b0a0cc3
b0a0cc3e29f85dc7038f55294dd7a1ebae267ed23168964
977aac2| Status | File | + | - |
|---|---|---|---|
| M |
internal/users/queries/user_gpg_keys.sql
|
5 | 2 |
| M |
internal/users/sqlc/querier.go
|
4 | 1 |
| M |
internal/users/sqlc/user_gpg_keys.sql.go
|
5 | 2 |
internal/users/queries/user_gpg_keys.sqlmodified@@ -39,13 +39,16 @@ SELECT count(*) FROM user_gpg_keys WHERE user_id = $1 AND revoked_at IS NULL; | ||
| 39 | 39 | -- name: GetUserGPGKey :one |
| 40 | 40 | -- Scoped single-key lookup for REST GET-by-id. user_id filter prevents |
| 41 | 41 | -- cross-user reads (existence-leak-safe: returns no row if the id |
| 42 | --- belongs to another user). | |
| 42 | +-- belongs to another user). Excludes soft-deleted rows so the public | |
| 43 | +-- surface mirrors a hard delete from the consumer's perspective; | |
| 44 | +-- verification (which needs historical attribution) uses | |
| 45 | +-- GetUserGPGKeyForVerification which has no revoked filter. | |
| 43 | 46 | SELECT id, user_id, name, fingerprint, key_id, armored, |
| 44 | 47 | can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, can_authenticate, |
| 45 | 48 | uids, subkeys, primary_algo, |
| 46 | 49 | created_at, last_used_at, revoked_at, expires_at |
| 47 | 50 | FROM user_gpg_keys |
| 48 | -WHERE id = $1 AND user_id = $2; | |
| 51 | +WHERE id = $1 AND user_id = $2 AND revoked_at IS NULL; | |
| 49 | 52 | |
| 50 | 53 | -- name: GetUserGPGKeyForVerification :one |
| 51 | 54 | -- Non-user-scoped lookup used by the verification path. Unlike |
internal/users/sqlc/querier.gomodified@@ -85,7 +85,10 @@ type Querier interface { | ||
| 85 | 85 | GetUserEmailByVerificationHash(ctx context.Context, db DBTX, verificationTokenHash []byte) (UserEmail, error) |
| 86 | 86 | // Scoped single-key lookup for REST GET-by-id. user_id filter prevents |
| 87 | 87 | // cross-user reads (existence-leak-safe: returns no row if the id |
| 88 | - // belongs to another user). | |
| 88 | + // belongs to another user). Excludes soft-deleted rows so the public | |
| 89 | + // surface mirrors a hard delete from the consumer's perspective; | |
| 90 | + // verification (which needs historical attribution) uses | |
| 91 | + // GetUserGPGKeyForVerification which has no revoked filter. | |
| 89 | 92 | GetUserGPGKey(ctx context.Context, db DBTX, arg GetUserGPGKeyParams) (UserGpgKey, error) |
| 90 | 93 | // Uniqueness probe used by the add path to surface a friendly |
| 91 | 94 | // "this key is already registered" error before the unique index |
internal/users/sqlc/user_gpg_keys.sql.gomodified@@ -29,7 +29,7 @@ SELECT id, user_id, name, fingerprint, key_id, armored, | ||
| 29 | 29 | uids, subkeys, primary_algo, |
| 30 | 30 | created_at, last_used_at, revoked_at, expires_at |
| 31 | 31 | FROM user_gpg_keys |
| 32 | -WHERE id = $1 AND user_id = $2 | |
| 32 | +WHERE id = $1 AND user_id = $2 AND revoked_at IS NULL | |
| 33 | 33 | ` |
| 34 | 34 | |
| 35 | 35 | type GetUserGPGKeyParams struct { |
@@ -39,7 +39,10 @@ type GetUserGPGKeyParams struct { | ||
| 39 | 39 | |
| 40 | 40 | // Scoped single-key lookup for REST GET-by-id. user_id filter prevents |
| 41 | 41 | // cross-user reads (existence-leak-safe: returns no row if the id |
| 42 | -// belongs to another user). | |
| 42 | +// belongs to another user). Excludes soft-deleted rows so the public | |
| 43 | +// surface mirrors a hard delete from the consumer's perspective; | |
| 44 | +// verification (which needs historical attribution) uses | |
| 45 | +// GetUserGPGKeyForVerification which has no revoked filter. | |
| 43 | 46 | func (q *Queries) GetUserGPGKey(ctx context.Context, db DBTX, arg GetUserGPGKeyParams) (UserGpgKey, error) { |
| 44 | 47 | row := db.QueryRow(ctx, getUserGPGKey, arg.ID, arg.UserID) |
| 45 | 48 | var i UserGpgKey |