`5cbaaa0`

repos/sqlc: queries + generated for commit_verification_cache

Authored by mfwolffe <wolffemf@dukes.jmu.edu> yesterday

SHA: 5cbaaa02bc5f29262844f596fb509249c8d1ef21
Parents: e289421
Tree: b916588

19 changed files

Status	File	+
M	`internal/actions/sqlc/models.go`	14
M	`internal/admin/sqlc/models.go`	14
M	`internal/auth/policy/sqlc/models.go`	14
M	`internal/billing/sqlc/models.go`	14
M	`internal/checks/sqlc/models.go`	14
M	`internal/issues/sqlc/models.go`	14
M	`internal/meta/sqlc/models.go`	14
M	`internal/notif/sqlc/models.go`	14
M	`internal/orgs/sqlc/models.go`	14
M	`internal/pulls/sqlc/models.go`	14
M	`internal/ratelimit/sqlc/models.go`	14
A	`internal/repos/queries/commit_verification_cache.sql`	62
A	`internal/repos/sqlc/commit_verification_cache.sql.go`	183
M	`internal/repos/sqlc/models.go`	14
M	`internal/repos/sqlc/querier.go`	22
M	`internal/social/sqlc/models.go`	14
M	`internal/users/sqlc/models.go`	14
M	`internal/webhook/sqlc/models.go`	14
M	`internal/worker/sqlc/models.go`	14

internal/actions/sqlc/models.gomodified

  	Tsv     interface{}
+ }
 +type CommitVerificationCache struct {
 +	RepoID           int64
 +	CommitOid        string
 +	Reason           string
 +	Verified         bool
 +	SignerUserID     pgtype.Int8
 +	SignerSubkeyID   pgtype.Int8
 +	Kind             string
 +	SignatureArmored pgtype.Text
 +	Payload          []byte
 +	VerifiedAt       pgtype.Timestamptz
 +	InvalidatedAt    pgtype.Timestamptz
 +}
++
  type DeviceAuthorization struct {
  	ID              int64
  	DeviceCodeHash  []byte

internal/admin/sqlc/models.gomodified

  	Tsv     interface{}
+ }
 +type CommitVerificationCache struct {
 +	RepoID           int64
 +	CommitOid        string
 +	Reason           string
 +	Verified         bool
 +	SignerUserID     pgtype.Int8
 +	SignerSubkeyID   pgtype.Int8
 +	Kind             string
 +	SignatureArmored pgtype.Text
 +	Payload          []byte
 +	VerifiedAt       pgtype.Timestamptz
 +	InvalidatedAt    pgtype.Timestamptz
 +}
++
  type DeviceAuthorization struct {
  	ID              int64
  	DeviceCodeHash  []byte

internal/auth/policy/sqlc/models.gomodified

  	Tsv     interface{}
+ }
 +type CommitVerificationCache struct {
 +	RepoID           int64
 +	CommitOid        string
 +	Reason           string
 +	Verified         bool
 +	SignerUserID     pgtype.Int8
 +	SignerSubkeyID   pgtype.Int8
 +	Kind             string
 +	SignatureArmored pgtype.Text
 +	Payload          []byte
 +	VerifiedAt       pgtype.Timestamptz
 +	InvalidatedAt    pgtype.Timestamptz
 +}
++
  type DeviceAuthorization struct {
  	ID              int64
  	DeviceCodeHash  []byte

internal/billing/sqlc/models.gomodified

  	Tsv     interface{}
+ }
 +type CommitVerificationCache struct {
 +	RepoID           int64
 +	CommitOid        string
 +	Reason           string
 +	Verified         bool
 +	SignerUserID     pgtype.Int8
 +	SignerSubkeyID   pgtype.Int8
 +	Kind             string
 +	SignatureArmored pgtype.Text
 +	Payload          []byte
 +	VerifiedAt       pgtype.Timestamptz
 +	InvalidatedAt    pgtype.Timestamptz
 +}
++
  type DeviceAuthorization struct {
  	ID              int64
  	DeviceCodeHash  []byte

internal/checks/sqlc/models.gomodified

  	Tsv     interface{}
+ }
 +type CommitVerificationCache struct {
 +	RepoID           int64
 +	CommitOid        string
 +	Reason           string
 +	Verified         bool
 +	SignerUserID     pgtype.Int8
 +	SignerSubkeyID   pgtype.Int8
 +	Kind             string
 +	SignatureArmored pgtype.Text
 +	Payload          []byte
 +	VerifiedAt       pgtype.Timestamptz
 +	InvalidatedAt    pgtype.Timestamptz
 +}
++
  type DeviceAuthorization struct {
  	ID              int64
  	DeviceCodeHash  []byte

internal/issues/sqlc/models.gomodified

  	Tsv     interface{}
+ }
 +type CommitVerificationCache struct {
 +	RepoID           int64
 +	CommitOid        string
 +	Reason           string
 +	Verified         bool
 +	SignerUserID     pgtype.Int8
 +	SignerSubkeyID   pgtype.Int8
 +	Kind             string
 +	SignatureArmored pgtype.Text
 +	Payload          []byte
 +	VerifiedAt       pgtype.Timestamptz
 +	InvalidatedAt    pgtype.Timestamptz
 +}
++
  type DeviceAuthorization struct {
  	ID              int64
  	DeviceCodeHash  []byte

internal/meta/sqlc/models.gomodified

  	Tsv     interface{}
+ }
 +type CommitVerificationCache struct {
 +	RepoID           int64
 +	CommitOid        string
 +	Reason           string
 +	Verified         bool
 +	SignerUserID     pgtype.Int8
 +	SignerSubkeyID   pgtype.Int8
 +	Kind             string
 +	SignatureArmored pgtype.Text
 +	Payload          []byte
 +	VerifiedAt       pgtype.Timestamptz
 +	InvalidatedAt    pgtype.Timestamptz
 +}
++
  type DeviceAuthorization struct {
  	ID              int64
  	DeviceCodeHash  []byte

internal/notif/sqlc/models.gomodified

  	Tsv     interface{}
+ }
 +type CommitVerificationCache struct {
 +	RepoID           int64
 +	CommitOid        string
 +	Reason           string
 +	Verified         bool
 +	SignerUserID     pgtype.Int8
 +	SignerSubkeyID   pgtype.Int8
 +	Kind             string
 +	SignatureArmored pgtype.Text
 +	Payload          []byte
 +	VerifiedAt       pgtype.Timestamptz
 +	InvalidatedAt    pgtype.Timestamptz
 +}
++
  type DeviceAuthorization struct {
  	ID              int64
  	DeviceCodeHash  []byte

internal/orgs/sqlc/models.gomodified

  	Tsv     interface{}
+ }
 +type CommitVerificationCache struct {
 +	RepoID           int64
 +	CommitOid        string
 +	Reason           string
 +	Verified         bool
 +	SignerUserID     pgtype.Int8
 +	SignerSubkeyID   pgtype.Int8
 +	Kind             string
 +	SignatureArmored pgtype.Text
 +	Payload          []byte
 +	VerifiedAt       pgtype.Timestamptz
 +	InvalidatedAt    pgtype.Timestamptz
 +}
++
  type DeviceAuthorization struct {
  	ID              int64
  	DeviceCodeHash  []byte

internal/pulls/sqlc/models.gomodified

  	Tsv     interface{}
+ }
 +type CommitVerificationCache struct {
 +	RepoID           int64
 +	CommitOid        string
 +	Reason           string
 +	Verified         bool
 +	SignerUserID     pgtype.Int8
 +	SignerSubkeyID   pgtype.Int8
 +	Kind             string
 +	SignatureArmored pgtype.Text
 +	Payload          []byte
 +	VerifiedAt       pgtype.Timestamptz
 +	InvalidatedAt    pgtype.Timestamptz
 +}
++
  type DeviceAuthorization struct {
  	ID              int64
  	DeviceCodeHash  []byte

internal/ratelimit/sqlc/models.gomodified

  	Tsv     interface{}
+ }
 +type CommitVerificationCache struct {
 +	RepoID           int64
 +	CommitOid        string
 +	Reason           string
 +	Verified         bool
 +	SignerUserID     pgtype.Int8
 +	SignerSubkeyID   pgtype.Int8
 +	Kind             string
 +	SignatureArmored pgtype.Text
 +	Payload          []byte
 +	VerifiedAt       pgtype.Timestamptz
 +	InvalidatedAt    pgtype.Timestamptz
 +}
++
  type DeviceAuthorization struct {
  	ID              int64
  	DeviceCodeHash  []byte

internal/repos/queries/commit_verification_cache.sqladded

 +-- SPDX-License-Identifier: AGPL-3.0-or-later
++
 +-- name: UpsertCommitVerification :exec
 +-- Idempotent upsert. The verification orchestrator + backfill worker
 +-- both write through this query; both can safely run concurrently
 +-- against the same (repo_id, commit_oid) without losing data thanks
 +-- to the (repo_id, commit_oid) primary key + ON CONFLICT clause.
 +INSERT INTO commit_verification_cache (
 +    repo_id, commit_oid, reason, verified,
 +    signer_user_id, signer_subkey_id, kind,
 +    signature_armored, payload, verified_at
 +)
 +VALUES (
 +    $1, $2, $3, $4,
 +    $5, $6, $7,
 +    $8, $9, now()
 +)
 +ON CONFLICT (repo_id, commit_oid) DO UPDATE SET
 +    reason            = EXCLUDED.reason,
 +    verified          = EXCLUDED.verified,
 +    signer_user_id    = EXCLUDED.signer_user_id,
 +    signer_subkey_id  = EXCLUDED.signer_subkey_id,
 +    kind              = EXCLUDED.kind,
 +    signature_armored = EXCLUDED.signature_armored,
 +    payload           = EXCLUDED.payload,
 +    verified_at       = now(),
 +    invalidated_at    = NULL;
++
 +-- name: GetCommitVerification :one
 +-- Single-commit read. Used by the single-commit page renderer and the
 +-- REST commits/{sha} response. Returns no row when the commit hasn't
 +-- been verified yet; caller treats that as "compute on demand".
 +SELECT repo_id, commit_oid, reason, verified,
 +       signer_user_id, signer_subkey_id, kind,
 +       signature_armored, payload, verified_at, invalidated_at
 +FROM commit_verification_cache
 +WHERE repo_id = $1 AND commit_oid = $2;
++
 +-- name: GetCommitVerificationsForOIDs :many
 +-- Batch read for the commit-list page. Takes an array of OIDs and
 +-- returns existing rows; missing OIDs are absent from the result and
 +-- the renderer treats them as "not yet verified".
 +SELECT repo_id, commit_oid, reason, verified,
 +       signer_user_id, signer_subkey_id, kind,
 +       signature_armored, payload, verified_at, invalidated_at
 +FROM commit_verification_cache
 +WHERE repo_id = $1 AND commit_oid = ANY($2::text[]);
++
 +-- name: InvalidateVerificationsForSubkey :exec
 +-- Stamps invalidated_at on every cache row whose signer_subkey_id
 +-- matches. Called from the GPG-key soft-delete path in the same tx as
 +-- SoftDeleteSubkeysForGPGKey so the cache and the keyring stay in
 +-- sync. The next read of an invalidated row triggers a re-verify.
 +UPDATE commit_verification_cache
 +SET invalidated_at = now()
 +WHERE signer_subkey_id = $1 AND invalidated_at IS NULL;
++
 +-- name: DeleteCommitVerification :exec
 +-- Used by tests to reset cache state between cases. Not called from
 +-- production code paths.
 +DELETE FROM commit_verification_cache
 +WHERE repo_id = $1 AND commit_oid = $2;

internal/repos/sqlc/commit_verification_cache.sql.goadded

 +// Code generated by sqlc. DO NOT EDIT.
 +// versions:
 +//   sqlc v1.31.1
 +// source: commit_verification_cache.sql
++
 +package reposdb
++
 +import (
 +	"context"
++
 +	"github.com/jackc/pgx/v5/pgtype"
 +)
++
 +const deleteCommitVerification = `-- name: DeleteCommitVerification :exec
 +DELETE FROM commit_verification_cache
 +WHERE repo_id = $1 AND commit_oid = $2
 +`
++
 +type DeleteCommitVerificationParams struct {
 +	RepoID    int64
 +	CommitOid string
 +}
++
 +// Used by tests to reset cache state between cases. Not called from
 +// production code paths.
 +func (q *Queries) DeleteCommitVerification(ctx context.Context, db DBTX, arg DeleteCommitVerificationParams) error {
 +	_, err := db.Exec(ctx, deleteCommitVerification, arg.RepoID, arg.CommitOid)
 +	return err
 +}
++
 +const getCommitVerification = `-- name: GetCommitVerification :one
 +SELECT repo_id, commit_oid, reason, verified,
 +       signer_user_id, signer_subkey_id, kind,
 +       signature_armored, payload, verified_at, invalidated_at
 +FROM commit_verification_cache
 +WHERE repo_id = $1 AND commit_oid = $2
 +`
++
 +type GetCommitVerificationParams struct {
 +	RepoID    int64
 +	CommitOid string
 +}
++
 +// Single-commit read. Used by the single-commit page renderer and the
 +// REST commits/{sha} response. Returns no row when the commit hasn't
 +// been verified yet; caller treats that as "compute on demand".
 +func (q *Queries) GetCommitVerification(ctx context.Context, db DBTX, arg GetCommitVerificationParams) (CommitVerificationCache, error) {
 +	row := db.QueryRow(ctx, getCommitVerification, arg.RepoID, arg.CommitOid)
 +	var i CommitVerificationCache
 +	err := row.Scan(
 +		&i.RepoID,
 +		&i.CommitOid,
 +		&i.Reason,
 +		&i.Verified,
 +		&i.SignerUserID,
 +		&i.SignerSubkeyID,
 +		&i.Kind,
 +		&i.SignatureArmored,
 +		&i.Payload,
 +		&i.VerifiedAt,
 +		&i.InvalidatedAt,
 +	)
 +	return i, err
 +}
++
 +const getCommitVerificationsForOIDs = `-- name: GetCommitVerificationsForOIDs :many
 +SELECT repo_id, commit_oid, reason, verified,
 +       signer_user_id, signer_subkey_id, kind,
 +       signature_armored, payload, verified_at, invalidated_at
 +FROM commit_verification_cache
 +WHERE repo_id = $1 AND commit_oid = ANY($2::text[])
 +`
++
 +type GetCommitVerificationsForOIDsParams struct {
 +	RepoID  int64
 +	Column2 []string
 +}
++
 +// Batch read for the commit-list page. Takes an array of OIDs and
 +// returns existing rows; missing OIDs are absent from the result and
 +// the renderer treats them as "not yet verified".
 +func (q *Queries) GetCommitVerificationsForOIDs(ctx context.Context, db DBTX, arg GetCommitVerificationsForOIDsParams) ([]CommitVerificationCache, error) {
 +	rows, err := db.Query(ctx, getCommitVerificationsForOIDs, arg.RepoID, arg.Column2)
 +	if err != nil {
 +		return nil, err
 +	}
 +	defer rows.Close()
 +	items := []CommitVerificationCache{}
 +	for rows.Next() {
 +		var i CommitVerificationCache
 +		if err := rows.Scan(
 +			&i.RepoID,
 +			&i.CommitOid,
 +			&i.Reason,
 +			&i.Verified,
 +			&i.SignerUserID,
 +			&i.SignerSubkeyID,
 +			&i.Kind,
 +			&i.SignatureArmored,
 +			&i.Payload,
 +			&i.VerifiedAt,
 +			&i.InvalidatedAt,
 +		); err != nil {
 +			return nil, err
 +		}
 +		items = append(items, i)
 +	}
 +	if err := rows.Err(); err != nil {
 +		return nil, err
 +	}
 +	return items, nil
 +}
++
 +const invalidateVerificationsForSubkey = `-- name: InvalidateVerificationsForSubkey :exec
 +UPDATE commit_verification_cache
 +SET invalidated_at = now()
 +WHERE signer_subkey_id = $1 AND invalidated_at IS NULL
 +`
++
 +// Stamps invalidated_at on every cache row whose signer_subkey_id
 +// matches. Called from the GPG-key soft-delete path in the same tx as
 +// SoftDeleteSubkeysForGPGKey so the cache and the keyring stay in
 +// sync. The next read of an invalidated row triggers a re-verify.
 +func (q *Queries) InvalidateVerificationsForSubkey(ctx context.Context, db DBTX, signerSubkeyID pgtype.Int8) error {
 +	_, err := db.Exec(ctx, invalidateVerificationsForSubkey, signerSubkeyID)
 +	return err
 +}
++
 +const upsertCommitVerification = `-- name: UpsertCommitVerification :exec
++
 +INSERT INTO commit_verification_cache (
 +    repo_id, commit_oid, reason, verified,
 +    signer_user_id, signer_subkey_id, kind,
 +    signature_armored, payload, verified_at
 +)
 +VALUES (
 +    $1, $2, $3, $4,
 +    $5, $6, $7,
 +    $8, $9, now()
 +)
 +ON CONFLICT (repo_id, commit_oid) DO UPDATE SET
 +    reason            = EXCLUDED.reason,
 +    verified          = EXCLUDED.verified,
 +    signer_user_id    = EXCLUDED.signer_user_id,
 +    signer_subkey_id  = EXCLUDED.signer_subkey_id,
 +    kind              = EXCLUDED.kind,
 +    signature_armored = EXCLUDED.signature_armored,
 +    payload           = EXCLUDED.payload,
 +    verified_at       = now(),
 +    invalidated_at    = NULL
 +`
++
 +type UpsertCommitVerificationParams struct {
 +	RepoID           int64
 +	CommitOid        string
 +	Reason           string
 +	Verified         bool
 +	SignerUserID     pgtype.Int8
 +	SignerSubkeyID   pgtype.Int8
 +	Kind             string
 +	SignatureArmored pgtype.Text
 +	Payload          []byte
 +}
++
 +// SPDX-License-Identifier: AGPL-3.0-or-later
 +// Idempotent upsert. The verification orchestrator + backfill worker
 +// both write through this query; both can safely run concurrently
 +// against the same (repo_id, commit_oid) without losing data thanks
 +// to the (repo_id, commit_oid) primary key + ON CONFLICT clause.
 +func (q *Queries) UpsertCommitVerification(ctx context.Context, db DBTX, arg UpsertCommitVerificationParams) error {
 +	_, err := db.Exec(ctx, upsertCommitVerification,
 +		arg.RepoID,
 +		arg.CommitOid,
 +		arg.Reason,
 +		arg.Verified,
 +		arg.SignerUserID,
 +		arg.SignerSubkeyID,
 +		arg.Kind,
 +		arg.SignatureArmored,
 +		arg.Payload,
 +	)
 +	return err
 +}

internal/repos/sqlc/models.gomodified

  	Tsv     interface{}
+ }
 +type CommitVerificationCache struct {
 +	RepoID           int64
 +	CommitOid        string
 +	Reason           string
 +	Verified         bool
 +	SignerUserID     pgtype.Int8
 +	SignerSubkeyID   pgtype.Int8
 +	Kind             string
 +	SignatureArmored pgtype.Text
 +	Payload          []byte
 +	VerifiedAt       pgtype.Timestamptz
 +	InvalidatedAt    pgtype.Timestamptz
 +}
++
  type DeviceAuthorization struct {
  	ID              int64
  	DeviceCodeHash  []byte

internal/repos/sqlc/querier.gomodified

  	CreateRepo(ctx context.Context, db DBTX, arg CreateRepoParams) (Repo, error)
  	DeclineTransferRequest(ctx context.Context, db DBTX, id int64) error
  	DeleteBranchProtectionRule(ctx context.Context, db DBTX, id int64) error
 +	// Used by tests to reset cache state between cases. Not called from
 +	// production code paths.
 +	DeleteCommitVerification(ctx context.Context, db DBTX, arg DeleteCommitVerificationParams) error
  	DeleteProfilePinsForSet(ctx context.Context, db DBTX, setID int64) error
  	// Used by the rename compensator: drop a single redirect row when
  	// the rename has to be rolled back due to a filesystem failure. We
  	// offers past their expires_at to the expired terminal state.
  	ExpirePendingTransfers(ctx context.Context, db DBTX) (int64, error)
  	GetBranchProtectionRule(ctx context.Context, db DBTX, id int64) (BranchProtectionRule, error)
 +	// Single-commit read. Used by the single-commit page renderer and the
 +	// REST commits/{sha} response. Returns no row when the commit hasn't
 +	// been verified yet; caller treats that as "compute on demand".
 +	GetCommitVerification(ctx context.Context, db DBTX, arg GetCommitVerificationParams) (CommitVerificationCache, error)
 +	// Batch read for the commit-list page. Takes an array of OIDs and
 +	// returns existing rows; missing OIDs are absent from the result and
 +	// the renderer treats them as "not yet verified".
 +	GetCommitVerificationsForOIDs(ctx context.Context, db DBTX, arg GetCommitVerificationsForOIDsParams) ([]CommitVerificationCache, error)
  	GetProfilePinSetForOrg(ctx context.Context, db DBTX, ownerOrgID pgtype.Int8) (int64, error)
  	// ─── profile/org pinned repositories ───────────────────────────────
  	GetProfilePinSetForUser(ctx context.Context, db DBTX, ownerUserID pgtype.Int8) (int64, error)
  	InsertRepoTopic(ctx context.Context, db DBTX, arg InsertRepoTopicParams) error
  	// ─── transfer requests ─────────────────────────────────────────────────
  	InsertTransferRequest(ctx context.Context, db DBTX, arg InsertTransferRequestParams) (RepoTransferRequest, error)
 +	// Stamps invalidated_at on every cache row whose signer_subkey_id
 +	// matches. Called from the GPG-key soft-delete path in the same tx as
 +	// SoftDeleteSubkeysForGPGKey so the cache and the keyring stay in
 +	// sync. The next read of an invalidated row triggers a re-verify.
 +	InvalidateVerificationsForSubkey(ctx context.Context, db DBTX, signerSubkeyID pgtype.Int8) error
  	// Used by `shithubd hooks reinstall --all` to enumerate every active
  	// bare repo on disk and re-link its hooks.
  	ListAllRepoFullNames(ctx context.Context, db DBTX) ([]ListAllRepoFullNamesRow, error)
  	UpdateRepoGeneralSettings(ctx context.Context, db DBTX, arg UpdateRepoGeneralSettingsParams) error
  	UpdateRepoMergeSettings(ctx context.Context, db DBTX, arg UpdateRepoMergeSettingsParams) error
  	UpsertBranchProtectionRule(ctx context.Context, db DBTX, arg UpsertBranchProtectionRuleParams) (int64, error)
 +	// SPDX-License-Identifier: AGPL-3.0-or-later
 +	// Idempotent upsert. The verification orchestrator + backfill worker
 +	// both write through this query; both can safely run concurrently
 +	// against the same (repo_id, commit_oid) without losing data thanks
 +	// to the (repo_id, commit_oid) primary key + ON CONFLICT clause.
 +	UpsertCommitVerification(ctx context.Context, db DBTX, arg UpsertCommitVerificationParams) error
  	UpsertProfilePinSetForOrg(ctx context.Context, db DBTX, ownerOrgID pgtype.Int8) (int64, error)
  	UpsertProfilePinSetForUser(ctx context.Context, db DBTX, ownerUserID pgtype.Int8) (int64, error)
  	UpsertRepoSourceRemote(ctx context.Context, db DBTX, arg UpsertRepoSourceRemoteParams) (RepoSourceRemote, error)

internal/users/sqlc/models.gomodified

  	Tsv     interface{}
+ }
 +type CommitVerificationCache struct {
 +	RepoID           int64
 +	CommitOid        string
 +	Reason           string
 +	Verified         bool
 +	SignerUserID     pgtype.Int8
 +	SignerSubkeyID   pgtype.Int8
 +	Kind             string
 +	SignatureArmored pgtype.Text
 +	Payload          []byte
 +	VerifiedAt       pgtype.Timestamptz
 +	InvalidatedAt    pgtype.Timestamptz
 +}
++
  type DeviceAuthorization struct {
  	ID              int64
  	DeviceCodeHash  []byte

internal/webhook/sqlc/models.gomodified

  	Tsv     interface{}
+ }
 +type CommitVerificationCache struct {
 +	RepoID           int64
 +	CommitOid        string
 +	Reason           string
 +	Verified         bool
 +	SignerUserID     pgtype.Int8
 +	SignerSubkeyID   pgtype.Int8
 +	Kind             string
 +	SignatureArmored pgtype.Text
 +	Payload          []byte
 +	VerifiedAt       pgtype.Timestamptz
 +	InvalidatedAt    pgtype.Timestamptz
 +}
++
  type DeviceAuthorization struct {
  	ID              int64
  	DeviceCodeHash  []byte

internal/worker/sqlc/models.gomodified

  	Tsv     interface{}
+ }
 +type CommitVerificationCache struct {
 +	RepoID           int64
 +	CommitOid        string
 +	Reason           string
 +	Verified         bool
 +	SignerUserID     pgtype.Int8
 +	SignerSubkeyID   pgtype.Int8
 +	Kind             string
 +	SignatureArmored pgtype.Text
 +	Payload          []byte
 +	VerifiedAt       pgtype.Timestamptz
 +	InvalidatedAt    pgtype.Timestamptz
 +}
++
  type DeviceAuthorization struct {
  	ID              int64
  	DeviceCodeHash  []byte