)
32 ConsumeEmailVerification(ctx context.Context, db DBTX, id int64) error
33 ConsumePasswordReset(ctx context.Context, db DBTX, id int64) error
34 // Atomically marks a code as used iff it exists for the user, matches the
35 // supplied hash, and isn't already used. Rows-affected==1 means accepted;
36 // 0 means rejected.
37 ConsumeRecoveryCode(ctx context.Context, db DBTX, arg ConsumeRecoveryCodeParams) (int64, error)
38 CountActiveUserTokens(ctx context.Context, db DBTX, userID int64) (int64, error)
39 // Drives the 3-changes-per-60d cap.
40 CountRecentUsernameChanges(ctx context.Context, db DBTX, arg CountRecentUsernameChangesParams) (int64, error)
41 CountUnusedRecoveryCodes(ctx context.Context, db DBTX, userID int64) (int64, error)
42 // Excludes revoked rows so the per-user cap (100) counts live keys.
43 CountUserGPGKeys(ctx context.Context, db DBTX, userID int64) (int64, error)
44 CountUserSSHKeys(ctx context.Context, db DBTX, userID int64) (int64, error)
45 CountUserSSHKeysByKind(ctx context.Context, db DBTX, arg CountUserSSHKeysByKindParams) (int64, error)
46 CountUsers(ctx context.Context, db DBTX) (int64, error)
47 CountVerifiedUserEmails(ctx context.Context, db DBTX, userID int64) (int64, error)
48 // SPDX-License-Identifier: AGPL-3.0-or-later
49 CreateEmailVerification(ctx context.Context, db DBTX, arg CreateEmailVerificationParams) (EmailVerification, error)
50 // SPDX-License-Identifier: AGPL-3.0-or-later
51 CreatePasswordReset(ctx context.Context, db DBTX, arg CreatePasswordResetParams) (PasswordReset, error)
52 // SPDX-License-Identifier: AGPL-3.0-or-later
53 CreateUser(ctx context.Context, db DBTX, arg CreateUserParams) (User, error)
54 // SPDX-License-Identifier: AGPL-3.0-or-later
55 CreateUserEmail(ctx context.Context, db DBTX, arg CreateUserEmailParams) (UserEmail, error)
56 // Janitor invocation: a small forensics window past expiry is fine,
57 // but eventually drop the row so the user_code index stays small.
58 DeleteExpiredDeviceAuthorizations(ctx context.Context, db DBTX) error
59 DeleteExpiredEmailVerifications(ctx context.Context, db DBTX) error
60 DeleteExpiredPasswordResets(ctx context.Context, db DBTX) error
61 // Scoped delete: caller must pass owning user_id. Refuses to delete
62 // the primary email (UI must guide the user to set a different primary first).
63 DeleteUserEmail(ctx context.Context, db DBTX, arg DeleteUserEmailParams) (int64, error)
64 DeleteUserNotificationPref(ctx context.Context, db DBTX, arg DeleteUserNotificationPrefParams) error
65 DeleteUserRecoveryCodes(ctx context.Context, db DBTX, userID int64) error
66 // Scoped delete: caller must pass the owning user_id so a hijacked
67 // handler can never delete keys it doesn't own.
68 DeleteUserSSHKey(ctx context.Context, db DBTX, arg DeleteUserSSHKeyParams) (int64, error)
69 DeleteUserTOTP(ctx context.Context, db DBTX, userID int64) error
70 DenyDeviceAuthorization(ctx context.Context, db DBTX, id int64) error
71 // Hot path for the polling /access_token endpoint. The middleware
72 // enforces interval_seconds via last_polled_at downstream.
73 GetDeviceAuthorizationByCodeHash(ctx context.Context, db DBTX, deviceCodeHash []byte) (DeviceAuthorization, error)
74 // Lookup path for the verification page. Returns even non-pending rows
75 // so the handler can render a clean "already approved" / "expired" page
76 // instead of a generic 404.
77 GetDeviceAuthorizationByUserCode(ctx context.Context, db DBTX, userCode string) (DeviceAuthorization, error)
78 GetEmailVerificationByTokenHash(ctx context.Context, db DBTX, tokenHash []byte) (EmailVerification, error)
79 GetPasswordResetByTokenHash(ctx context.Context, db DBTX, tokenHash []byte) (PasswordReset, error)
80 GetUserByID(ctx context.Context, db DBTX, id int64) (User, error)
81 GetUserByUsername(ctx context.Context, db DBTX, username string) (User, error)
82 GetUserByUsernameIncludingDeleted(ctx context.Context, db DBTX, username string) (User, error)
83 GetUserEmailByAddress(ctx context.Context, db DBTX, email string) (UserEmail, error)
84 GetUserEmailByID(ctx context.Context, db DBTX, id int64) (UserEmail, error)
85 GetUserEmailByVerificationHash(ctx context.Context, db DBTX, verificationTokenHash []byte) (UserEmail, error)
86 // Scoped single-key lookup for REST GET-by-id. user_id filter prevents
87 // cross-user reads (existence-leak-safe: returns no row if the id
88 // belongs to another user). Excludes soft-deleted rows so the public
89 // surface mirrors a hard delete from the consumer's perspective;
90 // verification (which needs historical attribution) uses
91 // GetUserGPGKeyForVerification which has no revoked filter.
92 GetUserGPGKey(ctx context.Context, db DBTX, arg GetUserGPGKeyParams) (UserGpgKey, error)
93 // Uniqueness probe used by the add path to surface a friendly
94 // "this key is already registered" error before the unique index
95 // violation. Returns any row matching the fingerprint regardless of
96 // which user owns it (global uniqueness is the contract).
97 GetUserGPGKeyByFingerprint(ctx context.Context, db DBTX, fingerprint string) (UserGpgKey, error)
98 // Non-user-scoped lookup used by the verification path. Unlike
99 // GetUserGPGKey this query does NOT filter on user_id — the caller
100 // already validated the subkey resolution and needs the parent
101 // record's user_id to drive the email cross-check. Includes revoked
102 // rows so historical commit verifications can still resolve their
103 // signer attribution.
104 GetUserGPGKeyForVerification(ctx context.Context, db DBTX, id int64) (UserGpgKey, error)
105 // Hot path for commit/tag signature verification. The signature
106 // packet carries the signing subkey's fingerprint; this query
107 // resolves it back to the primary key (and via FK to the user).
108 // Index lookup via the partial unique index.
109 GetUserGPGSubkeyByFingerprint(ctx context.Context, db DBTX, fingerprint string) (UserGpgSubkey, error)
110 // Like GetUserByID but returns the row even when deleted_at IS NOT NULL.
111 GetUserIncludingDeleted(ctx context.Context, db DBTX, id int64) (User, error)
112 // Single-key lookup for the REST GET-by-id endpoint. user_id filter so
113 // one caller can't read another's key by ID.
114 GetUserSSHKey(ctx context.Context, db DBTX, arg GetUserSSHKeyParams) (UserSshKey, error)
115 // Hot path for sshd's AuthorizedKeysCommand. Index lookup via the UNIQUE
116 // index on fingerprint_sha256.
117 GetUserSSHKeyByFingerprint(ctx context.Context, db DBTX, fingerprintSha256 string) (UserSshKey, error)
118 GetUserSessionEpoch(ctx context.Context, db DBTX, id int64) (int32, error)
119 GetUserTOTP(ctx context.Context, db DBTX, userID int64) (UserTotp, error)
120 // Hot path for the auth middleware. token_hash is UNIQUE; returns at
121 // most one row. Caller MUST also check revoked_at IS NULL and
122 // expires_at handling.
123 GetUserTokenByHash(ctx context.Context, db DBTX, tokenHash []byte) (UserToken, error)
124 // SPDX-License-Identifier: AGPL-3.0-or-later
125 InsertAuditLog(ctx context.Context, db DBTX, arg InsertAuditLogParams) error
126 // SPDX-License-Identifier: AGPL-3.0-or-later
127 InsertDeviceAuthorization(ctx context.Context, db DBTX, arg InsertDeviceAuthorizationParams) (DeviceAuthorization, error)
128 // SPDX-License-Identifier: AGPL-3.0-or-later
129 InsertRecoveryCode(ctx context.Context, db DBTX, arg InsertRecoveryCodeParams) error
130 // SPDX-License-Identifier: AGPL-3.0-or-later
131 // Inserts a parsed primary GPG key. Subkeys land in user_gpg_subkeys
132 // in the same transaction (see InsertUserGPGSubkey). expires_at is
133 // nullable; many keys have no expiration. revoked_at stays NULL on
134 // insert; soft-delete sets it.
135 InsertUserGPGKey(ctx context.Context, db DBTX, arg InsertUserGPGKeyParams) (UserGpgKey, error)
136 // SPDX-License-Identifier: AGPL-3.0-or-later
137 // One row per subkey of a primary key. Always inserted in the same
138 // transaction as the parent InsertUserGPGKey so the verification
139 // hot path's fingerprint lookup is consistent with the REST nested
140 // shape.
141 InsertUserGPGSubkey(ctx context.Context, db DBTX, arg InsertUserGPGSubkeyParams) (UserGpgSubkey, error)
142 // SPDX-License-Identifier: AGPL-3.0-or-later
143 InsertUserSSHKey(ctx context.Context, db DBTX, arg InsertUserSSHKeyParams) (UserSshKey, error)
144 // SPDX-License-Identifier: AGPL-3.0-or-later
145 InsertUserToken(ctx context.Context, db DBTX, arg InsertUserTokenParams) (UserToken, error)
146 // Used by the S10 username-change flow to record an old name. The
147 // redirect itself doubles as a 30-day reservation (the row stays for at
148 // least that long).
149 InsertUsernameRedirect(ctx context.Context, db DBTX, arg InsertUsernameRedirectParams) error
150 // Sets the FK only. Does NOT flip users.email_verified — that happens via
151 // MarkUserEmailPrimaryVerified after the user clicks the verification link.
152 LinkUserPrimaryEmail(ctx context.Context, db DBTX, arg LinkUserPrimaryEmailParams) error
153 ListAuditLogForTarget(ctx context.Context, db DBTX, arg ListAuditLogForTargetParams) ([]AuthAuditLog, error)
154 // Reads all live subkeys for one primary; used when invalidating the
155 // verification cache on primary soft-delete (every dependent subkey
156 // needs its cache rows stamped invalidated too).
157 ListSubkeysForGPGKey(ctx context.Context, db DBTX, gpgKeyID int64) ([]UserGpgSubkey, error)
158 ListUserEmailsForUser(ctx context.Context, db DBTX, userID int64) ([]UserEmail, error)
159 // Paginated list for the REST surface; HTML settings page reuses with
160 // a generous limit and no offset.
161 ListUserGPGKeys(ctx context.Context, db DBTX, arg ListUserGPGKeysParams) ([]UserGpgKey, error)
162 // SPDX-License-Identifier: AGPL-3.0-or-later
163 ListUserNotificationPrefs(ctx context.Context, db DBTX, userID int64) ([]UserNotificationPref, error)
164 ListUserSSHKeys(ctx context.Context, db DBTX, userID int64) ([]UserSshKey, error)
165 // Paginated kind-filtered list used by the REST surface. Order matches
166 // ListUserSSHKeys so callers can swap between them without observing a
167 // reshuffle.
168 ListUserSSHKeysByKind(ctx context.Context, db DBTX, arg ListUserSSHKeysByKindParams) ([]UserSshKey, error)
169 ListUserTokens(ctx context.Context, db DBTX, userID int64) ([]UserToken, error)
170 // SPDX-License-Identifier: AGPL-3.0-or-later
171 // Resolve an old username to the current username via the user_id FK.
172 // Returns ErrNoRows when no redirect exists.
173 LookupUsernameRedirect(ctx context.Context, db DBTX, oldUsername string) (LookupUsernameRedirectRow, error)
174 // Called after MarkUserEmailVerified for the primary email, to flip the
175 // denormalized users.email_verified flag.
176 MarkUserEmailPrimaryVerified(ctx context.Context, db DBTX, id int64) error
177 MarkUserEmailVerified(ctx context.Context, db DBTX, id int64) error
178 PurgeStaleAuthThrottle(ctx context.Context, db DBTX, windowStartedAt pgtype.Timestamptz) error
179 // Wrapped by the username-change flow inside a tx that also writes
180 // username_redirects, so the old name becomes a redirect target atomically.
181 RenameUser(ctx context.Context, db DBTX, arg RenameUserParams) error
182 ResetAuthThrottle(ctx context.Context, db DBTX, arg ResetAuthThrottleParams) error
183 // Clears deleted_at; called when a user logs in within the 14-day grace
184 // window. The login handler enforces the window check before calling.
185 RestoreUserAccount(ctx context.Context, db DBTX, id int64) error
186 // Used by user suspension to revoke every active token in one statement.
187 RevokeAllUserTokens(ctx context.Context, db DBTX, userID int64) error
188 // Scoped revoke: caller must pass owning user_id so a hijacked handler
189 // can never revoke tokens it doesn't own. No-op on already-revoked rows.
190 RevokeUserToken(ctx context.Context, db DBTX, arg RevokeUserTokenParams) (int64, error)
191 // Atomically unset the existing primary and set the supplied row as
192 // primary. Caller MUST have already verified the row belongs to the
193 // user and is verified.
194 SetUserEmailPrimary(ctx context.Context, db DBTX, arg SetUserEmailPrimaryParams) error
195 SetVerificationToken(ctx context.Context, db DBTX, arg SetVerificationTokenParams) error
196 // Stamps revoked_at on every live subkey of a primary. Called in the
197 // same transaction as SoftDeleteUserGPGKey so the partial unique index
198 // frees up the fingerprint for re-upload if the user rotates.
199 SoftDeleteSubkeysForGPGKey(ctx context.Context, db DBTX, gpgKeyID int64) error
200 SoftDeleteUser(ctx context.Context, db DBTX, id int64) error
201 // Scoped soft-delete: stamps revoked_at, preserves the row for audit
202 // continuity. Returns the number of rows affected so the handler can
203 // distinguish "not found" from "deleted" without a follow-up query.
204 SoftDeleteUserGPGKey(ctx context.Context, db DBTX, arg SoftDeleteUserGPGKeyParams) (int64, error)
205 SuspendUser(ctx context.Context, db DBTX, arg SuspendUserParams) error
206 TouchDeviceAuthorizationPoll(ctx context.Context, db DBTX, id int64) error
207 TouchSSHKeyLastUsed(ctx context.Context, db DBTX, arg TouchSSHKeyLastUsedParams) error
208 // Best-effort last-used stamp called from the verification path when
209 // a signature successfully resolves to this key. No timeout / error
210 // propagation; the caller fires-and-forgets via a goroutine.
211 TouchUserGPGKeyLastUsed(ctx context.Context, db DBTX, id int64) error
212 TouchUserLastLogin(ctx context.Context, db DBTX, id int64) error
213 TouchUserTokenLastUsed(ctx context.Context, db DBTX, arg TouchUserTokenLastUsedParams) error
214 // Clears the suspended state. Mirrors SuspendUser; used by the
215 // /admin/users/{id}/unsuspend handler. Replaces an inline UPDATE
216 // in admin/users.go (SR2 M2).
217 UnsuspendUser(ctx context.Context, db DBTX, id int64) error
218 UpdateUserAvatarKey(ctx context.Context, db DBTX, arg UpdateUserAvatarKeyParams) error
219 UpdateUserPassword(ctx context.Context, db DBTX, arg UpdateUserPasswordParams) error
220 UpdateUserPrivateContributions(ctx context.Context, db DBTX, arg UpdateUserPrivateContributionsParams) error
221 UpdateUserProfile(ctx context.Context, db DBTX, arg UpdateUserProfileParams) error
222 UpdateUserTheme(ctx context.Context, db DBTX, arg UpdateUserThemeParams) error
223 UpsertUserNotificationPref(ctx context.Context, db DBTX, arg UpsertUserNotificationPrefParams) error
224 // SPDX-License-Identifier: AGPL-3.0-or-later
225 // Inserts a new pending TOTP row, or replaces an existing pending row for
226 // the same user. Confirmed rows are NOT replaced — disable+regenerate
227 // must go through the dedicated query.
228 UpsertUserTOTP(ctx context.Context, db DBTX, arg UpsertUserTOTPParams) (UserTotp, error)
229 }
230
231 var _ Querier = (*Queries)(nil)
232