`85f1131`

Add PAT audit actions, reserve 'tokens' segment, add Session.Recent2FAAt for recent-auth gate

Authored by mfwolffe <wolffemf@dukes.jmu.edu> 6 days ago

Status	File	+
M	`internal/auth/audit/audit.go`	2
M	`internal/auth/reserved.go`	1
M	`internal/auth/session/session.go`	1
M	`internal/meta/sqlc/models.go`	14

internal/auth/audit/audit.gomodified

  	ActionAccountSuspended     Action = "account_suspended"
  	ActionSSHKeyAdded          Action = "ssh_key_added"
  	ActionSSHKeyDeleted        Action = "ssh_key_deleted"
 +	ActionPATCreated           Action = "pat_created"
 +	ActionPATRevoked           Action = "pat_revoked"
+ )
  // Target is a typed target-type constant.

internal/auth/reserved.gomodified

  	"public":        {},
  	"private":       {},
  	"keys":          {},
 +	"tokens":        {},
  	"shithub":       {},
  	"shithubd":      {},
  	"shithubbot":    {},

internal/auth/session/session.gomodified

  type Session struct {
  	UserID       int64             `json:"uid,omitempty"`
  	Pre2FAUserID int64             `json:"p2,omitempty"` // set after password OK, before TOTP step
 +	Recent2FAAt  int64             `json:"r2,omitempty"` // unix-seconds of last successful 2FA challenge
  	CSRFToken    string            `json:"csrf,omitempty"`
  	Theme        string            `json:"theme,omitempty"`
  	Flashes      []string          `json:"flashes,omitempty"`

internal/meta/sqlc/models.gomodified

  	CreatedAt         pgtype.Timestamptz
+ }
 +type UserToken struct {
 +	ID          int64
 +	UserID      int64
 +	Name        string
 +	TokenHash   []byte
 +	TokenPrefix string
 +	Scopes      []string
 +	ExpiresAt   pgtype.Timestamptz
 +	LastUsedAt  pgtype.Timestamptz
 +	LastUsedIp  *netip.Addr
 +	RevokedAt   pgtype.Timestamptz
 +	CreatedAt   pgtype.Timestamptz
 +}
++
  type UserTotp struct {
  	ID              int64
  	UserID          int64