b0a0cc3
b0a0cc3e29f85dc7038f55294dd7a1ebae267ed23168964
977aac2| Status | File | + | - |
|---|---|---|---|
| M |
internal/users/queries/user_gpg_keys.sql
|
5 | 2 |
| M |
internal/users/sqlc/querier.go
|
4 | 1 |
| M |
internal/users/sqlc/user_gpg_keys.sql.go
|
5 | 2 |
internal/users/queries/user_gpg_keys.sqlmodified@@ -39,13 +39,16 @@ SELECT count(*) FROM user_gpg_keys WHERE user_id = $1 AND revoked_at IS NULL; | |||
| 39 | -- name: GetUserGPGKey :one | 39 | -- name: GetUserGPGKey :one |
| 40 | -- Scoped single-key lookup for REST GET-by-id. user_id filter prevents | 40 | -- Scoped single-key lookup for REST GET-by-id. user_id filter prevents |
| 41 | -- cross-user reads (existence-leak-safe: returns no row if the id | 41 | -- cross-user reads (existence-leak-safe: returns no row if the id |
| 42 | --- belongs to another user). | 42 | +-- belongs to another user). Excludes soft-deleted rows so the public |
| 43 | +-- surface mirrors a hard delete from the consumer's perspective; | ||
| 44 | +-- verification (which needs historical attribution) uses | ||
| 45 | +-- GetUserGPGKeyForVerification which has no revoked filter. | ||
| 43 | SELECT id, user_id, name, fingerprint, key_id, armored, | 46 | SELECT id, user_id, name, fingerprint, key_id, armored, |
| 44 | can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, can_authenticate, | 47 | can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, can_authenticate, |
| 45 | uids, subkeys, primary_algo, | 48 | uids, subkeys, primary_algo, |
| 46 | created_at, last_used_at, revoked_at, expires_at | 49 | created_at, last_used_at, revoked_at, expires_at |
| 47 | FROM user_gpg_keys | 50 | FROM user_gpg_keys |
| 48 | -WHERE id = $1 AND user_id = $2; | 51 | +WHERE id = $1 AND user_id = $2 AND revoked_at IS NULL; |
| 49 | 52 | ||
| 50 | -- name: GetUserGPGKeyForVerification :one | 53 | -- name: GetUserGPGKeyForVerification :one |
| 51 | -- Non-user-scoped lookup used by the verification path. Unlike | 54 | -- Non-user-scoped lookup used by the verification path. Unlike |
internal/users/sqlc/querier.gomodified@@ -85,7 +85,10 @@ type Querier interface { | |||
| 85 | GetUserEmailByVerificationHash(ctx context.Context, db DBTX, verificationTokenHash []byte) (UserEmail, error) | 85 | GetUserEmailByVerificationHash(ctx context.Context, db DBTX, verificationTokenHash []byte) (UserEmail, error) |
| 86 | // Scoped single-key lookup for REST GET-by-id. user_id filter prevents | 86 | // Scoped single-key lookup for REST GET-by-id. user_id filter prevents |
| 87 | // cross-user reads (existence-leak-safe: returns no row if the id | 87 | // cross-user reads (existence-leak-safe: returns no row if the id |
| 88 | - // belongs to another user). | 88 | + // belongs to another user). Excludes soft-deleted rows so the public |
| 89 | + // surface mirrors a hard delete from the consumer's perspective; | ||
| 90 | + // verification (which needs historical attribution) uses | ||
| 91 | + // GetUserGPGKeyForVerification which has no revoked filter. | ||
| 89 | GetUserGPGKey(ctx context.Context, db DBTX, arg GetUserGPGKeyParams) (UserGpgKey, error) | 92 | GetUserGPGKey(ctx context.Context, db DBTX, arg GetUserGPGKeyParams) (UserGpgKey, error) |
| 90 | // Uniqueness probe used by the add path to surface a friendly | 93 | // Uniqueness probe used by the add path to surface a friendly |
| 91 | // "this key is already registered" error before the unique index | 94 | // "this key is already registered" error before the unique index |
internal/users/sqlc/user_gpg_keys.sql.gomodified@@ -29,7 +29,7 @@ SELECT id, user_id, name, fingerprint, key_id, armored, | |||
| 29 | uids, subkeys, primary_algo, | 29 | uids, subkeys, primary_algo, |
| 30 | created_at, last_used_at, revoked_at, expires_at | 30 | created_at, last_used_at, revoked_at, expires_at |
| 31 | FROM user_gpg_keys | 31 | FROM user_gpg_keys |
| 32 | -WHERE id = $1 AND user_id = $2 | 32 | +WHERE id = $1 AND user_id = $2 AND revoked_at IS NULL |
| 33 | ` | 33 | ` |
| 34 | 34 | ||
| 35 | type GetUserGPGKeyParams struct { | 35 | type GetUserGPGKeyParams struct { |
@@ -39,7 +39,10 @@ type GetUserGPGKeyParams struct { | |||
| 39 | 39 | ||
| 40 | // Scoped single-key lookup for REST GET-by-id. user_id filter prevents | 40 | // Scoped single-key lookup for REST GET-by-id. user_id filter prevents |
| 41 | // cross-user reads (existence-leak-safe: returns no row if the id | 41 | // cross-user reads (existence-leak-safe: returns no row if the id |
| 42 | -// belongs to another user). | 42 | +// belongs to another user). Excludes soft-deleted rows so the public |
| 43 | +// surface mirrors a hard delete from the consumer's perspective; | ||
| 44 | +// verification (which needs historical attribution) uses | ||
| 45 | +// GetUserGPGKeyForVerification which has no revoked filter. | ||
| 43 | func (q *Queries) GetUserGPGKey(ctx context.Context, db DBTX, arg GetUserGPGKeyParams) (UserGpgKey, error) { | 46 | func (q *Queries) GetUserGPGKey(ctx context.Context, db DBTX, arg GetUserGPGKeyParams) (UserGpgKey, error) { |
| 44 | row := db.QueryRow(ctx, getUserGPGKey, arg.ID, arg.UserID) | 47 | row := db.QueryRow(ctx, getUserGPGKey, arg.ID, arg.UserID) |
| 45 | var i UserGpgKey | 48 | var i UserGpgKey |