`82fbbcf`

users/ssh-keys: add kind column (authentication|signing) + kind-filtered queries

Authored by mfwolffe <wolffemf@dukes.jmu.edu> yesterday

SHA: 82fbbcf063ccf0e4c533712e8d25cabc8051aa7d
Parents: 080c421
Tree: 94cbc43

6 changed files

Status	File	+	-
A	`internal/migrationsfs/migrations/0062_user_ssh_keys_kind.sql`	26	0
M	`internal/users/queries/user_ssh_keys.sql`	27	5
M	`internal/users/sqlc/models.go`	1	0
M	`internal/users/sqlc/querier.go`	8	0
M	`internal/users/sqlc/user_ssh_keys.sql.go`	115	5
M	`internal/web/handlers/auth/sshkeys.go`	1	0

internal/migrationsfs/migrations/0062_user_ssh_keys_kind.sqladded

 +-- SPDX-License-Identifier: AGPL-3.0-or-later
 +--
 +-- Add a `kind` discriminator to user_ssh_keys so callers can register
 +-- a key for git authentication (authorized-keys lookup) or for git
 +-- commit signing without conflating the two intents.
 +--
 +-- Pre-existing rows are git-auth keys (the only kind shithub recognised
 +-- through S07-S16); we backfill `authentication` and let the check
 +-- constraint enforce the closed set going forward.
 +--
 +-- The /api/v1/user/keys REST surface (S50 §1) returns rows filtered to
 +-- `authentication` by default to mirror GitHub's /user/keys shape; the
 +-- signing surface lands behind /user/ssh_signing_keys when a CLI sprint
 +-- consumes it.
++
 +-- +goose Up
 +ALTER TABLE user_ssh_keys
 +    ADD COLUMN kind text NOT NULL DEFAULT 'authentication'
 +    CHECK (kind IN ('authentication', 'signing'));
++
 +CREATE INDEX user_ssh_keys_user_id_kind_idx
 +    ON user_ssh_keys (user_id, kind, created_at DESC);
++
 +-- +goose Down
 +DROP INDEX IF EXISTS user_ssh_keys_user_id_kind_idx;
 +ALTER TABLE user_ssh_keys DROP COLUMN IF EXISTS kind;

internal/users/queries/user_ssh_keys.sqlmodified

  -- SPDX-License-Identifier: AGPL-3.0-or-later
  -- name: InsertUserSSHKey :one
 -INSERT INTO user_ssh_keys (user_id, title, fingerprint_sha256, key_type, key_bits, public_key)
 -VALUES ($1, $2, $3, $4, $5, $6)
 +INSERT INTO user_ssh_keys (user_id, title, fingerprint_sha256, key_type, key_bits, public_key, kind)
 +VALUES ($1, $2, $3, $4, $5, $6, $7)
  RETURNING id, user_id, title, fingerprint_sha256, key_type, key_bits, public_key,
 -          last_used_at, last_used_ip, created_at;
 +          last_used_at, last_used_ip, created_at, kind;
  -- name: ListUserSSHKeys :many
  SELECT id, user_id, title, fingerprint_sha256, key_type, key_bits, public_key,
 -       last_used_at, last_used_ip, created_at
 +       last_used_at, last_used_ip, created_at, kind
  FROM user_ssh_keys
  WHERE user_id = $1
  ORDER BY created_at DESC;
 +-- name: ListUserSSHKeysByKind :many
 +-- Paginated kind-filtered list used by the REST surface. Order matches
 +-- ListUserSSHKeys so callers can swap between them without observing a
 +-- reshuffle.
 +SELECT id, user_id, title, fingerprint_sha256, key_type, key_bits, public_key,
 +       last_used_at, last_used_ip, created_at, kind
 +FROM user_ssh_keys
 +WHERE user_id = $1 AND kind = $2
 +ORDER BY created_at DESC
 +LIMIT $3 OFFSET $4;
++
 +-- name: CountUserSSHKeysByKind :one
 +SELECT count(*) FROM user_ssh_keys WHERE user_id = $1 AND kind = $2;
++
  -- name: CountUserSSHKeys :one
  SELECT count(*) FROM user_ssh_keys WHERE user_id = $1;
  -- handler can never delete keys it doesn't own.
  DELETE FROM user_ssh_keys WHERE id = $1 AND user_id = $2;
 +-- name: GetUserSSHKey :one
 +-- Single-key lookup for the REST GET-by-id endpoint. user_id filter so
 +-- one caller can't read another's key by ID.
 +SELECT id, user_id, title, fingerprint_sha256, key_type, key_bits, public_key,
 +       last_used_at, last_used_ip, created_at, kind
 +FROM user_ssh_keys
 +WHERE id = $1 AND user_id = $2;
++
  -- name: GetUserSSHKeyByFingerprint :one
  -- Hot path for sshd's AuthorizedKeysCommand. Index lookup via the UNIQUE
  -- index on fingerprint_sha256.
  SELECT id, user_id, title, fingerprint_sha256, key_type, key_bits, public_key,
 -       last_used_at, last_used_ip, created_at
 +       last_used_at, last_used_ip, created_at, kind
  FROM user_ssh_keys
  WHERE fingerprint_sha256 = $1;

internal/users/sqlc/models.gomodified

  	LastUsedAt        pgtype.Timestamptz
  	LastUsedIp        *netip.Addr
  	CreatedAt         pgtype.Timestamptz
 +	Kind              string
+ }
  type UserToken struct {

internal/users/sqlc/querier.gomodified

  	CountRecentUsernameChanges(ctx context.Context, db DBTX, arg CountRecentUsernameChangesParams) (int64, error)
  	CountUnusedRecoveryCodes(ctx context.Context, db DBTX, userID int64) (int64, error)
  	CountUserSSHKeys(ctx context.Context, db DBTX, userID int64) (int64, error)
 +	CountUserSSHKeysByKind(ctx context.Context, db DBTX, arg CountUserSSHKeysByKindParams) (int64, error)
  	CountUsers(ctx context.Context, db DBTX) (int64, error)
  	CountVerifiedUserEmails(ctx context.Context, db DBTX, userID int64) (int64, error)
  	// SPDX-License-Identifier: AGPL-3.0-or-later
  	GetUserEmailByVerificationHash(ctx context.Context, db DBTX, verificationTokenHash []byte) (UserEmail, error)
  	// Like GetUserByID but returns the row even when deleted_at IS NOT NULL.
  	GetUserIncludingDeleted(ctx context.Context, db DBTX, id int64) (User, error)
 +	// Single-key lookup for the REST GET-by-id endpoint. user_id filter so
 +	// one caller can't read another's key by ID.
 +	GetUserSSHKey(ctx context.Context, db DBTX, arg GetUserSSHKeyParams) (UserSshKey, error)
  	// Hot path for sshd's AuthorizedKeysCommand. Index lookup via the UNIQUE
  	// index on fingerprint_sha256.
  	GetUserSSHKeyByFingerprint(ctx context.Context, db DBTX, fingerprintSha256 string) (UserSshKey, error)
  	// SPDX-License-Identifier: AGPL-3.0-or-later
  	ListUserNotificationPrefs(ctx context.Context, db DBTX, userID int64) ([]UserNotificationPref, error)
  	ListUserSSHKeys(ctx context.Context, db DBTX, userID int64) ([]UserSshKey, error)
 +	// Paginated kind-filtered list used by the REST surface. Order matches
 +	// ListUserSSHKeys so callers can swap between them without observing a
 +	// reshuffle.
 +	ListUserSSHKeysByKind(ctx context.Context, db DBTX, arg ListUserSSHKeysByKindParams) ([]UserSshKey, error)
  	ListUserTokens(ctx context.Context, db DBTX, userID int64) ([]UserToken, error)
  	// SPDX-License-Identifier: AGPL-3.0-or-later
  	// Resolve an old username to the current username via the user_id FK.

internal/users/sqlc/user_ssh_keys.sql.gomodified

  	return count, err
+ }
 +const countUserSSHKeysByKind = `-- name: CountUserSSHKeysByKind :one
 +SELECT count(*) FROM user_ssh_keys WHERE user_id = $1 AND kind = $2
 +`
++
 +type CountUserSSHKeysByKindParams struct {
 +	UserID int64
 +	Kind   string
 +}
++
 +func (q *Queries) CountUserSSHKeysByKind(ctx context.Context, db DBTX, arg CountUserSSHKeysByKindParams) (int64, error) {
 +	row := db.QueryRow(ctx, countUserSSHKeysByKind, arg.UserID, arg.Kind)
 +	var count int64
 +	err := row.Scan(&count)
 +	return count, err
 +}
++
  const deleteUserSSHKey = `-- name: DeleteUserSSHKey :execrows
  DELETE FROM user_ssh_keys WHERE id = $1 AND user_id = $2
+ `
  	return result.RowsAffected(), nil
+ }
 +const getUserSSHKey = `-- name: GetUserSSHKey :one
 +SELECT id, user_id, title, fingerprint_sha256, key_type, key_bits, public_key,
 +       last_used_at, last_used_ip, created_at, kind
 +FROM user_ssh_keys
 +WHERE id = $1 AND user_id = $2
 +`
++
 +type GetUserSSHKeyParams struct {
 +	ID     int64
 +	UserID int64
 +}
++
 +// Single-key lookup for the REST GET-by-id endpoint. user_id filter so
 +// one caller can't read another's key by ID.
 +func (q *Queries) GetUserSSHKey(ctx context.Context, db DBTX, arg GetUserSSHKeyParams) (UserSshKey, error) {
 +	row := db.QueryRow(ctx, getUserSSHKey, arg.ID, arg.UserID)
 +	var i UserSshKey
 +	err := row.Scan(
 +		&i.ID,
 +		&i.UserID,
 +		&i.Title,
 +		&i.FingerprintSha256,
 +		&i.KeyType,
 +		&i.KeyBits,
 +		&i.PublicKey,
 +		&i.LastUsedAt,
 +		&i.LastUsedIp,
 +		&i.CreatedAt,
 +		&i.Kind,
 +	)
 +	return i, err
 +}
++
  const getUserSSHKeyByFingerprint = `-- name: GetUserSSHKeyByFingerprint :one
  SELECT id, user_id, title, fingerprint_sha256, key_type, key_bits, public_key,
 -       last_used_at, last_used_ip, created_at
 +       last_used_at, last_used_ip, created_at, kind
  FROM user_ssh_keys
  WHERE fingerprint_sha256 = $1
+ `
  		&i.LastUsedAt,
  		&i.LastUsedIp,
  		&i.CreatedAt,
 +		&i.Kind,
+ 	)
  	return i, err
+ }
  const insertUserSSHKey = `-- name: InsertUserSSHKey :one
 -INSERT INTO user_ssh_keys (user_id, title, fingerprint_sha256, key_type, key_bits, public_key)
 -VALUES ($1, $2, $3, $4, $5, $6)
 +INSERT INTO user_ssh_keys (user_id, title, fingerprint_sha256, key_type, key_bits, public_key, kind)
 +VALUES ($1, $2, $3, $4, $5, $6, $7)
  RETURNING id, user_id, title, fingerprint_sha256, key_type, key_bits, public_key,
 -          last_used_at, last_used_ip, created_at
 +          last_used_at, last_used_ip, created_at, kind
+ `
  type InsertUserSSHKeyParams struct {
  	KeyType           string
  	KeyBits           int32
  	PublicKey         string
 +	Kind              string
+ }
  // SPDX-License-Identifier: AGPL-3.0-or-later
  		arg.KeyType,
  		arg.KeyBits,
  		arg.PublicKey,
 +		arg.Kind,
+ 	)
  	var i UserSshKey
  	err := row.Scan(
  		&i.LastUsedAt,
  		&i.LastUsedIp,
  		&i.CreatedAt,
 +		&i.Kind,
+ 	)
  	return i, err
+ }
  const listUserSSHKeys = `-- name: ListUserSSHKeys :many
  SELECT id, user_id, title, fingerprint_sha256, key_type, key_bits, public_key,
 -       last_used_at, last_used_ip, created_at
 +       last_used_at, last_used_ip, created_at, kind
  FROM user_ssh_keys
  WHERE user_id = $1
  ORDER BY created_at DESC
  			&i.LastUsedAt,
  			&i.LastUsedIp,
  			&i.CreatedAt,
 +			&i.Kind,
 +		); err != nil {
 +			return nil, err
 +		}
 +		items = append(items, i)
 +	}
 +	if err := rows.Err(); err != nil {
 +		return nil, err
 +	}
 +	return items, nil
 +}
++
 +const listUserSSHKeysByKind = `-- name: ListUserSSHKeysByKind :many
 +SELECT id, user_id, title, fingerprint_sha256, key_type, key_bits, public_key,
 +       last_used_at, last_used_ip, created_at, kind
 +FROM user_ssh_keys
 +WHERE user_id = $1 AND kind = $2
 +ORDER BY created_at DESC
 +LIMIT $3 OFFSET $4
 +`
++
 +type ListUserSSHKeysByKindParams struct {
 +	UserID int64
 +	Kind   string
 +	Limit  int32
 +	Offset int32
 +}
++
 +// Paginated kind-filtered list used by the REST surface. Order matches
 +// ListUserSSHKeys so callers can swap between them without observing a
 +// reshuffle.
 +func (q *Queries) ListUserSSHKeysByKind(ctx context.Context, db DBTX, arg ListUserSSHKeysByKindParams) ([]UserSshKey, error) {
 +	rows, err := db.Query(ctx, listUserSSHKeysByKind,
 +		arg.UserID,
 +		arg.Kind,
 +		arg.Limit,
 +		arg.Offset,
 +	)
 +	if err != nil {
 +		return nil, err
 +	}
 +	defer rows.Close()
 +	items := []UserSshKey{}
 +	for rows.Next() {
 +		var i UserSshKey
 +		if err := rows.Scan(
 +			&i.ID,
 +			&i.UserID,
 +			&i.Title,
 +			&i.FingerprintSha256,
 +			&i.KeyType,
 +			&i.KeyBits,
 +			&i.PublicKey,
 +			&i.LastUsedAt,
 +			&i.LastUsedIp,
 +			&i.CreatedAt,
 +			&i.Kind,
  		); err != nil {
  			return nil, err
+ 		}

internal/web/handlers/auth/sshkeys.gomodified

  		KeyType:           parsed.Type,
  		KeyBits:           int32(parsed.Bits), //nolint:gosec // bits ≤ 8192 in practice; bounded.
  		PublicKey:         parsed.PublicKey,
 +		Kind:              "authentication",
  	}); err != nil {
  		if isPGUniqueViolation(err) {
  			h.renderSSHKeysList(w, r,